Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
1	2024-03-03 18:31	Pinnacle_Ware_2024022916433637... 77b0a4cc8efa2b582c0fd137858e9ef5 Malicious Library Malicious Packer UPX PE File PE32 MZP Format OS Processor Check VirusTotal Malware AutoRuns Check memory Creates executable files installed browsers check Windows Browser				2.8	M	66	ZeroCERT

2	2024-03-03 15:38	Enigma_Matrix_2024022423222894... 7403f2cb2b6e21ce949a11673e30f1a5 Emotet Gen1 HermeticWiper Generic Malware NSIS Malicious Library Malicious Packer UPX ASPack Admin Tool (Sysinternals etc ...) Downloader Anti_VM PE File PE32 MZP Format OS Processor Check DllRegisterServer dll HWP PE64 ActiveXObject CAB ftp VirusTotal Malware AutoRuns Check memory Creates executable files AppData folder installed browsers check Windows Browser				3.6	M	63	ZeroCERT

3	2024-03-03 15:31	SecurityHealt_2024022207091602... ac5e40b7d8456ff9149d11b3061fea62 Emotet Gen1 HermeticWiper Generic Malware NSIS Malicious Library Malicious Packer UPX ASPack Admin Tool (Sysinternals etc ...) Downloader Anti_VM PE File PE32 MZP Format OS Processor Check DllRegisterServer dll HWP ActiveXObject PE64 CAB ftp VirusTotal Malware AutoRuns Check memory Creates executable files AppData folder installed browsers check Windows Browser				3.6	M	65	ZeroCERT

4	2024-03-03 15:27	Cosmic_Pulse_20240226152541358... 4ee3cd75a5b8120755d4e009c07fc49e Malicious Library Malicious Packer UPX PE File PE32 MZP Format OS Processor Check VirusTotal Malware AutoRuns Check memory Creates executable files installed browsers check Windows Browser				2.8	M	65	ZeroCERT

5	2024-03-03 15:24	Prestige_Edge_2024022610242212... 29491c0c19ccb94ccbc9e696f52aa1ba Emotet Gen1 HermeticWiper Generic Malware NSIS Malicious Library Malicious Packer UPX ASPack Admin Tool (Sysinternals etc ...) Downloader Anti_VM PE File PE32 MZP Format OS Processor Check DllRegisterServer dll HWP ActiveXObject PE64 CAB ftp VirusTotal Malware AutoRuns Check memory Creates executable files AppData folder installed browsers check Windows Browser				3.6	M	65	ZeroCERT

6	2024-03-03 15:22	Miracle_Genius_202402270123316... 10b0ab03e44fdf02dbffb2c224d1c9b5 Malicious Library Malicious Packer UPX PE File PE32 MZP Format OS Processor Check Browser Info Stealer VirusTotal Malware AutoRuns Check memory Creates executable files installed browsers check Windows Browser				3.2	M	64	ZeroCERT

7	2024-03-03 15:22	signed_20240224210355899.exe 0055b0e9c746a27c52eb8fc40f85fc1b Emotet Gen1 HermeticWiper Generic Malware NSIS Malicious Library Malicious Packer UPX ASPack Admin Tool (Sysinternals etc ...) Downloader Anti_VM PE File PE32 MZP Format OS Processor Check DllRegisterServer dll HWP ActiveXObject PE64 CAB ftp VirusTotal Malware AutoRuns Check memory Creates executable files AppData folder installed browsers check Windows Browser				3.6	M	66	ZeroCERT

8	2024-03-03 15:19	Gamma_Byte_20240225090812380.e... 4c2b6653c6f5efefdae3ab22e98ace66 Emotet Gen1 HermeticWiper Generic Malware NSIS Malicious Library Malicious Packer UPX ASPack Admin Tool (Sysinternals etc ...) Downloader Anti_VM PE File PE32 MZP Format OS Processor Check DllRegisterServer dll HWP ActiveXObject CAB PE64 ftp VirusTotal Malware AutoRuns Check memory Creates executable files AppData folder installed browsers check Windows Browser				3.6		66	ZeroCERT

9	2024-03-03 15:13	Delta_Vista_20240227071332438.... 5429ee1e27f500e5814c94f1a3b0faac Malicious Library Malicious Packer UPX PE File PE32 MZP Format OS Processor Check Browser Info Stealer AutoRuns Check memory Creates executable files installed browsers check Windows Browser				2.0			ZeroCERT

