Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
136	2024-06-16 09:58	sc.exe 1c7ce77089b1bc88099485ff0c30a928 Malicious Packer Malicious Library UPX PE64 PE File					0.6	M		ZeroCERT

137	2024-06-15 08:30	amadka.exe 5a12fd39ea2482c5ef29e1ca1fe5c083 Amadey Gen1 RedLine stealer RedlineStealer Lumma Stealer Generic Malware Themida Packer Malicious Library UPX Downloader Malicious Packer Antivirus .NET framework(MSIL) ScreenShot Http API PWS Code injection Anti_VM AntiDebug AntiVM PE File PE32 P Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Cryptocurrency Miner Malware powershell Microsoft AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Detects VMWare powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs suspicious TLD WriteConsoleW VMware anti-virtualization IP Check human activity check installed browsers check Tofsee Stealer Windows Exploit Browser RisePro ComputerName DNS Cryptographic key Software crashed Downloader CoinMiner	12 Keyword trend analysis Info http://185.172.128.19/b2c2c1.exe http://185.172.128.19/NewKindR.exe http://185.172.128.19/ghsdh39s/index.php - rule_id: 38300 http://77.91.77.81/Kiru9gu/index.php - rule_id: 40037 http://147.45.47.155/ku4Nor9/index.php http://185.172.128.19/FirstZ.exe - rule_id: 39930 http://apps.identrust.com/roots/dstrootcax3.p7c http://77.91.77.81/lend/setup222.exe http://x1.i.lencr.org/ http://77.91.77.81/lend/servoces64.exe https://d1i94yju6i4l9g.cloudfront.net/setup.exe https://db-ip.com/demo/home.php?s=175.208.134.152	24 Info xmr-eu1.nanopool.org(146.59.154.106) - mailcious db-ip.com(104.26.4.15) kmsandallapp.ru(31.31.198.35) - mailcious d1i94yju6i4l9g.cloudfront.net(18.244.65.58) ipinfo.io(34.117.186.192) x1.i.lencr.org(23.52.33.11) pastebin.com(104.20.3.235) - mailcious boredombusters.online(104.21.44.95) zeph-eu2.nanopool.org(163.172.171.111) - mailcious 182.162.106.33 - malware 51.15.89.13 147.45.47.126 - mailcious 163.172.154.142 - mailcious 18.244.65.161 185.172.128.19 - mailcious 23.41.113.9 172.67.198.131 34.117.186.192 147.45.47.155 - malware 77.91.77.81 - mailcious 31.31.198.35 - mailcious 104.26.5.15 172.67.19.24 - mailcious 185.215.113.67 - mailcious	22 Info ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner)	3	28.4	M		ZeroCERT

138	2024-06-15 08:26	installer2.exe 5aece647826a6f39a8bb8b17cd4186d6 PE64 PE File DNS		4	1		2.2			ZeroCERT

139	2024-06-15 08:22	help.scr 5315d928cff19507f66d59b174280e8a Emotet Generic Malware Malicious Packer Malicious Library UPX Antivirus PE File PE32 OS Processor Check DLL PE64 ftp Cryptocurrency Miner Malware Cryptocurrency Traffic Potential Scan AutoRuns suspicious privilege Malicious Traffic Check memory buffers extracted WMI Creates executable files unpack itself Windows utilities Auto service suspicious process WriteConsoleW Windows Exploit ComputerName Remote Code Execution	2 Keyword trend analysis	3	4		8.6	M		ZeroCERT

