Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10171	2024-07-01 16:46	Update.js 365d4f4e6ffed01288e0fae6e352e8a5 VBScript wscript.exe payload download Tofsee crashed Dropper	1 Keyword trend analysis	2	2		10.0			guest

10172	2024-07-02 07:45	snukingorig2.5.exe 7d50650cd2ba63482d4caf875ae65a8e Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File PE32 Device_File_Check OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	1 Keyword trend analysis	2	3		8.8	M	33	ZeroCERT

10173	2024-07-02 07:54	buildcr.exe 88932ab33c38072946abc06b426d33b8 [m] Generic Malware Generic Malware Suspicious_Script_Bin task schedule Malicious Library UPX Socket DGA Http API ScreenShot PWS DNS Internet API AntiDebug AntiVM PE File PE32 OS Processor Check Malware download Dridex VirusTotal Malware Microsoft AutoRuns Code Injection Checks debugger buffers extracted Creates executable files unpack itself Windows utilities AppData folder malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS	3 Keyword trend analysis	6	9 Info ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Potential Dridex.Maldoc Minimal Executable Request ET MALWARE Win32/Vodkagats Loader Requesting Payload ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET MALWARE Win32/Filecoder.STOP Variant Public Key Download ET POLICY PE EXE or DLL Windows file download HTTP	2	12.2	M	55	ZeroCERT

10174	2024-07-02 09:45	package_full.pdf.lnk 87e1217cd4517d2c3ea39b1b970a5550 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process Tofsee Interception Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1		7.0		24	ZeroCERT

10175	2024-07-02 13:49	Update.js a17403e9e32d19f46d7796f574136b61 VBScript wscript.exe payload download Tofsee crashed Dropper	1 Keyword trend analysis	2	2		10.0			guest

10176	2024-07-02 14:10	Update.js 365d4f4e6ffed01288e0fae6e352e8a5 VBScript wscript.exe payload download Tofsee crashed Dropper	1 Keyword trend analysis	2	2		10.0			guest

10177	2024-07-02 15:45	Content_497179.exe 52070a9adf4787ece9b80af208603030 Generic Malware NSIS Malicious Library UPX PE File PE32 OS Processor Check DLL BMP Format Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files RWX flags setting unpack itself AppData folder sandbox evasion anti-virtualization Tofsee	1 Keyword trend analysis	2	1		6.6			ZeroCERT

10178	2024-07-02 15:58	Content_497179.exe 52070a9adf4787ece9b80af208603030 Gen1 Generic Malware NSIS Malicious Library UPX Admin Tool (Sysinternals etc ...) Malicious Packer Anti_VM PE File PE32 OS Processor Check DLL icon BMP Format DllRegisterServer dll Lnk Format GIF Format ftp Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself AppData folder AntiVM_Disk sandbox evasion anti-virtualization VM Disk Size Check installed browsers check Tofsee Browser ComputerName	1 Keyword trend analysis	2	1		9.2			ZeroCERT

10179	2024-07-03 08:05	wp.exe 140e8ca7a6a6df97fe913af1adad9cbe AgentTesla Malicious Library PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer Email Client Info Stealer Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows Gmail Browser Email ComputerName Cryptographic key crashed keylogger		2	2		12.4	M		ZeroCERT

10180	2024-07-03 08:07	pilnmAc2.6.exe 9929a1a4d2ec5d72c028435c6b71054f Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File PE32 Device_File_Check OS Processor Check Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	1 Keyword trend analysis	2	3		7.4	M		ZeroCERT

10181	2024-07-03 08:09	don701.exe 6a1ff8c93c4d4ba50c8145a354b5c586 AgentTesla Malicious Library PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows Gmail Browser Email ComputerName Cryptographic key crashed keylogger		2	2		13.6	M	56	ZeroCERT

