Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1	2024-02-20 08:10	reals.exe 4698ad48c64750c5eb431f00e27dfb8f Client SW User Data Stealer browser info stealer Generic Malware EnigmaProtector Google Chrome User Data Downloader UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer Code injection Http API PWS Create Service Socket DGA ScreenS Browser Info Stealer Malware download FTP Client Info Stealer Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Update Exploit Browser RisePro Email ComputerName DNS Software crashed Downloader	14 Keyword trend analysis Info http://185.215.113.46/cost/fu.exe - rule_id: 39367 http://185.215.113.46/cost/ladas.exe - rule_id: 39368 http://185.215.113.46/mine/plaza.exe - rule_id: 39369 http://185.215.113.46/cost/niks.exe - rule_id: 39371 http://185.215.113.46/cost/well.exe - rule_id: 39372 https://www.google.com/favicon.ico https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ATuJsjz8hj_CR46po7PiB42ipwYGfqMrtT5nDPo2WATpMjLqM1T1R14QgKtFGuAZr7MmlhZEQcq9FA https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ATuJsjz8fZ9bi1BK9xyTyEWNdGu5FL4_x2U6a4Ofo7oIzsGdgebcEPfFwMKRRt2G_zo0xDX63TqJLg&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-1492504774%3A1708383126361538 https://db-ip.com/demo/home.php?s=175.208.134.152 https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://accounts.google.com/generate_204?eh0r0Q https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png	12	15 Info ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) ET DROP Spamhaus DROP Listed Traffic Inbound group 22 ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO Packed Executable Download ET INFO TLS Handshake Failure	5	26.4	M		ZeroCERT

2	2024-02-19 07:56	reals.exe 9980a0d095ef8f4e841acb5be833f334 EnigmaProtector Obsidium protector Malicious Packer Malicious Library UPX Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 PE File MSOffice File OS Processor Check icon ZIP Format Lnk Format GIF Format Browser Info Stealer Malware download FTP Client Info Stealer Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process AppData folder AntiVM_Disk WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Update Exploit Browser RisePro Email ComputerName DNS Software crashed Downloader	14 Keyword trend analysis Info http://185.215.113.46/cost/fu.exe - rule_id: 39367 http://185.215.113.46/cost/ladas.exe - rule_id: 39368 http://185.215.113.46/mine/plaza.exe - rule_id: 39369 http://185.215.113.46/mine/amert.exe - rule_id: 39370 http://185.215.113.46/cost/niks.exe - rule_id: 39371 https://www.google.com/favicon.ico https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ATuJsjyDRmcM1-iZW3cVP-5MNSZnEdXkJZwAmQw8bVgZ0PLSvIIrqtM1U1kcweY3onol0wRoljOR_w&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-117171857%3A1708296749375638 https://db-ip.com/demo/home.php?s=175.208.134.152 https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://accounts.google.com/generate_204?EE92yg https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ATuJsjzgUHm32IHHReMnNubjaHuhhXLWhS_SbL3pzJaoM1SttxKeFUH3DHO_0ehIkDGeccM5wp6izw	12	13 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 22 ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Packed Executable Download	5	23.4	M		ZeroCERT

3	2024-02-18 10:58	reals.exe ff6be3e826728411d90a58ffe4834ca3 Client SW User Data Stealer browser info stealer Generic Malware EnigmaProtector Google Chrome User Data Downloader Obsidium protector UPX Malicious Library Malicious Packer Code injection Http API PWS Create Service Socket DGA ScreenShot Escalate pr Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Update Exploit Browser RisePro Email ComputerName DNS Software crashed Downloader	14 Keyword trend analysis Info http://185.215.113.46/cost/fu.exe - rule_id: 39367 http://185.215.113.46/cost/ladas.exe - rule_id: 39368 http://185.215.113.46/mine/plaza.exe - rule_id: 39369 http://185.215.113.46/mine/amert.exe - rule_id: 39370 http://185.215.113.46/cost/niks.exe - rule_id: 39371 https://www.google.com/favicon.ico https://db-ip.com/demo/home.php?s=175.208.134.152 https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ATuJsjwZDFIam6L22WTWI-kQASX9bbFhlY8Qfpn45PMVfMK-s8Kyidgcfo81UwYYYE3hoi8cxOYr https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ATuJsjwFn3TVCNRzJMcCHLiAbyOatgCfg9GZ0yxkBGaodHQIa13Oi7C4nekCckwkC7E_8TSu1Gl5&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-2029714484%3A1708220637104788 https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png https://accounts.google.com/generate_204?9CAOBw	12	13 Info ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DROP Spamhaus DROP Listed Traffic Inbound group 22 ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET INFO Packed Executable Download	5	28.0	M	26	ZeroCERT

