Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9226	2024-01-13 19:18	one.exe bd94daa7872d164c29dcdf71a89b4771 Client SW User Data Stealer LokiBot ftp Client info stealer Admin Tool (Sysinternals etc ...) .NET framework(MSIL) Malicious Library UPX Http API PWS Code injection AntiDebug AntiVM PE32 PE File MSOffice File .NET EXE DLL OS Processor Check VirusTotal Malware Telegram Buffer PE PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder malicious URLs Tofsee Windows ComputerName DNS Cryptographic key crashed	2 Keyword trend analysis	5	3		12.6		37	ZeroCERT

9227	2024-01-13 19:20	updationavailableforentierospr... 8f65da99c939a67fd8065dd8890374ab MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	5	3		4.6	M	31	ZeroCERT

9228	2024-01-13 19:26	InstallSetup10.exe d5610fe6893c1bb0df7b32471f878839 NSIS Generic Malware Malicious Library UPX Antivirus Admin Tool (Sysinternals etc ...) Malicious Packer Anti_VM PE32 PE File PNG Format OS Processor Check MZP Format ZIP Format JPEG Format BMP Format CHM Format DLL icon PE64 CAB MSOffice File Word 2007 f Malware Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk IP Check VM Disk Size Check Tofsee Ransomware Windows DNS	3 Keyword trend analysis	6	10 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET POLICY External IP Lookup (ipify .org) ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla)) ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	1	8.8	M		ZeroCERT

9229	2024-01-13 19:27	twoo.exe 013dd34c1d52ad6a86419657437e247a Client SW User Data Stealer LokiBot ftp Client info stealer Admin Tool (Sysinternals etc ...) .NET framework(MSIL) Malicious Library UPX Http API PWS Code injection AntiDebug AntiVM PE32 PE File MSOffice File .NET EXE DLL OS Processor Check Malware Telegram Buffer PE PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder malicious URLs Tofsee Windows ComputerName DNS Cryptographic key crashed	2 Keyword trend analysis	5	3		11.6	M		ZeroCERT

9230	2024-01-13 19:31	newrock2.exe 20dc7abde7dbae943356eb9bd311e9c0 NPKI HermeticWiper Generic Malware Suspicious_Script NSIS Malicious Library UPX Antivirus Admin Tool (Sysinternals etc ...) Malicious Packer Anti_VM Javascript_Blob PE32 PE File .NET EXE PNG Format JPEG Format OS Processor Check ZIP Format MZP Format PE6 Malware AutoRuns MachineGuid Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Ransomware Windows ComputerName DNS	3 Keyword trend analysis	5	6 Info ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla)) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	1	10.6	M		ZeroCERT

9231	2024-01-15 07:58	4.exe e4153c1acc9bab930996d7ee3b148f57 Vidar Malicious Library UPX PE32 PE File OS Processor Check Malware Telegram MachineGuid Malicious Traffic WMI Tofsee ComputerName DNS crashed	2 Keyword trend analysis	5	3	1	3.2	M		ZeroCERT

9232	2024-01-15 08:02	ReymenStealer.exe 2f4f4f544c12721873f7600bf1d5a37b Generic Malware Antivirus PE32 PE File .NET EXE PowerShell powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process Tofsee Windows Discord ComputerName DNS Cryptographic key Downloader	1 Keyword trend analysis	2	3		10.0	M		ZeroCERT

9233	2024-01-15 08:07	rty47.exe d641a8c632aa4b393491a9bd2a1407e3 Malicious Packer UPX PE File PE64 PDB MachineGuid unpack itself Check virtual network interfaces Tofsee Remote Code Execution	2 Keyword trend analysis	3	1		2.2	M		ZeroCERT

9234	2024-01-16 08:01	rty29.exe 484970b905d262cd9a08d8afb5a6fdac Malicious Packer PE File PE64 VirusTotal Malware PDB MachineGuid unpack itself Check virtual network interfaces Tofsee Remote Code Execution	2 Keyword trend analysis	3	1		3.2	M	21	ZeroCERT

9235	2024-01-16 08:13	MartDrum.exe 1e4352c43b8c5a6b5a10dd0ace9a57a4 Gen1 Downloader task schedule Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE32 Malware download AsyncRAT NetWireRC Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check Windows ComputerName DDNS		3	3		11.0	M		ZeroCERT

9236	2024-01-16 08:15	done.exe 750730cacee06f5b29188ef5050ff7ab Client SW User Data Stealer Emotet Gen1 browser info stealer EnigmaProtector Generic Malware Google Chrome User Data Downloader Malicious Library UPX Malicious Packer .NET framework(MSIL) Http API PWS Code injection Create Service Socket DGA ScreenShot Es Browser Info Stealer VirusTotal Malware AutoRuns PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Tofsee Ransomware Windows Exploit Browser Remote Code Execution DNS crashed	15 Keyword trend analysis Info https://fbsbx.com/security/hsts-pixel.gif?c=5 https://static.xx.fbcdn.net/rsrc.php/v3/yV/l/0,cross/om552iOCRxJ.css?_nc_x=Ij3Wp8lg5Kz https://www.facebook.com/favicon.ico https://connect.facebook.net/security/hsts-pixel.gif https://www.facebook.com/login https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/Y0L6f5sxdIV.png https://static.xx.fbcdn.net/rsrc.php/v3/yr/l/0,cross/wMc7fNlPdnA.css?_nc_x=Ij3Wp8lg5Kz https://facebook.com/security/hsts-pixel.gif?c=3.2.5 https://static.xx.fbcdn.net/rsrc.php/v3/yJ/l/0,cross/JtVgZ46o85N.css?_nc_x=Ij3Wp8lg5Kz https://fbcdn.net/security/hsts-pixel.gif?c=2.5 https://static.xx.fbcdn.net/rsrc.php/v3/yE/r/xGzxHIbkRpC.js?_nc_x=Ij3Wp8lg5Kz https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/0_HoU29ShlI.js?_nc_x=Ij3Wp8lg5Kz https://static.xx.fbcdn.net/rsrc.php/v3/yK/r/Lzd-U--zeLf.js?_nc_x=Ij3Wp8lg5Kz https://static.xx.fbcdn.net/rsrc.php/y1/r/4lCu2zih0ca.svg https://static.xx.fbcdn.net/rsrc.php/v3/ya/l/0,cross/EQ0cyse2DGv.css?_nc_x=Ij3Wp8lg5Kz	8	1		14.6	M	37	ZeroCERT

9237	2024-01-16 10:04	M.hta a712950af45bdc5e33863aae223c1ac6 AntiDebug AntiVM MSOffice File JPEG Format VirusTotal Malware Code Injection Check memory Checks debugger RWX flags setting exploit crash unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows Exploit ComputerName DNS crashed	2 Keyword trend analysis	2	2		7.6		18	ZeroCERT

9238	2024-01-16 10:16	browserclear.vbs 955cba0154cb22d954e10771041d58b3 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	4	2		9.0	M	3	ZeroCERT

9239	2024-01-16 10:18	browserdatasavedforvideotocrea... 894868d948fb83d3039e9d0f13caa8f6 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	5	3		4.6	M	33	ZeroCERT

9240	2024-01-16 10:20	BrowserUpdate.vbs 7eed4e5991eacf9b104dd2d2da0856fb Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	2 Keyword trend analysis	4	2		9.0	M	3	ZeroCERT