Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
1	2025-04-02 10:00	VC_redist.x64.exe 94d6494667a6ad5b91f26f46959086a6 Emotet Generic Malware Malicious Library UPX PE File PE32 OS Processor Check PE64 VirusTotal Malware PDB suspicious privilege MachineGuid Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows ComputerName DNS Cryptographic key		1		6.0		41	ZeroCERT

2	2025-03-26 11:28	xmsn.exe 808a1e4b004ad48ca5e96aece8c64133 Emotet Gen1 Generic Malware Malicious Library Malicious Packer UPX ASPack PE File PE64 CAB OS Processor Check DLL DllRegisterServer dll PE32 VirusTotal Malware Telegram PDB Malicious Traffic Checks debugger Creates executable files ICMP traffic unpack itself DNS	6 Keyword trend analysis Info http://37.27.142.100/internals/api/ip?1742955734973498442 http://37.27.142.97/internals/api/ip?1742955747971253166 http://37.27.142.139/internals/api/ip?1742955786967592643 http://37.27.142.101/internals/api/ip?1742955760967662430 http://37.27.142.97/internals/api/ip?1742955763973640697 http://www.google.com/	26 Info t.me(149.154.167.99) - www.google.com(142.250.206.196) - i.instagram.com(157.240.215.63) - vanaheim.cn(46.173.214.156) - scontent-ssn1-1.cdninstagram.com(157.240.215.63) - s.youtube.com(64.233.189.102) - www.google.co.uk(142.250.207.99) - graph.instagram.com(157.240.215.63) - 149.154.167.99 - 185.7.214.57 - 74.125.23.138 - 157.240.215.63 - 185.7.214.51 - 185.156.72.27 - 142.250.198.100 - 37.27.142.100 - 37.27.142.101 - 142.250.66.35 - 37.27.142.139 - 46.173.214.156 - 185.42.12.21 - 37.27.142.97 - 185.42.12.45 - 185.11.61.16 - 185.11.61.15 - 185.156.72.58 -	4	5.8		49	ZeroCERT

3	2025-03-08 12:12	76a10c1b-5401-4483-8d02-0593c9... 42d1f59bd9027984edcfef168f8e86a4 Emotet Gen1 Generic Malware Malicious Library Malicious Packer UPX PE File CAB PE32 OS Processor Check DLL DllRegisterServer dll VirusTotal Malware PDB Checks debugger Creates executable files ICMP traffic unpack itself suspicious TLD DNS	1 Keyword trend analysis	25 Info imap.t-online.de(194.25.134.51) www.google.com(142.250.207.100) imap.serviciodecorreo.es(82.223.190.138) foapologetics.com(198.54.120.34) bff-search-web.domclick.ru(178.248.234.210) example.org(96.7.128.186) - mailcious vanaheim.cn(141.8.198.29) - mailcious imap.ionos.de(212.227.15.171) 185.7.214.57 198.54.120.34 - phishing 185.42.12.45 185.7.214.51 23.215.0.132 178.248.234.210 142.250.197.36 141.8.198.29 193.143.1.5 212.227.15.171 185.147.125.145 185.147.125.146 185.147.125.147 194.25.134.115 82.223.190.138 121.133.128.1 185.156.72.58	2	5.6	M	45	ZeroCERT

4	2025-03-07 09:50	http://www.example.com 001d7acad697c62d8a2bd742c4955c26 Emotet Browser Login Data Stealer Generic Malware PhysicalDrive Malicious Library Malicious Packer ASPack UPX Admin Tool (Sysinternals etc ...) Antivirus Anti_VM PE File CAB PE32 OS Processor Check DLL ftp MZP Format VirusTotal Malware PDB Checks debugger Creates executable files unpack itself installed browsers check Browser crashed	1 Keyword trend analysis	2		4.0	M	42	ZeroCERT

5	2025-02-07 14:26	ram.exe 72ec64d0bc0b31f8842c9b5d488c11e7 Emotet Generic Malware Malicious Library Malicious Packer ASPack UPX Admin Tool (Sysinternals etc ...) PE File PE64 CAB OS Processor Check DLL PE32 MZP Format VirusTotal Malware PDB Checks debugger Creates executable files unpack itself DNS crashed		17 Info time.facebook.com(129.134.25.123) ntp.nict.jp(133.243.238.164) pool.ntp.org(121.174.142.81) time.google.com(216.239.35.0) time.apple.com(17.253.114.43) ntp.time.in.ua(62.149.0.30) ntp.time.nl(94.198.159.14) x.ns.gin.ntt.net(129.250.35.250) 129.250.35.250 61.205.120.130 62.149.0.30 216.239.35.4 17.253.68.251 91.108.241.156 94.198.159.10 106.247.248.106 129.134.26.123		4.0	M	29	ZeroCERT

6	2025-01-30 19:35	BQEHIQAG.exe 074ca842ea52396751bb6015979f2f79 Emotet Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) UPX Malicious Packer PE File CAB PE32 OS Processor Check DLL MZP Format DllRegisterServer dll VirusTotal Malware PDB Check memory Checks debugger Creates executable files unpack itself				3.6	M	51	ZeroCERT

7	2025-01-18 10:14	QGFQTHIU.exe 6e3dc1be717861da3cd7c57e8a1e3911 Emotet Gen1 Generic Malware Malicious Library Malicious Packer UPX ASPack PE File PE64 CAB OS Processor Check DLL PE32 DllRegisterServer dll VirusTotal Malware PDB Checks debugger Creates executable files unpack itself installed browsers check Browser				4.0		37	ZeroCERT