4	2024-02-16 08:12	bugai.exe 04354f40a9b6cd2f8f76d1dd35c798c8 Client SW User Data Stealer browser info stealer Generic Malware EnigmaProtector Themida Packer Google Chrome User Data Downloader UPX Malicious Packer Admin Tool (Sysinternals etc ...) Malicious Library Http API PWS Code injection Create Service Soc Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Update Exploit Browser RisePro Email ComputerName DNS Software crashed Downloader	14 Keyword trend analysis Info http://185.215.113.46/cost/fu.exe - rule_id: 39367 http://185.215.113.46/cost/ladas.exe - rule_id: 39368 http://185.215.113.46/mine/plaza.exe - rule_id: 39369 http://185.215.113.46/cost/niks.exe - rule_id: 39371 http://185.215.113.46/cost/well.exe - rule_id: 39372 https://accounts.google.com/generate_204?h-1oTQ https://www.google.com/favicon.ico https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ATuJsjzcPUtDudBbROHOQ6tT1zfhEou-4TBJ2JnLfFVM5zMyNevnuIkHvddBUcT479PyW_00Wi1o https://db-ip.com/demo/home.php?s=175.208.134.152 https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ATuJsjzhfDFkb5rx61u0tsHnzrzfCHBuD8tlOuuj6ABBJFfzH8g2ecMn_GKIWDB6sy23s0Vosdg4&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S470561878%3A1708037893123060 https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png	12	13 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 22 ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO Packed Executable Download	5	28.4	M	30	ZeroCERT

5	2024-02-13 14:02	plaza.exe b391262d30720e42f884893464e82b01 EnigmaProtector Malicious Packer PE32 PE File Malware download VirusTotal Malware AutoRuns MachineGuid unpack itself Windows utilities suspicious process WriteConsoleW IP Check Tofsee Windows RisePro ComputerName DNS crashed	2 Keyword trend analysis	7	4		6.6		37	ZeroCERT

6	2024-02-13 12:41	zara.exe e9a17be752fa6e93d9e2f76adb0fa896 Client SW User Data Stealer browser info stealer Generic Malware EnigmaProtector Google Chrome User Data Downloader UPX Malicious Library Malicious Packer Http API PWS Code injection Create Service Socket DGA ScreenShot Escalate priviledges Steal credenti Browser Info Stealer Malware download FTP Client Info Stealer Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Update Exploit Browser RisePro Email ComputerName DNS Software crashed Downloader	13 Keyword trend analysis Info http://185.215.113.46/cost/fu.exe http://185.215.113.46/mine/plaza.exe http://185.215.113.46/cost/niks.exe http://www.maxmind.com/geoip/v2.1/city/me https://www.google.com/favicon.ico https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ATuJsjz5a8TlhvoYLJ0SzuAenpnz_UzZtCBVM8qDJPb2lw0Iee6PefsZ8BckMzAAvxq2SKM34ODzrA&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-1878625607%3A1707794388790457 https://db-ip.com/demo/home.php?s=175.208.134.152 https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ATuJsjz1jNrnusPHoH00gbZqw6mE-DeEWeVkSHkidM4bezlAO-nQqakY6wUDnxEten9xAtkD9mI5JA https://accounts.google.com/generate_204?_hL20w https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png	14 Info db-ip.com(104.26.4.15) www.google.com(142.250.206.196) ssl.gstatic.com(172.217.161.195) ipinfo.io(34.117.186.192) accounts.google.com(74.125.203.84) www.maxmind.com(104.18.145.235) 193.233.132.62 - mailcious 104.18.145.235 34.117.186.192 172.217.25.4 - suspicious 185.215.113.46 - malware 172.217.31.3 104.26.5.15 74.125.23.84	13 Info ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET DROP Spamhaus DROP Listed Traffic Inbound group 22 ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Packed Executable Download		27.0	M		ZeroCERT

7	2024-02-10 15:10	hunta.exe ceb083f9f6b650cda498738efb17554a Client SW User Data Stealer browser info stealer Generic Malware EnigmaProtector Google Chrome User Data Downloader UPX Malicious Packer Malicious Library Code injection Http API PWS Create Service Socket DGA ScreenShot Escalate priviledges Steal cred Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Detects VMWare suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Update Exploit Browser RisePro Email ComputerName DNS Software crashed Downloader	14 Keyword trend analysis Info http://193.233.132.167/mine/plaza.exe - rule_id: 39347 http://193.233.132.167/cost/ladas.exe - rule_id: 39348 http://193.233.132.167/cost/fu.exe - rule_id: 39344 http://193.233.132.167/cost/niks.exe - rule_id: 39346 http://www.maxmind.com/geoip/v2.1/city/me https://accounts.google.com/generate_204?HrB4NA https://www.google.com/favicon.ico https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ASKXGp3YMHY7_JfLI5pxj5g-LhYoL6fM6jsZneeb1DWUKOCdBPvkG5tDSra_CxHCJOmUEOwhroM-Dw https://db-ip.com/demo/home.php?s=175.208.134.152 https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp1kePpXDqddz9foOSiEown17TJh7jNAkvSvCTWKTHLdsexHCA2tQb56wvm_z-10OZh1Ii2Rqw&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-33185624%3A1707544026773281 https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png	14 Info db-ip.com(172.67.75.166) www.google.com(142.250.76.132) ssl.gstatic.com(142.250.76.131) ipinfo.io(34.117.186.192) accounts.google.com(74.125.203.84) www.maxmind.com(104.18.145.235) 172.67.75.166 104.18.146.235 34.117.186.192 193.233.132.62 - mailcious 142.250.66.36 142.251.8.84 193.233.132.167 - malware 142.250.199.67	13 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET INFO Packed Executable Download	4	26.6	M	29	ZeroCERT