140	2024-06-15 08:21	4.exe 24981658666a4f40f07f37bfb48d1372 Malicious Library UPX PE File PE32 OS Processor Check AutoRuns Windows DNS		2	1		3.4	M		ZeroCERT

141	2024-06-15 08:19	test.exe 71687e0babe1e0575c7471b0e696e9d3 UPX PE64 PE File Traffic Potential Scan suspicious privilege Windows utilities WriteConsoleW Windows Exploit DNS		1	3		4.6			ZeroCERT

142	2024-06-14 19:20	ade4f437.exe b6a77e293a158f046f39ab50f276ef9f Malicious Packer Malicious Library UPX PE File PE32 Malware buffers extracted ICMP traffic WriteConsoleW Windows DNS		722 Info zstupu.power-peak.com.cn(49.7.60.22) www.campusvirtual.neotedi.edu.bo() cpcalendars.page-naver688.com() sale.joinye.com(60.190.234.151) sas-ir.com(68.178.165.202) cpcontacts.lucky88vip.com(103.145.62.222) smtp.novusthailand.com(118.174.23.90) wbsubdomain.a.bb.ccc.dddd.mantle.dlt-tech.com(139.196.144.53) amharaocaca.gov.et() cpanel.pcsmart.site() ww.npage-naver0723.com() mails.rwjansen.com(219.88.70.10) mail.yatesfamilyartisans.com() www.qgiscentral.com(190.111.30.52) mail.vm67.com(103.85.226.45) www.salimsali-mall.com() cpcontacts.page-naver615.com() cpcontacts.huidesuye.com(82.156.18.143) what.website.cursos.neotedi.edu.bo() panel.plebeianmc.com() nsotiensv.click(103.116.52.244) hqrjswd.ndbykglhmcyuqh.amkeuvwl.fun() tawatur-einv.com(38.54.114.104) collaborate.scaledagile.com(18.190.140.7) ns1.sinaibg.com(37.143.207.223) hmsliaison.hotelchristopher.com(90.82.50.115) helpdesk.pittrace.com(24.101.151.68) jzewvmcdn.33song.com(218.244.156.233) what.website.xn--fastighetsvrme-gib.nu(194.14.207.177) smtp.radafi.pl(83.0.116.139) fgtivolhk.amkeuvwl.fun() www.rriveram.com(201.206.158.237) server5.33song.com(218.244.156.233) acevcajwqhun.fwphysyclim.pbyqwddi.fun() rhtny.com(39.108.71.105) www14.duzui360.com(114.55.170.8) webdisk.mappzi.com(190.111.30.52) wbsubdomain.a.bb.ccc.dddd.pcsmart.site() mail.wellness360pro.com(172.67.156.76) jvuslgpamnhl.bstdgvtb.fun() ct.PHP-CGI.COM(43.155.10.234) en.dowpol.com(103.24.119.233) webdisk.sms-murah.com(23.106.122.175) dddd.www.navra.org(13.90.224.212) mail.littlegemscakes.com() app.npage-naver625.com() 49.7.60.22 121.101.130.150 174.138.17.231 36.90.153.102 189.177.181.0 87.26.88.136 65.132.44.131 180.242.188.142 118.173.247.33 38.9.117.83 50.16.234.185 62.3.14.112 144.86.40.137 47.96.186.135 36.92.143.55 91.14.89.137 36.37.84.210 121.123.72.47 105.154.186.114 202.186.65.234 197.255.161.18 60.53.1.62 5.183.171.153 18.230.206.237 35.213.114.107 31.25.135.75 74.117.58.250 175.107.239.0 60.246.217.247 23.106.122.175 103.164.98.205 49.48.69.125 