8	2024-07-09 10:11	install.exe 7524d560b667b8ed62f16bc59772d81f Emotet Gen1 HermeticWiper Generic Malware PhysicalDrive Malicious Library Malicious Packer UPX Admin Tool (Sysinternals etc ...) Obsidium protector Antivirus PE File PE64 CAB OS Processor Check DLL DllRegisterServer dll PE32 MZP Format MSOffice File VirusTotal Malware PDB Checks debugger Creates executable files				3.6	M	44	ZeroCERT

9	2024-02-02 09:23	Install.exe 97bbaccc9522b08df38561a6cfb186b0 UPX AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	3	16.6	M	32	ZeroCERT

10	2024-01-24 07:50	Install.exe 16c5332ffa5a8fbb4403570ef5de191d Admin Tool (Sysinternals etc ...) UPX AntiDebug AntiVM PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		1		11.4		20	ZeroCERT

11	2023-03-30 16:34	xme.exe 48efad145d5274859e353e1cf8018e45 Emotet RAT AntiDebug AntiVM .NET EXE PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key	10 Keyword trend analysis Info http://www.88vqq.com/lf80/?1nk=MSiiOWab7QGE4OsGqNUf0CjYIOhimWiHfwxthaTSJ8ZN7v6H0tr9Kvwqa+LjvVHLJHijakkDSyn+6AhO4AX19nbBqGYAyzw2LVFYqB4=&2R8Y=VADnZM1Y http://www.fluttering.info/lf80/ http://www.88vqq.com/lf80/ http://www.fluttering.info/lf80/?1nk=vdUvd4KMcs02oJHOqazuyWeULNYj9ziXLbdaBklN4QZLswKe18yc7gBmli0SaeLYRqNWchuZuJZKel0zJd0sN+qba2pORzREmC/Malw=&2R8Y=VADnZM1Y http://www.toplegalserves.com/lf80/?1nk=iIHSWm9EKbE4LjX243veP2lmBJalZgZwOGqRYCYa0bxTcNU/qsqdO599/0gGzMbmPKZM4KeyGlGsFSkFvsSSZkNMG60YCeVz3NJjEjs=&2R8Y=VADnZM1Y http://www.carcosainvest.com/lf80/?1nk=U1AfX2eZFZv2hBCTqgPkcuANZ20kgeq2vS8gtcHKe8ZJSs3Oy12xCliJ0zonbRqHTLXay59VdXyZMRRK+Tu2D9w7yrgJnaEu4iBoGU0=&2R8Y=VADnZM1Y http://www.fantasticserver.yachts/lf80/ http://www.sqlite.org/2020/sqlite-dll-win32-x86-3320000.zip http://www.toplegalserves.com/lf80/ http://www.fantasticserver.yachts/lf80/?1nk=C+NRImNoToCD7C+RudibhX2FyNhV6QDK3DTVu5TP5j9xeLMXsFNWcyV4ZKkL/2WNJNyMWiJ/EMH3DJK+HE42s4WyueexzCKRcbRLZww=&2R8Y=VADnZM1Y	12 Info www.fantasticserver.yachts(165.22.36.197) www.fluttering.info(198.177.124.57) www.toplegalserves.com(208.91.197.27) www.felco.online() www.88vqq.com(154.94.81.137) www.carcosainvest.com(206.54.190.30) 165.22.36.197 208.91.197.27 - mailcious 154.94.81.137 206.54.190.30 198.177.124.57 - mailcious 45.33.6.223	2	9.4	M	44	ZeroCERT

12	2022-12-05 09:55	KDSIE.exe 0de080bdd3889d099ced53db9d587ca3 RAT UPX Create Service Socket ScreenShot DNS Escalate priviledges AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Check virtual network interfaces sandbox evasion Tofsee Ransomware Stealer Windows Browser ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	3	7 Info ET MALWARE Win32/Unknown Stealer Command (geoblock) (Outbound) ET MALWARE Win32/Unknown Stealer Command (filegrab) (Outbound) ET MALWARE Win32/Unknown Stealer Command (loader) (Outbound) ET MALWARE Win32/Unknown Stealer Command (domaindetect) (Outbound) ET MALWARE Win32/Unknown Stealer CnC Log Exfil SURICATA Applayer Protocol detection skipped SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	18.6	M	40	ZeroCERT

13	2022-07-29 09:15	upnp_enc.exe 0de5fa8a3cf1f68ad13f6e051563a150 RAT Emotet Ave Maria WARZONE RAT Generic Malware UPX Antivirus Malicious Library Malicious Packer PE32 .NET EXE PE File OS Processor Check VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName RCE DNS Cryptographic key DDNS		1	1	10.2	M	51	ZeroCERT

14	2021-06-18 09:07	z7ggs.exe 6b7554c5f2b7a246639156524fb86a78 AsyncRAT backdoor PWS .NET framework Gen1 Gen2 Http API Steal credential ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder installed browsers check Tofsee Ransomware Windows Browser Email ComputerName DNS Cryptographic key crashed	4 Keyword trend analysis	3	4	13.6	M	46	ZeroCERT

15	2021-06-12 12:53	hBKKvc5PYJSJ.exe ea64fb745ef58010d1b9d7ac80f221d0 PWS .NET framework BitCoin AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	2	10.6	M	32	ZeroCERT