Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1	2024-06-26 10:13	3f12ea9a-79fa-40c4-802f-9bbddf... 5f331887bec34f51cca7ea78815621f7 Gen1 Emotet Generic Malware Malicious Library UPX Antivirus PE File PE64 CAB VirusTotal Malware powershell AutoRuns PDB suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Remote Code Execution Cryptographic key					9.0	M	42	ZeroCERT

2	2024-05-13 09:09	leadiadequatepro.exe b149f82964b1e269ade2686612a9e777 Emotet Gen1 Hide_EXE Malicious Library UPX .NET framework(MSIL) PE64 PE File CAB OS Processor Check .NET EXE PE32 VirusTotal Malware AutoRuns PDB Check memory Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName Remote Code Execution					5.0	M	44	ZeroCERT

3	2024-05-11 15:03	system32.exe d1c30d86c227f9c6669b9e3d45489ae0 Emotet Gen1 Generic Malware Malicious Library Antivirus UPX PE64 PE File CAB DLL PE32 .NET DLL powershell AutoRuns PDB suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows ComputerName Remote Code Execution DNS Cryptographic key		1			9.8			ZeroCERT

4	2024-04-10 13:50	pclient.exe 5790d1417f8f00bd7ec6fb7011c79d9c Emotet Gen1 Malicious Library UPX PE64 PE File CAB VirusTotal Malware PDB Remote Code Execution					1.6	M	23	ZeroCERT

5	2024-03-11 10:57	Run.exe 966a466c7ddb151e50b7a782f4ecbeea Emotet Gen1 Hide_EXE Downloader Malicious Library UPX .NET framework(MSIL) Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE File FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities AppData folder WriteConsoleW Ransomware Windows Email ComputerName Remote Code Execution DNS Software					8.8	M	16	ZeroCERT

6	2024-02-29 07:44	Update.exe fa8cdfbdff15a0372fbd6a2bb6203e08 Emotet Gen1 Generic Malware Malicious Library UPX Antivirus Anti_VM PE File PE64 CAB VirusTotal Malware powershell AutoRuns PDB suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Remote Code Execution Cryptographic key					6.8		15	ZeroCERT

7	2024-02-12 17:38	RuntimeBroker.EXE 7e0ec75c05e1ed3fca184fbb286c011c Emotet Gen1 Generic Malware Malicious Library UPX Antivirus PE File PE64 CAB VirusTotal Malware AutoRuns PDB suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities WriteConsoleW Windows ComputerName Remote Code Execution Cryptographic key					5.8	M	21	ZeroCERT

8	2024-02-04 16:47	npp86Installerx64.exe d8b897481e51cfab29862e8f9d5a039d Emotet Gen1 Malicious Library UPX PE32 PE File CAB AutoRuns PDB MachineGuid Check memory Checks debugger Creates executable files unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Remote Code Execution					3.4	M		ZeroCERT

9	2024-02-04 16:43	ClamAV-0.103.4.exe 27caec389aed111fc91c3531b9a6dbe1 Emotet Gen1 Hide_EXE Malicious Library UPX .NET framework(MSIL) PE File PE64 CAB PE32 .NET EXE OS Processor Check AutoRuns PDB suspicious privilege Check memory Checks debugger Creates executable files unpack itself AppData folder Windows Remote Code Execution Cryptographic key					4.6	M		ZeroCERT

10	2024-02-04 16:41	npp86Installerx64.exe d8b897481e51cfab29862e8f9d5a039d Emotet Gen1 Malicious Library UPX PE32 PE File CAB VirusTotal Malware AutoRuns PDB Check memory Checks debugger Creates executable files unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Remote Code Execution					4.4	M	49	ZeroCERT

11	2024-01-16 08:15	done.exe 750730cacee06f5b29188ef5050ff7ab Client SW User Data Stealer Emotet Gen1 browser info stealer EnigmaProtector Generic Malware Google Chrome User Data Downloader Malicious Library UPX Malicious Packer .NET framework(MSIL) Http API PWS Code injection Create Service Socket DGA ScreenShot Es Browser Info Stealer VirusTotal Malware AutoRuns PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Tofsee Ransomware Windows Exploit Browser Remote Code Execution DNS crashed	15 Keyword trend analysis Info https://fbsbx.com/security/hsts-pixel.gif?c=5 https://static.xx.fbcdn.net/rsrc.php/v3/yV/l/0,cross/om552iOCRxJ.css?_nc_x=Ij3Wp8lg5Kz https://www.facebook.com/favicon.ico https://connect.facebook.net/security/hsts-pixel.gif https://www.facebook.com/login https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/Y0L6f5sxdIV.png https://static.xx.fbcdn.net/rsrc.php/v3/yr/l/0,cross/wMc7fNlPdnA.css?_nc_x=Ij3Wp8lg5Kz https://facebook.com/security/hsts-pixel.gif?c=3.2.5 https://static.xx.fbcdn.net/rsrc.php/v3/yJ/l/0,cross/JtVgZ46o85N.css?_nc_x=Ij3Wp8lg5Kz https://fbcdn.net/security/hsts-pixel.gif?c=2.5 https://static.xx.fbcdn.net/rsrc.php/v3/yE/r/xGzxHIbkRpC.js?_nc_x=Ij3Wp8lg5Kz https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/0_HoU29ShlI.js?_nc_x=Ij3Wp8lg5Kz https://static.xx.fbcdn.net/rsrc.php/v3/yK/r/Lzd-U--zeLf.js?_nc_x=Ij3Wp8lg5Kz https://static.xx.fbcdn.net/rsrc.php/y1/r/4lCu2zih0ca.svg https://static.xx.fbcdn.net/rsrc.php/v3/ya/l/0,cross/EQ0cyse2DGv.css?_nc_x=Ij3Wp8lg5Kz	8	1		14.6	M	37	ZeroCERT