189.139.150.180 187.155.52.135 1.52.245.253 147.189.174.16 201.119.189.71 186.48.163.147 113.211.54.54 5.57.39.252 68.178.165.202 8.215.31.219 103.127.169.42 36.65.198.217 41.63.27.17 109.250.51.88 113.11.120.202 36.90.6.209 151.196.48.165 202.92.144.27 36.89.237.10 130.164.167.43 199.87.210.195 31.6.1.104 83.118.89.164 213.226.117.12 13.90.224.212 54.243.89.72 36.84.144.226 37.143.207.223 223.206.36.114 42.119.31.241 179.253.188.113 219.92.42.130 103.184.181.38 182.53.129.11 87.126.253.224 113.211.54.25 36.90.21.111 171.101.123.157 45.136.4.169 60.50.80.19 60.190.234.151 113.211.54.134 87.123.176.173 54.255.196.19 36.95.107.163 123.19.207.137 171.6.161.151 64.227.153.151 185.249.202.230 171.101.123.234 125.166.52.109 161.97.113.121 49.48.127.52 95.130.175.87 185.208.23.233 113.211.71.137 182.53.129.102 189.172.94.69 182.53.129.106 171.101.144.130 177.202.224.158 173.234.31.45 43.155.10.234 36.84.145.13 78.3.91.170 109.237.7.112 79.119.80.26 49.48.110.189 189.172.62.18 103.190.29.200 37.1.201.146 36.71.164.74 190.108.90.26 189.162.138.43 219.88.70.10 20.246.22.202 112.78.191.131 223.204.201.209 189.172.98.170 58.124.18.22 49.48.84.105 189.162.136.169 130.164.150.59 103.142.111.180 110.22.151.47 190.111.30.52 116.5.192.223 89.213.41.237 180.245.130.168 187.144.254.76 171.101.144.65 92.247.117.225 125.166.52.4 49.48.127.186 201.40.90.60 189.163.201.155 36.71.166.249 189.182.203.237 107.208.145.240 54.159.142.212 187.1.68.125 223.206.136.215 194.219.215.204 118.99.124.71 125.166.52.44 143.92.147.63 180.183.114.213 77.49.249.107 103.155.201.137 202.186.163.152 20.231.211.201 181.115.182.188 217.113.49.125 185.252.179.105 103.165.35.90 4.236.130.26 185.229.237.32 89.117.76.249 144.86.17.167 4.240.78.12 38.55.216.113 94.66.184.8 223.204.14.74 122.154.56.133 175.138.229.53 189.128.199.156 36.90.152.144 24.66.24.187 190.145.170.206 220.135.216.3 171.101.52.217 45.14.185.30 171.101.138.82 183.88.62.151 158.220.91.166 190.8.227.207 212.87.213.247 1.174.15.218 111.230.17.153 52.178.128.156 110.139.175.86 60.51.226.119 59.96.165.173 36.71.166.80 135.148.77.82 103.100.135.58 36.71.161.89 115.241.144.10 187.144.142.242 18.141.55.63 190.119.76.68 171.101.53.201 3.139.91.193 103.91.211.200 86.127.176.138 103.85.226.45 52.221.97.212 36.71.174.86 189.127.165.191 49.48.145.225 192.41.102.47 163.158.99.61 187.150.96.72 49.48.104.229 80.32.8.140 83.0.116.139 103.90.227.110 220.247.174.189 60.51.47.79 93.217.176.106 218.244.156.233 185.229.237.86 187.141.247.90 189.172.44.168 85.127.37.101 38.54.114.104 185.229.237.162 37.72.71.19 49.48.84.180 49.48.193.61 47.36.13.62 113.211.54.197 188.4.203.108 60.51.156.85 36.71.164.30 189.177.213.169 46.136.144.14 139.196.144.53 84.196.43.122 187.192.245.9 