10	2024-02-20 10:49	Windows_Security_2024020901401... c59c5aff84e626996a4bb74908d7d301 Emotet Gen1 Generic Malware PhysicalDrive NSIS Malicious Library Malicious Packer UPX Downloader Admin Tool (Sysinternals etc ...) Antivirus .NET framework(MSIL) ASPack Anti_VM Javascript_Blob PE32 PE File MZP Format OS Processor Check DllRegisterServer d Browser Info Stealer Malware AutoRuns MachineGuid Malicious Traffic Check memory buffers extracted Creates executable files unpack itself AppData folder installed browsers check Tofsee Windows Browser	2 Keyword trend analysis	4	1	5.2			ZeroCERT

11	2022-11-18 17:31	kapo.exe 6ed53a0273682d74b8ebdd50fa1b2a19 PWS[m] RAT PWS .NET framework Emotet Gen2 Gen1 Formbook Generic Malware PhysicalDrive NSIS Downloader task schedule Malicious Library Malicious Packer UPX Anti_VM Admin Tool (Sysinternals etc ...) Antivirus ASPack Create Service DGA Socket ScreenShot DNS Browser Info Stealer Malware download AsyncRAT NetWireRC VirusTotal Malware AutoRuns Code Injection Check memory Creates executable files Windows utilities suspicious process AppData folder WriteConsoleW installed browsers check Windows Browser ComputerName DNS		2	3	6.2		65	ZeroCERT

12	2022-08-23 11:51	iLYRNkpPAAXmLnJ.exe 46c67c120019075d0f2844d6ae5ca36b RAT PWS .NET framework Gen2 Emotet Gen1 HermeticWiper Generic Malware NSIS UPX Malicious Library Malicious Packer Antivirus ASPack Admin Tool (Sysinternals etc ...) Downloader Anti_VM PE32 OS Processor Check PE File HWP .NET EXE VirusTotal Malware AutoRuns Check memory Checks debugger Creates executable files unpack itself AppData folder installed browsers check Windows Browser				4.8	M	59	ZeroCERT

13	2022-07-21 09:34	bYCQn.exe d54251187d34bf23efbd1aeb8863fa80 RAT PWS .NET framework Gen2 Emotet Gen1 HermeticWiper Generic Malware NSIS Malicious Library UPX Malicious Packer Antivirus ASPack Admin Tool (Sysinternals etc ...) Anti_VM PE32 OS Processor Check PE File HWP .NET EXE VirusTotal Malware AutoRuns Check memory Checks debugger Creates executable files unpack itself AppData folder installed browsers check Windows Browser DNS		1		5.4	M	63	ZeroCERT

14	2022-07-20 08:20	svchost.exe 4c6b01344809054252095695fe24aa5f RAT Gen2 Emotet PWS .NET framework Gen1 Formbook Generic Malware PhysicalDrive NSIS task schedule Malicious Library UPX Malicious Packer Anti_VM Admin Tool (Sysinternals etc ...) Antivirus ASPack DNS AntiDebug AntiVM PE32 PE File OS Processor Check HWP .N Browser Info Stealer Malware download AsyncRAT Dridex NetWireRC TrickBot VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces suspicious process AppData folder malicious URLs installed browsers check Tofsee Kovter Windows Discord Browser DNS DDNS	2 Keyword trend analysis	5	12 Info ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO DYNAMIC_DNS Query to *.duckdns. Domain ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) ET MALWARE Generic AsyncRAT Style SSL Cert ET INFO Observed Discord Domain (discordapp .com in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO EXE CheckRemoteDebuggerPresent (Used in Malware Anti-Debugging)	13.8	M	63	ZeroCERT

15	2022-02-08 23:17	da.exe b3a27137bfa9f92fe6b4cc7f0aaf08f4 PWS .NET framework Emotet Gen2 Gen1 Generic Malware NSIS Malicious Library UPX ASPack Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM SMTP KeyLogger AntiDebug AntiVM PE File PE32 OS Processor Check .NET EXE VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs installed browsers check Windows Browser ComputerName Cryptographic key crashed				12.0	M	60	ZeroCERT