12	2024-01-12 15:58	love.exe d84ddf7e3d38eb30d74875aef7bdf829 Emotet Gen1 EnigmaProtector Malicious Library UPX Malicious Packer AntiDebug AntiVM PE32 PE File CAB PNG Format MSOffice File JPEG Format OS Processor Check VirusTotal Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security AppData folder AntiVM_Disk anti-virtualization VM Disk Size Check Tofsee Windows Update Exploit ComputerName Remote Code Execution DNS crashed	2 Keyword trend analysis	3	2		12.4	M	48	ZeroCERT

13	2024-01-12 07:59	love.exe d3420ffb07677d83ab1fd50b1c45c96d Emotet Gen1 EnigmaProtector Malicious Library UPX Malicious Packer AntiDebug AntiVM PE32 PE File CAB OS Processor Check PNG Format MSOffice File JPEG Format VirusTotal Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security AppData folder AntiVM_Disk anti-virtualization VM Disk Size Check Tofsee Windows Update Exploit ComputerName Remote Code Execution DNS crashed	2 Keyword trend analysis	3	2		12.4	M	45	ZeroCERT

14	2024-01-05 07:58	bongo.exe 98e589da2cf91986d1e703189919dec1 RedLine stealer Emotet Gen1 Amadey RedlineStealer NSIS Generic Malware Malicious Library UPX .NET framework(MSIL) Malicious Packer Admin Tool (Sysinternals etc ...) Antivirus ScreenShot PWS Anti_VM AntiDebug AntiVM PE32 PE File CAB .NET EXE OS Processor Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Microsoft Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security Collect installed applications Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW IP Check VM Disk Size Check installed browsers check Kelihos Tofsee Ransomware Stealer Windows Exploit Browser RisePro Email ComputerName Remote Code Execution DNS Cryptographic key Software crashed	29 Keyword trend analysis Info http://77.91.68.21/lend/YT.exe http://77.91.68.21/lend/MRK.exe http://77.91.68.21/lend/golden.exe http://77.91.68.21/lend/macheri.exe http://77.91.68.21/lend/flesh.exe http://77.91.68.21/lend/bakhtiar.exe http://185.215.113.68/theme/Plugins/cred64.dll http://77.91.68.21/mine/nocry.exe http://api.ipify.org/?format=ewf http://91.92.254.7/scripts/plus.php?ip=175.208.134.152&substr=seven&s=ab - rule_id: 38706 http://apps.identrust.com/roots/dstrootcax3.p7c http://5.42.66.0/newrock.exe http://185.215.113.68/theme/Plugins/clip64.dll http://77.91.68.21/lend/pixelguy.exe http://185.215.113.68/theme/index.php https://www.youtube.com/img/desktop/supported_browsers/firefox.png https://fonts.gstatic.com/s/youtubesans/v23/Qw3hZQNGEDjaO2m6tqIqX5E-AVS5_rSejo46_PCTRspJ0OosolrBEJL3HMXfxQASluL2m_dANVawBpSF.woff https://www.youtube.com/favicon.ico https://ipinfo.io/widget/demo/175.208.134.152 https://www.youtube.com/img/desktop/supported_browsers/edgium.png https://www.youtube.com/ https://www.youtube.com/img/desktop/supported_browsers/yt_logo_rgb_light.png https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxM.woff https://www.youtube.com/img/desktop/supported_browsers/dinosaur.png https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2F https://fonts.googleapis.com/css?family=YouTube+Sans:500 https://www.youtube.com/img/desktop/supported_browsers/chrome.png https://www.youtube.com/img/desktop/supported_browsers/opera.png https://fonts.googleapis.com/css?family=Roboto:400,500	23 Info www.youtube.com(172.217.175.14) - mailcious fonts.googleapis.com(172.217.25.170) api.ipify.org(173.231.16.77) ipinfo.io(34.117.186.192) iplogger.com(104.21.76.57) - mailcious fonts.gstatic.com(172.217.25.163) 20.79.30.95 173.231.16.77 195.20.16.103 185.215.113.68 193.233.132.62 104.21.76.57 5.42.66.0 - malware 216.58.220.138 - mailcious 5.42.65.31 216.58.203.78 77.91.68.21 - malware 23.32.56.80 185.172.128.53 - malware 91.92.254.7 - mailcious 172.217.24.227 121.254.136.9 34.117.186.192	27 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DROP Spamhaus DROP Listed Traffic Inbound group 21 ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE Suspected RisePro TCP Heartbeat Packet ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET INFO Microsoft net.tcp Connection Initialization Activity ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request ET MALWARE Redline Stealer Family Activity (Response) ET MALWARE Possible Kelihos.F EXE Download Common Structure ET INFO Packed Executable Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET POLICY External IP Lookup (ipify .org) ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla)) ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	1	26.6	M	38	ZeroCERT

15	2023-12-27 07:49	foxi.exe 25be69edbd38d09faf01adfe59e39da2 Emotet Gen1 SmokeLoader EnigmaProtector Malicious Library UPX PE32 PE File CAB ZIP Format Lnk Format GIF Format DLL OS Processor Check .NET EXE Browser Info Stealer Malware download FTP Client Info Stealer Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns PDB suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder AntiVM_Disk IP Check VM Disk Size Check human activity check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName Remote Code Execution DNS Cryptographic key Software crashed	2 Keyword trend analysis	4	7 Info ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE Suspected RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration)		15.0			ZeroCERT