223.206.138.48 104.42.182.200 181.225.12.91 216.146.24.107 190.6.166.112 14.139.182.3 180.253.11.253 193.92.236.12 49.48.127.179 182.53.129.2 177.53.55.199 180.183.9.213 79.117.126.197 60.49.92.252 49.48.124.23 202.186.132.37 182.53.129.92 107.23.115.168 189.172.18.166 103.116.52.244 115.246.185.219 177.125.237.57 79.131.102.225 134.255.220.40 113.211.54.227 125.111.168.45 203.166.207.254 139.144.120.232 183.88.36.161 43.239.205.221 36.79.200.2 186.87.84.238 46.45.185.52 201.51.188.215 154.127.222.136 125.166.52.10 183.88.60.176 190.30.242.89 14.225.44.218 118.100.255.116 77.49.87.98 217.231.245.124 20.226.35.48 49.48.107.203 171.5.27.251 171.5.138.230 218.253.253.73 35.199.106.10 45.89.30.90 180.241.159.108 187.155.0.221 180.75.4.170 171.5.131.130 14.187.171.245 37.72.37.160 189.172.56.232 178.128.82.168 36.72.14.142 36.90.152.179 125.163.157.142 187.175.13.146 109.59.51.151 13.250.47.47 187.155.26.5 221.124.102.126 167.86.134.24 183.88.56.254 217.15.164.206 36.238.206.205 36.90.208.169 41.140.41.118 172.67.156.76 49.48.194.112 162.248.93.192 175.139.130.187 189.177.233.194 103.253.73.212 124.122.106.214 202.150.150.108 223.204.13.148 103.24.119.233 180.247.214.215 5.225.38.54 117.193.145.199 3.23.25.111 78.24.205.196 103.164.132.123 150.107.140.75 36.76.98.20 135.125.202.216 223.204.206.73 58.71.205.159 78.3.177.233 188.152.175.197 111.125.76.63 85.206.72.16 212.14.238.22 139.64.23.244 94.154.33.168 187.155.7.4 103.144.183.156 18.214.64.114 49.48.124.64 189.180.98.211 186.67.151.100 125.165.150.148 171.5.143.210 187.172.94.201 185.229.237.230 188.4.232.102 59.149.150.197 41.141.49.161 182.53.129.110 125.160.59.77 202.186.76.61 125.166.52.55 125.166.52.56 87.122.53.69 36.73.93.146 187.155.12.214 137.59.22.187 189.170.161.160 38.152.53.74 180.183.135.141 186.210.13.164 95.52.94.166 201.246.113.60 49.49.43.101 36.91.46.44 185.229.237.120 51.222.255.58 45.153.7.11 179.104.65.247 38.242.223.23 202.152.20.115 189.177.169.227 113.211.54.166 223.206.37.79 45.144.167.158 45.87.173.36 189.238.33.85 181.60.69.36 93.104.113.207 202.186.64.36 49.49.29.66 187.147.41.222 187.133.39.212 62.48.177.122 114.55.170.8 124.77.29.239 189.237.191.233 189.172.254.191 168.227.96.102 171.5.138.194 49.48.194.157 133.142.117.245 182.53.129.76 49.248.126.138 89.213.5.176 83.250.3.23 62.77.156.72 131.196.199.138 181.163.200.69 46.246.158.84 49.0.82.206 46.152.40.138 113.211.54.111 14.207.2.101 189.174.35.201 124.106.166.170 103.10.231.194 46.246.161.240 36.82.127.105 49.48.120.219 103.8.151.129 201.108.152.229 111.251.137.62 167.61.87.205 213.14.138.253 103.100.128.230 36.71.160.233 180.183.103.246 175.122.36.148 171.101.144.110 182.53.129.26 189.127.164.73 124.122.104.64 116.204.250.84 