Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
16951	2023-05-24 11:07	unthriftily.js 3127d0f1530abf9479f6bbdb7bc3d87a Generic Malware Antivirus Hide_URL AntiDebug AntiVM PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key	1 Keyword trend analysis				5.6			ZeroCERT

16952	2023-05-24 11:07	untasty.js 59d8aec55f776196e51ab3945dbdba82 Generic Malware Antivirus Hide_URL AntiDebug AntiVM PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key	3 Keyword trend analysis				5.6			ZeroCERT

16953	2023-05-24 10:49	Buz2.exe e862112b0a3781dcf75eaf11b8b6ea7d PWS .NET framework RAT .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key					2.6	M	22	ZeroCERT

16954	2023-05-24 10:47	the_what.exe 914d34ecdfa0ef6430ca4809e7a8c10c PWS .NET framework RAT PhysicalDrive Generic Malware UPX Malicious Library Malicious Packer .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName DNS		1			3.4	M	42	ZeroCERT

16955	2023-05-24 10:46	photo660.exe 18091cc747be815a7b757e5c439df36e Gen1 Emotet PWS .NET framework RAT RedLine Stealer UPX Malicious Library Admin Tool (Sysinternals etc ...) Confuser .NET SMTP Code injection HTTP PWS[m] Http API Internet API AntiDebug AntiVM CAB PE File PE32 OS Processor Check DLL .NET EXE Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Malware AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName RCE DNS Cryptographic key Software crashed	5 Keyword trend analysis Info http://77.91.124.20/store/games/Plugins/clip64.dll - rule_id: 32546 http://77.91.124.20/store/games/Plugins/cred64.dll - rule_id: 31849 http://77.91.124.20/DSC01491/fotocr45.exe http://77.91.124.20/store/games/index.php - rule_id: 32547 http://77.91.124.20/store/games/index.php	2	6 Info ET MALWARE Amadey CnC Check-In ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request	3	21.8	M	40	ZeroCERT

16956	2023-05-24 10:32	230523 서울강서kih0507.apk de6e70f252dc3b4c305f218c1032e4dc ZIP Format								guest

16957	2023-05-24 10:32	publicsuffixes.gz 1846069883f33a8375ab714eb3927194								guest

16958	2023-05-24 09:17	IP_NETWORK.exe 2eb1882f1a3ffcaadee754631a63c148 Loki Loki_b Loki_m PWS .NET framework Socket DNS PWS[m] AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	1	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	1	13.0	M	27	ZeroCERT

16959	2023-05-24 09:15	SAW_BYDESCONNET.exe 09716fd4d7ab6e6577fc038e56bec7d2 UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) Antivirus OS Processor Check MZP Format PE File PE32 VirusTotal Malware unpack itself suspicious process RCE					2.8	M	33	ZeroCERT

16960	2023-05-24 09:14	3eef203fb515bda85f514e168abb59... 04baaac6f3c193fb50667bc8059af2b5 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself					2.2	M	52	ZeroCERT

16961	2023-05-24 09:14	a03.exe 02eceb12980e60c1496eb6b9a02d3483 Raccoon Stealer Gen1 Gen2 Malicious Library Malicious Packer VMProtect UPX AntiDebug AntiVM PE File PE32 OS Processor Check DLL PNG Format JPEG Format Browser Info Stealer Malware download VirusTotal Malware RecordBreaker Buffer PE AutoRuns MachineGuid Code Injection Malicious Traffic Check memory buffers extracted Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities Collect installed applications AppData folder WriteConsoleW installed browsers check Tofsee Stealer Windows Browser DNS	10 Keyword trend analysis Info http://45.144.28.189/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll http://45.144.28.189/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll http://45.144.28.189/302f831c3b8545fb0a5a60bd7a5eeedb http://45.144.28.189/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll http://45.144.28.189/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll http://45.144.28.189/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll http://45.144.28.189/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll http://45.144.28.189/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll http://45.144.28.189/ https://14mmf.za.com/analytics.php?pub=a03&guid=017bd04f-b3bf-45b6-8167-9e8f41ff87bf&sign=178004f0465ebfb5	5	8 Info ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Win32/RecordBreaker CnC Checkin M1 ET MALWARE Win32/RecordBreaker CnC Checkin - Server Response ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING Possible Generic Stealer Sending System Information ET HUNTING Possible Generic Stealer Sending a Screenshot		15.6	M	42	ZeroCERT

16962	2023-05-24 09:12	ray.exe d29f7f2967179adb21e755ef4e2fb713 PWS .NET framework Admin Tool (Sysinternals etc ...) KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1		12.4	M	44	ZeroCERT

16963	2023-05-24 08:29	https://horriblysparkling.com 9dc68036e68ff9d02505e6a47f185b87 Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM PNG Format JPEG Format MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	2		4.6			guest

16964	2023-05-23 17:33	wdagad.exe 79931719ae9c21e1d8c5f1a419e85f71 RAT Generic Malware Downloader UPX Malicious Library MPRESS Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenShot AntiDebug AntiVM OS Processor Check P VirusTotal Malware PDB Code Injection Creates executable files unpack itself AppData folder RCE crashed					5.2	M	29	ZeroCERT

16965	2023-05-23 17:31	vbc.exe 73a8a9702255cbfe07e92e81ccec6dca NSIS UPX Malicious Library Downloader PE File PE32 DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger	1 Keyword trend analysis	4	2		11.6	M	40	ZeroCERT