Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
1	2024-05-05 10:33	T76434567000.exe fbccdd35ee6dccadaeaa69e37fbbd171 Generic Malware Suspicious_Script_Bin Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	3 Keyword trend analysis	6	7 Info ET DNS Query to a .tk domain - Likely Hostile ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check	11.0		34	ZeroCERT

2	2023-11-09 07:57	IGCC.exe 1007f94e20df5535b81e25138316ac57 AgentTesla Confuser .NET PWS SMTP KeyLogger AntiDebug AntiVM PE File PE64 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows Browser Email ComputerName Software crashed keylogger	1 Keyword trend analysis	3	2	10.0	M		ZeroCERT

3	2023-11-07 19:17	MKiNn8877.exe 524730069cd81878eef9b8186fc67963 AgentTesla Confuser .NET PWS SMTP KeyLogger AntiDebug AntiVM PE File PE64 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows Browser Email ComputerName Software crashed keylogger		2	2	10.2	M		ZeroCERT

4	2023-11-06 14:07	MKiJjiii77.exe 5aefabd29d2955e7c86c5c6a24f2502b AgentTesla Confuser .NET PWS SMTP KeyLogger AntiDebug AntiVM PE File PE64 Browser Info Stealer Malware download FTP Client Info Stealer Email Client Info Stealer Malware AgentTesla suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows Browser Email ComputerName Software crashed keylogger		2	2	9.6			r0d

5	2023-11-06 09:52	MKiJjiii77.exe 5aefabd29d2955e7c86c5c6a24f2502b LokiBot Confuser .NET PWS SMTP KeyLogger AntiDebug AntiVM PE File PE64 Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AgentTesla suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows Browser Email ComputerName Software crashed keylogger		2	2	10.8		41	ZeroCERT

6	2023-11-06 09:43	MMkNn.exe 576ea37ddee70b9062761e4bcc0c6a64 RedLine Infostealer UltraVNC Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows DNS Cryptographic key crashed	1 Keyword trend analysis	3	5 Info ET POLICY Observed DNS Query to File Transfer Service Domain (transfer .sh) ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in DNS Lookup) ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Observed File Transfer Service SSL/TLS Certificate (transfer .sh)	4.0		55	ZeroCERT