113.211.54.189 103.89.64.236 188.166.220.51 202.88.209.109 198.244.228.207 189.141.0.76 194.199.109.217 194.45.197.28 195.206.235.71 192.95.51.54 171.5.139.249 200.150.105.229 201.206.158.237 195.85.205.17 180.243.208.234 39.108.71.105 189.172.63.126 194.156.88.183 185.163.116.177 200.34.226.46 182.53.129.85 36.64.141.138 180.183.127.10 113.211.54.231 171.5.132.136 49.48.119.126 217.240.196.88 223.204.204.150 49.49.152.176 187.214.99.103 36.67.214.19 87.184.181.174 131.196.198.225 125.166.52.63 167.94.158.150 181.161.50.9 36.90.152.15 49.48.118.7 162.33.178.179 171.5.143.137 62.33.7.173 36.90.20.89 46.246.213.42 182.53.129.31 103.15.144.178 113.211.54.140 191.108.129.131 109.177.56.137 34.197.23.97 186.210.111.88 14.207.12.53 36.90.161.48 171.96.102.91 212.18.114.92 83.42.110.235 202.185.38.52 45.117.169.199 45.149.93.204 223.206.35.65 103.180.1.131 187.156.221.17 41.139.201.39 187.155.35.134 52.253.115.16 223.206.187.188 185.126.10.125 124.122.103.161 119.8.3.39 103.56.206.107 3.145.97.183 182.53.129.121 95.246.35.95 171.5.130.189 213.136.84.14 36.90.1.224 90.82.50.115 181.60.86.190 139.91.183.28 45.88.191.4 103.84.208.182 186.3.164.72 103.109.45.5 207.188.6.56 5.189.168.170 146.83.123.29 84.32.231.115 180.183.121.165 171.5.130.112 49.48.138.60 36.81.75.211 180.245.206.1 191.252.156.146 124.120.48.126 184.168.31.6 92.219.161.58 121.202.27.61 171.5.137.99 36.84.28.142 36.90.22.59 36.71.173.220 188.36.215.62 45.118.145.218 151.33.211.27 202.186.104.183 36.73.134.12 187.155.87.37 200.88.57.81 203.114.109.139 110.235.247.171 49.48.113.189 180.254.87.240 38.17.55.107 41.196.248.4 183.91.87.163 49.48.113.71 182.53.129.109 171.5.137.231 190.134.70.138 36.90.153.63 187.232.236.201 180.183.102.244 223.204.15.210 105.98.140.16 189.161.91.38 111.243.137.185 124.122.105.96 60.48.82.128 86.144.72.241 103.72.96.239 187.155.53.175 45.146.106.51 118.174.23.90 134.255.225.198 31.126.94.86 36.71.163.68 125.166.52.32 68.134.91.81 109.165.225.84 171.7.149.24 217.20.242.60 122.121.7.83 190.57.37.70 175.201.211.42 213.238.177.114 185.229.238.39 124.122.107.148 190.219.8.220 49.48.107.184 36.91.60.20 181.206.7.48 130.164.189.18 186.107.125.235 177.221.205.214 114.35.14.101 189.174.35.210 189.237.103.209 186.116.15.45 81.227.71.249 54.232.49.151 84.245.8.180 194.14.207.177 38.25.129.221 36.94.130.58 179.70.214.40 51.81.249.201 45.137.69.113 77.49.249.132 47.108.196.23 122.103.101.126 103.125.154.3 103.140.50.24 180.243.78.113 189.172.247.13 5.249.165.152 103.86.156.82 49.48.198.10 200.55.241.74 36.90.21.51 202.152.32.66 87.125.173.162 36.91.9.105 201.146.145.180 171.101.144.252 110.137.159.12 189.248.170.33 58.152.104.216 62.227.152.130 24.101.151.68 20.0.194.184 62.122.229.94 190.57.34.71 45.88.9.42 