Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10126	2024-06-17 14:26	file.rar eb8589a8b967f7be1a94b8ae4cb0a15c Vidar Escalate priviledges PWS KeyLogger AntiDebug AntiVM Malware download Cryptocurrency Miner Malware Telegram suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check Tofsee Windows Discord RisePro Remote Code Execution DNS CoinMiner	11 Keyword trend analysis Info http://176.111.174.109/psyzh http://5.42.66.10/download/th/space.php - rule_id: 39944 http://5.42.99.177/api/crazyfish.php - rule_id: 40006 http://apps.identrust.com/roots/dstrootcax3.p7c http://94.232.45.38/eee01/eee01.exe - rule_id: 39938 http://5.42.99.177/api/twofish.php - rule_id: 40008 http://80.78.242.100/d/385135 http://5.42.66.10/download/123p.exe - rule_id: 39935 https://lop.foxesjoy.com/ssl/crt.exe - rule_id: 40188 https://steamcommunity.com/profiles/76561199699680841 - rule_id: 40206 https://db-ip.com/demo/home.php?s=	34 Info db-ip.com(172.67.75.166) pool.hashvault.pro(142.202.242.45) - mailcious cdn-download.avgbrowser.com(23.199.47.133) api64.ipify.org(104.237.62.213) api.myip.com(104.26.8.59) steamcommunity.com(23.66.133.162) - mailcious lop.foxesjoy.com(104.21.66.124) - malware t.me(149.154.167.99) - mailcious ipinfo.io(34.117.186.192) cdn.discordapp.com(162.159.134.233) - malware vk.com(87.240.132.67) - mailcious iplogger.org(172.67.132.113) - mailcious 94.232.45.38 - malware 182.162.106.33 - malware 182.162.106.144 184.26.241.154 - mailcious 149.154.167.99 - mailcious 147.45.47.126 - mailcious 34.117.186.192 5.42.99.177 - mailcious 125.253.92.50 176.111.174.109 - malware 104.26.8.59 162.159.130.233 - malware 65.109.240.138 - mailcious 172.67.159.232 77.91.77.80 - malware 5.42.66.10 - malware 23.52.128.153 80.78.242.100 173.231.16.77 104.26.4.15 87.240.132.78 - mailcious 172.67.132.113	28 Info ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI ET INFO TLS Handshake Failure ET DROP Spamhaus DROP Listed Traffic Inbound group 30 ET DROP Dshield Block Listed Source group 1 ET DROP Spamhaus DROP Listed Traffic Inbound group 1 ET INFO Executable Download from dotted-quad Host SURICATA Applayer Mismatch protocol both directions ET INFO Observed Discord Domain (discordapp .com in TLS SNI) ET HUNTING Redirect to Discord Attachment Download ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET MALWARE [ANY.RUN] RisePro TCP (Token) ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET INFO Observed Telegram Domain (t .me in TLS SNI) ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Activity) SURICATA Applayer Wrong direction first Data	7	4.2	M		ZeroCERT

10127	2024-06-17 16:58	am.exe 6cfddd5ce9ca4bb209bd5d8c2cd80025 Gen1 Generic Malware Malicious Library Antivirus Obsidium protector .NET framework(MSIL) UPX Anti_VM PE File PE32 OS Processor Check PNG Format Browser Info Stealer Malware download Amadey VirusTotal Malware powershell PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows Browser ComputerName Remote Code Execution Cryptographic key	4 Keyword trend analysis	6	2		10.4		37	ZeroCERT

10128	2024-06-18 07:37	IMG_812_06108.exe 9ea3d152c4e248841abf4f490a84b8c9 AgentTesla PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer Malware download FTP Client Info Stealer Email Client Info Stealer Malware Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	7 Info ET MALWARE PE EXE or DLL Windows file download disguised as ASCII ET MALWARE PE EXE or DLL Windows file download Text M2 ET HUNTING [TW] Likely Hex Executable String ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET SHELLCODE Common 0a0a0a0a Heap Spray String		15.8	M		ZeroCERT

10129	2024-06-18 22:31	https://qrco.de/bfAK2I?onO=XTp... 12dec78d031d4e022b462bf6373a6d21 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File icon Code Injection Creates executable files exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	5 Keyword trend analysis	8	3		4.2			guest

