Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
91	2024-06-19 09:59	bin.exe 13e5872e9b7c47090e035dc228c5589f Generic Malware Malicious Packer Malicious Library UPX .NET framework(MSIL) PE File PE32 OS Processor Check PE64 .NET EXE JPEG Format Malware download Amadey VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns Malicious Traffic Creates executable files unpack itself AppData folder suspicious TLD Windows DNS CoinMiner	3 Keyword trend analysis	6	12 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 13 ET DNS Query to a .top domain - Likely Hostile ET INFO HTTP Request to a .top domain ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET POLICY Cryptocurrency Miner Checkin ET MALWARE Amadey Bot Activity (POST) M1 ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING Possible EXE Download From Suspicious TLD ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	7.4	M	59	ZeroCERT

92	2024-06-19 09:56	blob.exe fbfbe4ee13baecac3e7d16bec24cf079 PE64 PE File VirusTotal Cryptocurrency Miner Malware Cryptocurrency DNS CoinMiner		2	2	1.4	M	59	ZeroCERT

93	2024-06-19 09:51	2.exe 3fa8ba44b848d959dec2f30e98adefa3 PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		1	1	5.6	M	51	ZeroCERT

94	2024-06-19 09:49	2345.exe ce7dc5df5568a79affa540aa86b24773 Generic Malware Malicious Packer Malicious Library UPX Anti_VM PE File PE32 VirusTotal Malware AutoRuns unpack itself Windows DNS crashed		1		5.6	M	54	ZeroCERT

95	2024-06-19 09:48	AntiVirus00.exe d31d65a28dca61cf4a21ba5020b60e83 PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		1	1	5.6	M	57	ZeroCERT

96	2024-06-19 09:47	Ebyloto_LetThereBeNightingale_... ec974c132c919b5865a24a2c071bb93a Generic Malware Downloader Malicious Packer Malicious Library .NET framework(MSIL) UPX Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P per Browser Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency powershell AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut ICMP traffic unpack itself Windows utilities powershell.exe wrote suspicious process Ransomware Windows Browser ComputerName Cryptographic key				9.8	M	54	ZeroCERT

97	2024-06-19 09:44	Antivirus333.exe 9260f5e80678b6490676270838c08941 Malicious Packer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger ICMP traffic unpack itself				2.8	M	62	ZeroCERT

98	2024-06-19 09:42	3.exe a41dcc178717a13af8972680faa8e697 PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		1	1	5.0	M	48	ZeroCERT

99	2024-06-19 09:42	sch.exe 60b4266cdb4dc9b44d595677680a94f2 PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		1	1	5.6	M	50	ZeroCERT

100	2024-06-19 09:41	1.exe 7b099cafaf5dada250f611dfef156cdb PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		1	1	5.6	M	50	ZeroCERT

101	2024-06-19 09:41	AntiVirus.exe 06b81c8edd7f620513a06e3a5cc11483 PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		1	1	5.0	M	53	ZeroCERT

102	2024-06-19 09:37	AntiVirus2.exe 571878c5dbb5200509fddc36d7c01643 Malicious Packer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger ICMP traffic unpack itself				2.8	M	60	ZeroCERT

103	2024-06-19 09:34	murka.exe 9e27ed6d9855b9bfae9234f0303a8bba Malicious Packer UPX Anti_VM PE File PE32 ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory buffers extracted unpack itself Windows utilities Collect installed applications suspicious process AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed	1 Keyword trend analysis	5	8 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE RisePro CnC Activity (Inbound)	13.4	M	45	ZeroCERT

104	2024-06-18 18:16	1.exe c51e84d4d53678605a1cb5feb6436c84 Malicious Library AntiDebug AntiVM PE File PE32 VirusTotal Malware AutoRuns Code Injection Check memory unpack itself Windows utilities suspicious process AppData folder Windows		2		7.4	M	66	ZeroCERT

105	2024-06-18 15:07	aspx.exe b81577dbe375dbc1d1349d8704737adf Generic Malware Malicious Library UPX PE64 PE File OS Processor Check VirusTotal Malware Malicious Traffic Check memory Creates executable files unpack itself Windows utilities suspicious process sandbox evasion WriteConsoleW Windows ComputerName DNS crashed	1 Keyword trend analysis	3		7.6		54	ZeroCERT