Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
1696	2024-08-02 09:31	PDFGOOOOO.HTA 99bbfc2fe6e9742b44c42abf3b9ea18e Suspicious_Script_Bin AntiDebug AntiVM MSOffice File VirusTotal Malware VBScript Code Injection Check memory Checks debugger buffers extracted wscript.exe payload download Creates executable files RWX flags setting exploit crash unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows Exploit Advertising Google ComputerName DNS crashed Dropper	10 Keyword trend analysis Info https://support.google.com/drive/answer/6283888 https://www.googletagmanager.com/gtag/js?id=G-H30R9PNQFN https://support.google.com/favicon.ico https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94YtzCwA.woff https://docs.google.com/document/d/1F5RULhkoBF-7vdHlyYfHj3e_zEDMCP6lEzhIzBxJ77M/edit https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff https://www.google-analytics.com/analytics.js https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc-.woff	11 Info www.googletagmanager.com(142.250.207.104) support.google.com(142.250.206.206) - mailcious docs.google.com(172.217.25.174) - mailcious www.newupdatenew.com(93.127.201.247) - mailcious www.google-analytics.com(142.250.76.142) fonts.gstatic.com(142.250.207.99) 142.251.130.14 142.250.76.14 172.217.24.99 142.250.71.200 93.127.196.158	1	10.0	M	19	ZeroCERT

1697	2024-08-02 09:28	creatednewthingstobegreatwithe... ca2e6b4cf62ef944abfed82240d9f7fa MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS DDNS crashed keylogger	3 Keyword trend analysis	5	11 Info ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5.4	M	39	ZeroCERT

1698	2024-08-02 09:26	creamcreamcreamcreamcreamcream... 0ab62c1916d23d8cb531e308441dc2fc MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS DDNS crashed	1 Keyword trend analysis	2	2	5.0	M	37	ZeroCERT

1699	2024-08-02 07:50	wahost.exe c4e132981278de75588c85590d9bbad4 Generic Malware Malicious Library Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	4	6 Info ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check	16.0	M	52	ZeroCERT

1700	2024-08-02 07:49	MYNEWRDX.exe d0e607a1ad56961a092468aa9c89152b RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		2	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 13 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	9.8	M	57	ZeroCERT

1701	2024-08-02 07:47	jsawdtyjde.exe 4c3049f8e220c2264692cb192b741a30 SystemBC Generic Malware Downloader Malicious Library UPX Malicious Packer Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiV VirusTotal Malware AutoRuns PDB Code Injection Creates executable files unpack itself AppData folder Windows Remote Code Execution				5.8	M	51	ZeroCERT

1702	2024-08-02 07:47	4434.exe 607c413d4698582cc147d0f0d8ce5ef1 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed				2.4	M	56	ZeroCERT

1703	2024-08-02 07:43	pon.exe 3fbad097793fab9c62bbebb2a2d5e530 UPX Antivirus PE File PE64 OS Processor Check VirusTotal Malware PDB suspicious privilege Check memory WMI Windows utilities suspicious process Ransomware Windows ComputerName				5.2		13	ZeroCERT

1704	2024-08-02 07:43	crypted968071618UNGKC.exe 688ce25c0d970bd0cc5a02bbb16a4301 Formbook Generic Malware Malicious Library Malicious Packer UPX PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder crashed				3.0		48	ZeroCERT

1705	2024-08-02 07:39	Installer.exe b4ac185a10fae02495def73d10960453 Gen1 Generic Malware Malicious Library Malicious Packer UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName				2.4		25	ZeroCERT

1706	2024-08-01 15:16	lasjdflakdsjf.pdf.exe 9de2806368f77203832f5b4b421af88f Malicious Library Malicious Packer UPX PE File PE64 VirusTotal Malware DNS		1		2.0		14	ZeroCERT

1707	2024-08-01 15:13	Microsoft_AntiSpam_Extension_S... 6a364ef9c583ccfd5ea50113d7f0140e ZIP Format VirusTotal Malware				0.6		11	ZeroCERT

1708	2024-08-01 15:06	hacrvidth vibev.exe 7a18b1bf9b07726327ba50e549764731 CrimsonRAT Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself				2.8		50	r0d

1709	2024-08-01 14:58	vhcrvdh iobv.exe da2331ac3e073164d54bcc5323cf0250 CrimsonRAT Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself				2.2		48	r0d

1710	2024-08-01 14:56	faultrep2.dll 3d2fb2e111412d2d844d223b79fb5c99 UPX Anti_VM PE File DLL PE64 VirusTotal Malware Checks debugger unpack itself				1.8		52	ZeroCERT