10130	2024-06-19 09:34	murka.exe 9e27ed6d9855b9bfae9234f0303a8bba Malicious Packer UPX Anti_VM PE File PE32 ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory buffers extracted unpack itself Windows utilities Collect installed applications suspicious process AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed	1 Keyword trend analysis	5	8 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE RisePro CnC Activity (Inbound)		13.4	M	45	ZeroCERT

10131	2024-06-19 09:36	bbc.doc c37e66ac7c43e79fd1c771892d457314 MS_RTF_Obfuscation_Objects RTF File doc Vulnerability VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed	3 Keyword trend analysis	5	5		4.6	M	36	ZeroCERT

10132	2024-06-19 17:15	voda.exe 61454bbf62a50d22bc3d52b44de73edd Malicious Packer UPX PE File PE32 Malware download VirusTotal Malware AutoRuns MachineGuid unpack itself Windows utilities suspicious process WriteConsoleW IP Check Tofsee Windows RisePro ComputerName DNS crashed	1 Keyword trend analysis	5	7 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE [ANY.RUN] RisePro TCP (External IP)		7.8		45	ZeroCERT

10133	2024-06-20 09:28	UHH.txt.exe 72ffddcd4adf890a663396aaf31affc4 AgentTesla Malicious Library Malicious Packer UPX PE File OS Memory Check .NET EXE PE32 OS Name Check OS Processor Check Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed keylogger	2 Keyword trend analysis	4	4		7.0			ZeroCERT

10134	2024-06-21 07:36	simon.exe b7e7f713ce1c717b6ae28904971e37e5 Themida Packer Malicious Packer PE File PE32 ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory buffers extracted unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName Firmware DNS Software crashed	1 Keyword trend analysis	5	8 Info ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound)		15.2		41	ZeroCERT

10135	2024-06-21 07:53	avg_secure_browser_setup.exe 13b3860a2827e505cb6de1418f640b16 HermeticWiper NSIS Generic Malware PhysicalDrive Malicious Library UPX Malicious Packer PE File PE32 DLL DllRegisterServer dll OS Processor Check MSOffice File CAB PE64 Browser Info Stealer VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities Collect installed applications Auto service Check virtual network interfaces AppData folder sandbox evasion anti-virtualization installed browsers check Tofsee Ransomware Fortinet Windows Browser ComputerName Firmware crashed	4 Keyword trend analysis Info http://browser-update.avg.com/browser-avg/win/x64/109.0.24252.121/AVGBrowserInstaller.exe https://stats.securebrowser.com/?_=1718955853989&retry_tracking_count=0&last_request_error_code=0&last_request_error_message=&last_request_status=0&last_request_system_error=0&request_proxy=0 https://update.avgbrowser.com/service/update2 https://update.avgbrowser.com/service/update2?cup2key=9:2906594695&cup2hreq=1a77176c46ecf7b2954c2373054d5a3b455eb7a159f1b6ad23c4e5706d55a272	6	2		19.8		4	ZeroCERT

10136	2024-06-24 07:44	ama.exe 5d860e52bfa60fec84b6a46661b45246 RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check MSOffice File PNG Format JPEG Format Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Collect installed applications Check virtual network interfaces AppData folder installed browsers check Tofsee Stealer Windows Exploit Browser ComputerName DNS Cryptographic key Software crashed	3 Keyword trend analysis	9	7 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		11.4		58	ZeroCERT

10137	2024-06-24 07:47	pic1.exe 1fecbc51b5620e578c48a12ebeb19bc2 Generic Malware Downloader Malicious Library UPX MPRESS Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE File PE64 OS Processor C VirusTotal Malware PDB Code Injection Creates executable files unpack itself suspicious TLD Tofsee Remote Code Execution crashed		2	1		5.4		44	ZeroCERT

10138	2024-06-24 07:51	limba.exe 3e767dd673e06387e35d7362d89ddea1 Themida Packer Generic Malware Malicious Packer Anti_VM PE File PE32 ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory buffers extracted unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName Firmware DNS Software crashed	1 Keyword trend analysis	5	8 Info ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)		14.8	M	28	ZeroCERT

10139	2024-06-24 11:01	kissingisbestforcatwalkonthebe... b380556670eaff97d6dfb34144e8cbc5 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	3	1		4.6	M	38	ZeroCERT

10140	2024-06-24 14:38	BST.msi fe821027dfc49e8017c2cc50974a00b4 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX MSOffice File CAB OS Processor Check PE File DLL PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AppData folder AntiVM_Disk suspicious TLD VM Disk Size Check Tofsee ComputerName DNS		3	3		3.2		19	ZeroCERT