117.121.211.35 179.110.44.252 79.127.60.2 8.219.230.175 58.71.205.163 49.48.127.149 37.41.80.99 124.120.145.179 36.71.171.101 102.101.163.154 200.48.185.142 131.221.184.195 103.145.62.222 103.247.14.129 173.207.147.199 223.206.141.232 110.139.20.7 194.219.38.182 82.156.18.143 210.186.48.102 79.159.56.153 45.127.133.73 36.91.184.67 160.177.81.160 189.131.243.83 197.4.45.132 112.135.220.65 123.231.237.70 210.91.34.123 189.245.8.222 36.64.141.140 110.136.178.56 191.96.229.8 45.160.18.29 79.42.203.226 217.171.153.175 150.107.136.36 185.84.160.114 49.232.60.34 202.93.227.34 187.148.99.86 180.183.113.221 102.68.77.196 58.71.205.195 189.172.85.39 36.71.198.253 187.188.186.252 36.95.73.81 190.219.196.251 189.177.240.127 94.156.71.142 81.70.87.12 182.53.129.58 171.5.139.127 189.172.32.70 85.172.39.196 36.71.175.65 187.155.40.31 46.246.242.235 177.94.26.24 67.2.161.191 168.149.89.93 189.250.169.132 18.220.224.124 37.138.32.115 36.74.236.233 160.177.37.86 63.225.206.105 77.230.91.9 130.43.54.246 219.76.169.10 130.185.77.34 103.146.196.24 93.225.56.56	6 Info ET USER_AGENTS Go HTTP Client User-Agent ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET INFO TLS Handshake Failure ET DROP Spamhaus DROP Listed Traffic Inbound group 15		5.2			ZeroCERT

143	2024-06-14 18:48	help.scr 2d927fdb462570728a981443bf36d19f Emotet Generic Malware Malicious Packer Malicious Library UPX Antivirus PE File PE32 OS Processor Check DLL PE64 ftp Malware download VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns suspicious privilege Check memory buffers extracted WMI Creates executable files unpack itself Windows utilities Auto service suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check human activity check Windows Exploit ComputerName Remote Code Execution		4	5		14.0	M	63	ZeroCERT

144	2024-06-14 18:46	Asusdebug.exe 9d3b19c8bf21723224e6885db1eea012 Malicious Packer Malicious Library UPX PE File PE32 VirusTotal Malware suspicious privilege WMI Windows utilities Windows ComputerName DNS		2			3.8	M	39	ZeroCERT

145	2024-06-14 18:45	Gqgsm.exe c6cd0f62d86d87344a7d7483d82ac6d3 Malicious Library .NET framework(MSIL) AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Ransomware Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	5		17.4	M	47	ZeroCERT

146	2024-06-14 18:42	drivermanager.exe c28a2d0a008788b49690b333d501e3f3 Generic Malware Malicious Library ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Remote Code Execution					8.0	M	50	ZeroCERT

147	2024-06-14 18:40	natcontroler.exe 381e4d25d271d8fd15f8b04b180be401 Malicious Library .NET framework(MSIL) UPX Socket Http API HTTP DNS Internet API AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key					8.8	M	34	ZeroCERT