10182	2024-07-03 08:13	Build.exe 2f6f4f9674c6721b5ea8319ed90a8f20 Emotet Gen1 Generic Malware PhysicalDrive NSIS NMap Malicious Library Downloader UPX Malicious Packer Admin Tool (Sysinternals etc ...) Antivirus .NET framework(MSIL) ASPack Anti_VM Javascript_Blob PE File PE32 MZP Format OS Processor Check DllRegisterSer Browser Info Stealer VirusTotal Malware AutoRuns Check memory Creates executable files unpack itself suspicious process AppData folder installed browsers check Tofsee Windows Browser Advertising Google ComputerName Trojan DNS DDNS crashed keylogger	7 Keyword trend analysis Info http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1 https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1 https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1 http://xred.site50.net/syn/SSLLibrary.dll	10 Info drive.usercontent.google.com(142.250.207.97) - mailcious docs.google.com(172.217.25.174) - mailcious xred.mooo.com() - mailcious freedns.afraid.org(69.42.215.252) www.dropbox.com(162.125.84.18) - mailcious 142.251.220.78 45.141.26.232 - mailcious 142.251.220.1 69.42.215.252 162.125.84.18 - mailcious	2		12.2	M	69	ZeroCERT

10183	2024-07-03 08:17	F.exe e501c275814bfcb58fe845c38227d5c5 Emotet Gen1 Generic Malware PhysicalDrive NSIS NMap Malicious Library Antivirus UPX Malicious Packer Admin Tool (Sysinternals etc ...) Downloader .NET framework(MSIL) ASPack Anti_VM Javascript_Blob PE File PE32 MZP Format OS Processor Check DllRegisterSer Browser Info Stealer VirusTotal Malware AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Tofsee Windows Browser Advertising Google ComputerName DNS Cryptographic key DDNS crashed keylogger	7 Keyword trend analysis Info http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1 https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1 https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1 http://xred.site50.net/syn/SSLLibrary.dll	11 Info drive.usercontent.google.com(142.250.206.193) - mailcious docs.google.com(172.217.25.174) - mailcious xred.mooo.com() - mailcious freedns.afraid.org(69.42.215.252) www.dropbox.com(162.125.84.18) - mailcious 142.251.220.78 69.42.215.252 142.250.66.142 142.251.220.1 142.251.220.33 162.125.84.18 - mailcious	2		10.8	M	68	ZeroCERT

10184	2024-07-03 09:29	outbyte-driver-updater.exe 19e7819eb886414b6bcab23db00541ec Gen1 Generic Malware PhysicalDrive Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM PE File PE32 MZP Format OS Processor Check DLL DllRegisterServer dll ftp PE64 VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger Creates executable files RWX flags setting unpack itself Checks Bios AppData folder AntiVM_Disk anti-virtualization VM Disk Size Check Tofsee	1 Keyword trend analysis	4	1		6.8		4	ZeroCERT

10185	2024-07-03 09:37	Fortect.exe 745dfc19a7a8ce32812211f17b792fa6 Gen1 RedLine stealer Emotet NSIS Generic Malware Suspicious_Script_Bin Downloader Malicious Library UPX Admin Tool (Sysinternals etc ...) Malicious Packer Antivirus Anti_VM Javascript_Blob PE File PE32 OS Processor Check DLL PNG Format JPEG Format Lnk For VirusTotal Malware AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut RWX flags setting unpack itself Auto service AppData folder AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Tofsee Ransomware Windows ComputerName DNS Software	11 Keyword trend analysis Info https://app.fortect.com/events/events.php?sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502&id=PKAOK¶m=ServiceRunning<> https://app.fortect.com/events/version.php?data=json&sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502&installed= https://app.fortect.com/events/events.php?sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502&id=INSVR¶m=6.5.0.2<> https://app.fortect.com/ev-install-start/ev-install-start.php?sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502 https://app.fortect.com/events/events.php?sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502&id=INSST¶m=Downloader%20Started<> https://app.fortect.com/ev-install-end/ev-install-end.php?sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502 https://cloud.fortect.com/app/installation/engine/6502/FortectSetup64.7z https://app.fortect.com/events/events.php?sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502&id=LANG¶m=1042<>ko<> https://app.fortect.com/events/evt_scan.php?sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502&id=AUINS¶m=service%20installed<>0<>6.5.0.2<> https://app.fortect.com/events/events.php?sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502&id=INSRN¶m=6.5.0.2<*> https://cloud.fortect.com/app/installation/service/6502/FortectProtection64.7z	6	3		8.6		1	ZeroCERT