Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9211	2024-01-11 00:09	https://onedrive.live.com/down... Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		2	2		4.2			Malwr

9212	2024-01-11 09:59	JAN-122661-F2024.url d49e5049684aaa8d14a407ac08ddb3be AntiDebug AntiVM URL Format MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed		1	2		5.2		4	ZeroCERT

9213	2024-01-11 10:12	release.rar 055bfe6e7bbf803236c3b1552f2ca0b1 Escalate priviledges PWS KeyLogger AntiDebug AntiVM Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check Tofsee DNS	5 Keyword trend analysis Info http://195.20.16.45/api/bing_release.php http://195.20.16.45/api/flash.php https://sun6-23.userapi.com/c909618/u418490229/docs/d51/1e80248cc5f3/8jccr.bmp?extra=I1B0d7qHmDrWBBQTgm6DCsfs_HxefbRVRDBMMl1mndN_42h_EOO-DEO4b1R5C8HYMiNVOCOnamxYlk9-My5bAFSfIzgZKrI9NoLJwJbBGG34aojGE1MEDXU_gW3h2-UJPHThE-0hKCfIk70-NA https://api.myip.com/ https://vk.com/doc418490229_670513616?hash=Rnz6mh1plmmQeRvLs9F8CK7xp1IzayhFDkq5VtfO7zL&dl=vqdYEy1z0yzb7VGu1G6kvdqbamVKV6KZryFk0aAy5M0&api=1&no_preview=1	9	4		4.2			ZeroCERT

9214	2024-01-12 07:59	love.exe d3420ffb07677d83ab1fd50b1c45c96d Emotet Gen1 EnigmaProtector Malicious Library UPX Malicious Packer AntiDebug AntiVM PE32 PE File CAB OS Processor Check PNG Format MSOffice File JPEG Format VirusTotal Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security AppData folder AntiVM_Disk anti-virtualization VM Disk Size Check Tofsee Windows Update Exploit ComputerName Remote Code Execution DNS crashed	2 Keyword trend analysis	3	2		12.4	M	45	ZeroCERT

9215	2024-01-12 08:05	leru.exe 099556734bde76d46c677c726cbf2538 Generic Malware Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory Windows utilities Disables Windows Security suspicious process AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed	1 Keyword trend analysis	6	7 Info ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET MALWARE Suspected RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE [ANY.RUN] RisePro TCP (Activity)		11.6	M	48	ZeroCERT

9216	2024-01-12 08:05	plugins.exe d1a6f9be6f046fcdd20d871cec0e1a42 Client SW User Data Stealer LokiBot ftp Client info stealer Malicious Library Admin Tool (Sysinternals etc ...) .NET framework(MSIL) UPX Http API PWS Code injection AntiDebug AntiVM PE32 PE File .NET EXE DLL OS Processor Check VirusTotal Malware Telegram Buffer PE PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder malicious URLs Tofsee Windows ComputerName DNS Cryptographic key crashed	2 Keyword trend analysis	5	3		13.0	M	34	ZeroCERT

9217	2024-01-12 15:58	love.exe d84ddf7e3d38eb30d74875aef7bdf829 Emotet Gen1 EnigmaProtector Malicious Library UPX Malicious Packer AntiDebug AntiVM PE32 PE File CAB PNG Format MSOffice File JPEG Format OS Processor Check VirusTotal Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security AppData folder AntiVM_Disk anti-virtualization VM Disk Size Check Tofsee Windows Update Exploit ComputerName Remote Code Execution DNS crashed	2 Keyword trend analysis	3	2		12.4	M	48	ZeroCERT

9218	2024-01-12 15:59	InstallSetup8.exe 90c84cef9f4f1a5eb8d0393904f508da NPKI HermeticWiper NSIS Generic Malware Suspicious_Script Malicious Library UPX Antivirus Admin Tool (Sysinternals etc ...) Malicious Packer Anti_VM Javascript_Blob PE32 PE File PNG Format JPEG Format OS Processor Check MZP Format ZIP Format icon BMP For VirusTotal Malware Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk IP Check VM Disk Size Check Tofsee Ransomware Windows DNS	3 Keyword trend analysis	6	10 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET POLICY External IP Lookup (ipify .org) ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla)) ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	1	9.4	M	50	ZeroCERT

9219	2024-01-13 18:54	rty45.exe ef895c5307108231ad39d601a38a098f Malicious Packer UPX PE File PE64 VirusTotal Malware PDB MachineGuid unpack itself Check virtual network interfaces Tofsee Remote Code Execution	2 Keyword trend analysis	3	1		3.0	M	25	ZeroCERT

9220	2024-01-13 18:55	browserUpdate.vbs 2cf4670bd083efe16afb9041a0116341 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	4	2		9.6		3	ZeroCERT

9221	2024-01-13 18:55	browserupdationrecentlydonebym... 510fbf28e3dd6ebb0fe934dad853d70b MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	7	3		6.0		30	ZeroCERT

9222	2024-01-13 18:58	BrowserUpdate.vbs 55bb883a7a332f86d1ca49379d1ca95d Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	4	2		9.0		3	ZeroCERT

9223	2024-01-13 19:01	leru.exe 1abfdde35393e3bed6dc4c88ddaec0c6 Generic Malware Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory Windows utilities Disables Windows Security suspicious process AntiVM_Disk WriteConsoleW anti-virtualization IP Check VM Disk Size Check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed	1 Keyword trend analysis	5	6 Info ET MALWARE [ANY.RUN] RisePro TCP (Token) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Suspected RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)		11.6	M	48	ZeroCERT

9224	2024-01-13 19:05	rty31.exe 797344a5766214c49734b8f63f78e797 Malicious Packer UPX PE File PE64 VirusTotal Malware PDB MachineGuid unpack itself Check virtual network interfaces Tofsee Remote Code Execution	2 Keyword trend analysis	3	1		3.6		27	ZeroCERT

9225	2024-01-13 19:14	red.exe 3c78cef4203a47012167be0877274540 RedlineStealer RedLine Infostealer RedLine stealer .NET framework(MSIL) UPX Malicious Library Malicious Packer Antivirus PE32 PE File .NET EXE OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	3 Keyword trend analysis	4	9 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE RedLine Stealer - CheckConnect Response ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound ET MALWARE Redline Stealer Family Activity (Response) SURICATA HTTP unable to match response to request ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		9.2	M	58	ZeroCERT