148	2024-06-14 18:38	Ejpba.exe 1c56623199e1959f271a191d603360bf AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces installed browsers check Ransomware Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	5		15.8	M	47	ZeroCERT

149	2024-06-14 18:27	help.scr 2d927fdb462570728a981443bf36d19f Emotet Generic Malware Malicious Packer Malicious Library UPX Antivirus PE File PE32 OS Processor Check DLL PE64 ftp Malware download VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns suspicious privilege Malicious Traffic Check memory WMI Creates executable files unpack itself Windows utilities Auto service Check virtual network interfaces suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check human activity check Windows ComputerName Remote Code Execution	1 Keyword trend analysis	5	2		14.8		63	ZeroCERT

150	2024-06-14 13:46	bin2.scr 0b2395819398823d092534e26209e799 Formbook Generic Malware Malicious Library .NET framework(MSIL) UPX AntiDebug AntiVM PE File .NET EXE PE32 DLL Browser Info Stealer VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Browser DNS	29 Keyword trend analysis Info http://www.carolinappttery.com/q380/ - rule_id: 40238 http://www.carolinappttery.com/q380/ http://www.carolinappttery.com/q380/?PJd=ehUrFCKl0QR4T29AJZh5dRT/ZDPm9qTvUW59H2BhLEsiO0kIW28uNcfa56DEKhzH0iD+lYFdD8RRxblUIft60LyxhWLZTQGF9CEZTcwXHMEEzcDS8bPwZbiqnYj5NbIEEA54k2w=&roo=krO0qmwhIp_LJR2y - rule_id: 40238 http://www.carolinappttery.com/q380/?PJd=ehUrFCKl0QR4T29AJZh5dRT/ZDPm9qTvUW59H2BhLEsiO0kIW28uNcfa56DEKhzH0iD+lYFdD8RRxblUIft60LyxhWLZTQGF9CEZTcwXHMEEzcDS8bPwZbiqnYj5NbIEEA54k2w=&roo=krO0qmwhIp_LJR2y http://www.gospelstudygroup.org/qmdw/ http://www.aritum.top/f2qc/ - rule_id: 40240 http://www.aritum.top/f2qc/ http://www.winnscce.com/xk70/?PJd=E9dNAQXSau8gxD7ycO4dLfQfH5YRjq6/aXbIhWqdNKhuK+zum8oLAEgkUh6j+ec/Dsz5NNoJPY83q7uKVhR+kQSzALNmdhL2cm95N3pKuY1dSsInVS8QGD1t6OErSJExWBCOe4E=&roo=krO0qmwhIp_LJR2y - rule_id: 40235 http://www.ay62m.top/orwn/ - rule_id: 40237 http://www.ay62m.top/orwn/ http://www.gospelstudygroup.org/qmdw/?PJd=kZQE5+J7NyHk1VKpZsdFopgUcfLAHlvR1AW0jxdBnvp4EB411rckL9DsM1GhyImy3YF39ksngIoiWe7h2+CLHpk3uYhNkgQe0XYv/yb90vBP9OLAjjQiCyGhN1bVP2EzpaLZrOo=&roo=krO0qmwhIp_LJR2y http://www.sqlite.org/2022/sqlite-dll-win32-x86-3380000.zip http://www.tqfabxah.com/f5wa/?PJd=gvfimVYyVoaIA6LSQiLyJJ4rCFA+SDI9PWBc8jEgnhWVxILhAYweklxvvqcAelfwJ0IvmpbMteemAhVl67fWtrB9/BgWrmQnFTV5QmYGhYRFat8wsaPDvDNh/p04Lm04k2miCbo=&roo=krO0qmwhIp_LJR2y http://www.sjzsls.com/9ypd/ - rule_id: 40234 http://www.ybw73.top/zfmd/ - rule_id: 40239 http://www.ybw73.top/zfmd/ http://www.ay62m.top/orwn/?PJd=3cBNLJTm2SpTWV5+FkCnTYkROdg55TQjKQDEk1HDa97easJD35wZE2GMsxRselnzvm7j4PFdEanRmF1YrarFthUoWpYtpzXpGMx8vyWuQ49fEDOcUJzL6xCqo7J2o8DZINEYFF8=&roo=krO0qmwhIp_LJR2y - rule_id: 40237 http://www.ay62m.top/orwn/?PJd=3cBNLJTm2SpTWV5+FkCnTYkROdg55TQjKQDEk1HDa97easJD35wZE2GMsxRselnzvm7j4PFdEanRmF1YrarFthUoWpYtpzXpGMx8vyWuQ49fEDOcUJzL6xCqo7J2o8DZINEYFF8=&roo=krO0qmwhIp_LJR2y http://www.ybw73.top/zfmd/?PJd=Wy9Xy0arXTA/u2vvBYrKIOUBpzUpOEWJyNtxnnOaFAzOmZ+G/QUaP7IPedalQRfZTnOTlfhQhpBKLAk/X9K39OImH5VRArdmcUQpro/j/mKcwsNXkqPqNRMPQWcketlQaFqDwMQ=&roo=krO0qmwhIp_LJR2y - rule_id: 40239 http://www.ybw73.top/zfmd/?PJd=Wy9Xy0arXTA/u2vvBYrKIOUBpzUpOEWJyNtxnnOaFAzOmZ+G/QUaP7IPedalQRfZTnOTlfhQhpBKLAk/X9K39OImH5VRArdmcUQpro/j/mKcwsNXkqPqNRMPQWcketlQaFqDwMQ=&roo=krO0qmwhIp_LJR2y http://www.w90dm.top/8ms4/ - rule_id: 40236 http://www.w90dm.top/8ms4/ http://www.tqfabxah.com/f5wa/ http://www.sjzsls.com/9ypd/?PJd=Fp4YMLPzXpbUfY9ET0WH3a72p3fXf7YhU2uVF/1Su8SRdO97GHvogqvz+96x72oMEQq3eHyW0zw8RVfXjuFBE/DSpz5ZNszOE2hxgYcLkAt/YsxuqXlLrzOhs3BZhOu+6KXTzoA=&roo=krO0qmwhIp_LJR2y - rule_id: 40234 http://www.aritum.top/f2qc/?PJd=+PlbwI8tNruUpga2nartzvIoOczIwOvbU1ANxXfMuvMQEzSRrWQM3cmspk1IFvcCMV40t1yig50Ax37YShWjrdIjOvIEgJJROzqkte3OBXYcjah0B7lnBY2SKVXOZr2cpq5/qwU=&roo=krO0qmwhIp_LJR2y - rule_id: 40240 http://www.aritum.top/f2qc/?PJd=+PlbwI8tNruUpga2nartzvIoOczIwOvbU1ANxXfMuvMQEzSRrWQM3cmspk1IFvcCMV40t1yig50Ax37YShWjrdIjOvIEgJJROzqkte3OBXYcjah0B7lnBY2SKVXOZr2cpq5/qwU=&roo=krO0qmwhIp_LJR2y http://www.w90dm.top/8ms4/?PJd=udGRhKSFzWywOShfg4LrArlkOSU57jdgfHHoAEODJUB2/fB/f7uvWahs0ChcgR3p3uHY1bC8mP+rUPbsneCLatPp1qyYsRzD0wOOKHTt4GdecEtntAcROmt09OnVjaXmhkctiwE=&roo=krO0qmwhIp_LJR2y - rule_id: 40236 http://www.w90dm.top/8ms4/?PJd=udGRhKSFzWywOShfg4LrArlkOSU57jdgfHHoAEODJUB2/fB/f7uvWahs0ChcgR3p3uHY1bC8mP+rUPbsneCLatPp1qyYsRzD0wOOKHTt4GdecEtntAcROmt09OnVjaXmhkctiwE=&roo=krO0qmwhIp_LJR2y http://www.winnscce.com/xk70/ - rule_id: 40235	19 Info www.aritum.top(203.161.55.102) www.gospelstudygroup.org(185.245.180.25) www.tqfabxah.com(35.241.42.217) www.carolinappttery.com(123.58.214.101) www.yedurrum.xyz() www.winnscce.com(123.58.214.101) - mailcious www.sjzsls.com(154.212.44.122) - mailcious www.ay62m.top(38.47.207.132) www.ybw73.top(38.47.232.233) www.w90dm.top(38.47.232.178) 38.47.232.178 203.161.55.102 38.47.232.233 154.212.44.122 - mailcious 38.47.207.132 185.245.180.25 45.33.6.223 123.58.214.101 - mailcious 35.241.42.217	2	14 Info http://www.carolinappttery.com/q380/ http://www.carolinappttery.com/q380/ http://www.aritum.top/f2qc/ http://www.winnscce.com/xk70/ http://www.ay62m.top/orwn/ http://www.sjzsls.com/9ypd/ http://www.ybw73.top/zfmd/ http://www.ay62m.top/orwn/ http://www.ybw73.top/zfmd/ http://www.w90dm.top/8ms4/ http://www.sjzsls.com/9ypd/ http://www.aritum.top/f2qc/ http://www.w90dm.top/8ms4/ http://www.winnscce.com/xk70/	12.0	M	32	ZeroCERT