Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9106	2023-11-21 08:00	smo.exe d117bdd49deff0dc9c560ed4a03d3a5f Emotet Gen1 Malicious Library UPX PE32 PE File CAB Lnk Format GIF Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns PDB suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Update Browser RisePro Email ComputerName Remote Code Execution DNS Cryptographic key Software crashed	1 Keyword trend analysis	5	7 Info ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token) ET MALWARE Suspected RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration)		18.4	M	42	ZeroCERT

9107	2023-11-21 18:17	htmlbrowserhistorydeletedbymic... 0a869df2007f5731f95c5d84aad6bbbf MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS crashed	3 Keyword trend analysis	6	3		4.6	M	33	ZeroCERT

9108	2023-11-21 18:17	htmlvb.vbs a106d0b5d4423dbcb1b7551cc6f011b1 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	4 Keyword trend analysis	5	2		9.0		7	ZeroCERT

9109	2023-11-22 13:23	deepweb.exe 7a51a34ca5ccfe6eb43ef6abc0f92d46 RedlineStealer RedLine Infostealer RedLine stealer .NET framework(MSIL) UPX PE32 PE File .NET EXE OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	4		8.0	M	65	ZeroCERT

9110	2023-11-23 07:53	PhXExiF.exe 607e6e48bb7398dd40783cdf86ee4670 .NET framework(MSIL) UPX PE32 PE File .NET EXE Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee crashed		2	1		1.4			ZeroCERT

9111	2023-11-23 19:02	tfsoft.exe 1d6edfa073e4a8f072df28cfd5321bba PE32 PE File Emotet VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic buffers extracted unpack itself Windows utilities Detects VMWare suspicious process AppData folder sandbox evasion VMware Tofsee Windows crashed	10 Keyword trend analysis Info http://rip.oeklms.com/api/r/ip http://cdn.cuilet.com/API/General/lsrpu http://cdn.cuilet.com/API/General/client_log_user http://ddjf8dkd.wifi95.com/API/General/arearst http://cdn.cuilet.com/api/filegoto1/81b1e3e4c7ac0cfc http://ddjf8dkd.wifi95.com/api/userconfig/uc_2bd4378e4519b0a0f73b3cd533996173.json http://9xcb.oeklms.com/api/r/mcm http://ddjf8dkd.wifi95.com/API/General/lsrpu http://apps.game.qq.com/comm-htdocs/ip/get_ip.php http://ddjf8dkd.wifi95.com/API/General/thenewseven	17 Info c9g6lqgo.sched.sma.tdnsstic1.cn(116.136.12.139) rip.oeklms.com(139.196.190.229) 9xcb.oeklms.com(106.14.120.14) ddjf8dkd.wifi95.com.cdn.dnsv1.com(175.43.23.80) time.pool.aliyun.com(182.92.12.11) apps.game.qq.com(101.227.134.49) ddjf8dkd.wifi95.com(116.136.12.139) cdn.cuilet.com(175.43.23.67) sp0.baidu.com(119.63.197.151) 119.63.197.139 106.14.120.14 118.212.235.111 182.92.12.11 101.227.134.27 139.196.190.229 114.114.114.114 175.43.23.80	1		11.6	M	57	guest

9112	2023-11-24 10:58	Invoice.url 90962de04e13d0f8e7b96a094ec6b77a AntiDebug AntiVM URL Format MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	2		5.8		5	ZeroCERT

9113	2023-11-24 11:00	Order_Information.url 73461871b344c75f77323047fbafd617 AntiDebug AntiVM URL Format MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	2		5.8		5	ZeroCERT

9114	2023-11-24 11:03	Payment_Information.url 9eb31a50bbe8cc0146b9f778d270ddd4 AntiDebug AntiVM URL Format MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	2		5.4			ZeroCERT

9115	2023-11-24 11:12	Payment.url 1009a583d82ccd724ae13dc4d378de59 AntiDebug AntiVM URL Format MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	2		6.0		14	ZeroCERT

9116	2023-11-24 11:14	Order_Information.url 7f4085aab74f2da761e65d5fb41fd40f AntiDebug AntiVM URL Format MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	2		5.4			ZeroCERT

9117	2023-11-25 17:55	Loader%20Resou%E2%80%AEnls.scr 21bc89b62236a92090a9b9732ce09b5e PE32 PE File .NET EXE PDB Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee		2	1		1.4	M		ZeroCERT

9118	2023-11-25 18:08	PLmp.exe d689713e2c880daf649ec894a0761274 PrivateLoader NPKI Gen1 HermeticWiper Generic Malware Suspicious_Script NSIS Malicious Library VMProtect UPX Antivirus Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM Javascript_Blob AntiDebug AntiVM PE File PE64 PE32 DLL PNG Format JPEG Forma Browser Info Stealer Malware download VirusTotal Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Disables Windows Security AppData folder AntiVM_Disk sandbox evasion WriteConsoleW IP Check VM Disk Size Check PrivateLoader Tofsee Ransomware Windows Browser DNS	5 Keyword trend analysis Info http://45.15.156.229/api/firegate.php - rule_id: 36052 http://45.15.156.229/api/tracemap.php - rule_id: 33783 https://vk.com/doc278414724_666990616?hash=4CotYHxpQIpd56XcQZdpXEA3nXJg8jBmLdZCLDYGTM4&dl=5wzQdfHJAm42JxdCzDIp2OLxzWhsnZyAL9RzHoNviH8&api=1&no_preview=1 https://sun6-23.userapi.com/c909618/u278414724/docs/d42/29be4c51d720/tmvwr.bmp?extra=lo1JLlDudToLN88wnSMMBgylnX1wZTo7dOyVInza09welEABQpw4eL107Ew0zGWbBHSZBcWjr8Ul2BHoKLnfShpyWd-XGHjt6BGnQMXMMB9fPp0nlsR-7ZS6NAy1Lkfclpxxg_FCr-j3uBfJEA https://api.myip.com/	10	8 Info SURICATA Applayer Mismatch protocol both directions SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) ET INFO Executable Download from dotted-quad Host ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	2	19.4	M	43	ZeroCERT

9119	2023-11-25 18:09	updater.exe 8589b564a5ed7920be4b1b08f3d6d8ed Gen1 Generic Malware UPX Antivirus Malicious Library PE32 PE File DLL PE64 OS Processor Check ZIP Format Cryptocurrency Miner Malware Cryptocurrency suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself suspicious process WriteConsoleW Windows ComputerName intelligence DNS Cryptographic key crashed CoinMiner	1 Keyword trend analysis	7	4 Info ET COINMINER Observed DNS Query to Cryptocurrency Mining Pool Domain (xmr .2miners .com) ET CINS Active Threat Intelligence Poor Reputation IP group 93 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)		6.2	M		ZeroCERT

9120	2023-11-25 18:13	Opesi.exe 51367ff68633e00c8a084cb52534182f Client SW User Data Stealer LokiBot ftp Client info stealer .NET framework(MSIL) Http API PWS AntiDebug AntiVM PE32 PE File .NET EXE FTP Client Info Stealer Malware Telegram suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	5	3		16.0	M		ZeroCERT