Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
17311	2023-06-08 09:07	foto124.exe 36be93fe994c73fdac44e390bacda2dd RedLine stealer[m] Gen1 Emotet UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) PWS[m] AntiDebug AntiVM CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName RCE DNS Cryptographic key Software crashed	5 Keyword trend analysis	2	11 Info ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Dotted Quad Host DLL Request		22.4	M	43	ZeroCERT

17312	2023-06-08 09:06	game.exe 9f13df58e0e7d6e235101c2a71f8bd3b UPX Malicious Library PWS[m] AntiDebug AntiVM OS Processor Check PE File PE32 Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Disables Windows Security Windows Update					8.4	M		ZeroCERT

17313	2023-06-07 18:30	SO9006759004_NEW_ORDER_P202.EX... 40b8a12714be22a559b3878196e04282 NSIS Suspicious_Script_Bin UPX Malicious Library PE File PE32 PNG Format DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Windows crashed					4.0		42	ZeroCERT

17314	2023-06-07 18:25	SO785000670065_GK3G46943006_PO... 97276eade4a474b02892b080fa0cae20 NSIS Suspicious_Script_Bin UPX Malicious Library PE File PE32 OS Processor Check DLL PE64 PNG Format VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Windows crashed					3.8		32	ZeroCERT

17315	2023-06-07 17:59	file.xls b4b1d0f39ef9ad937d94513e95d324d0 VBA_macro Antivirus MSOffice File VirusTotal Malware exploit crash unpack itself Exploit crashed					1.8		29	ZeroCERT

17316	2023-06-07 17:34	cleanmgr.exe 33108fe9d2b46a295190763ebb4083f7 AgentTesla PWS .NET framework browser info stealer Google Chrome User Data Downloader UPX Admin Tool (Sysinternals etc ...) ScreenShot Create Service Socket DNS PWS[m] Sniff Audio Internet API Escalate priviledges KeyLogger AntiDebug AntiVM .NET EXE PE Fi Browser Info Stealer Remcos VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key DDNS crashed keylogger	1 Keyword trend analysis	4	3		15.6	M	29	ZeroCERT

17317	2023-06-07 17:32	2d7f71dfd2399ffc78575f12b3d751... af1a989a2a9bd61b087cace076971f6a UPX Malicious Library Malicious Packer PE File PE32 BMP Format VirusTotal Malware Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check					2.6	M	19	ZeroCERT

17318	2023-06-07 17:31	iiihiiiihiiiihiiiihiiihiiih%23... a82d5070b20af38ed372d74774a661b8 MS_RTF_Obfuscation_Objects RTF File doc Malware download Remcos VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS DDNS crashed	2 Keyword trend analysis	5	8 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET JA3 Hash - Remcos 3.x TLS Connection ET INFO DYNAMIC_DNS Query to a .duckdns .org Domain ET INFO DYNAMIC_DNS Query to .duckdns. Domain ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.4	M	30	ZeroCERT

17319	2023-06-07 17:30	pmCxohhd.exe 2cf24e55ad1aad958e73c67878952c68 PWS .NET framework RAT UPX OS Processor Check PE64 .NET EXE PE File VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	51	ZeroCERT

17320	2023-06-07 17:29	llilliliiilllilililililillili%... d34424d4ff9030116dedad2314fabbcf MS_RTF_Obfuscation_Objects RTF File doc Malware download Remcos VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS DDNS crashed	2 Keyword trend analysis	5	8 Info ET JA3 Hash - Remcos 3.x TLS Connection ET INFO DYNAMIC_DNS Query to a .duckdns .org Domain ET INFO DYNAMIC_DNS Query to .duckdns. Domain ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.4	M	30	ZeroCERT

17321	2023-06-07 17:29	ghjkl.exe 6304e54325ff26109e8dcea07bfd74ad PWS .NET framework RAT Generic Malware UPX Antivirus PWS[m] ScreenShot Anti_VM AntiDebug AntiVM OS Processor Check .NET EXE PE File PE32 VirusTotal Malware powershell Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself powershell.exe wrote suspicious process AppData folder Windows ComputerName Cryptographic key crashed					13.6	M	57	ZeroCERT

17322	2023-06-07 17:28	nevv.exe 58a91896eaf6efe03ffe6ebb7b731792 AgentTesla RAT browser info stealer Google Chrome User Data Downloader Confuser .NET Create Service Socket DNS PWS[m] Sniff Audio Internet API Escalate priviledges KeyLogger AntiDebug AntiVM PE64 PE File VirusTotal Malware PDB MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself DNS		1			7.6	M	46	ZeroCERT

17323	2023-06-07 16:04	File_pass1234.7z dc266faa26395c58a3e0a99c4691be37 PWS[m] Escalate priviledges KeyLogger AntiDebug AntiVM RedLine Malware download Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check PrivateLoader Tofsee Stealer Windows DNS	12 Keyword trend analysis Info http://94.142.138.131/api/firegate.php - rule_id: 32650 http://hugersi.com/dl/6523.exe - rule_id: 32660 http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://94.142.138.131/api/tracemap.php - rule_id: 28311 http://www.maxmind.com/geoip/v2.1/city/me http://ji.jahhaega2qq.com/m/p0aw25.exe - rule_id: 33779 http://194.169.175.124:3002/ - rule_id: 34039 http://83.97.73.128/gallery/photo430.exe - rule_id: 34041 https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://db-ip.com/ https://sun6-23.userapi.com/c235031/u228185173/docs/d2/fa132fba0b7e/buddha.bmp?extra=gRm798kslBaPtRgOAU2D2epFH3ralLJDqzZ37rqKiRAkxV_ocXkFtXAJpSKj_NRdFtLsl280XXYcBIyXTXGXiParMUQ3ahHzvY62RCjMY4tY-vBPNwy1yTJAtku6p8bfbadzHUvteIWkxx7Zdw https://sun6-21.userapi.com/c240331/u800513317/docs/d20/47ed28b3afbb/PMp123a.bmp?extra=1mMgqmSMjVjqw0R3iI2gcBuuz3j4HzJcVCwS6ZNN2RNLYRVBKnzkbEX3B3wTBN6X_tUum6G61hOC4Wim4Ef_V6rIdysx5OFZk3o_ZAxk7zo8YiNEObqKxi_YMgNjUlPEjLR_BE0SWFw1H7t4Xw	31 Info db-ip.com(172.67.75.166) iplis.ru(148.251.234.93) - mailcious hugersi.com(91.215.85.147) - malware ji.jahhaega2qq.com(172.67.182.87) - malware iplogger.org(148.251.234.83) - mailcious sun6-23.userapi.com(95.142.206.3) sun6-21.userapi.com(95.142.206.1) - mailcious ipinfo.io(34.117.59.81) www.maxmind.com(104.17.214.67) api.db-ip.com(104.26.5.15) vk.com(93.186.225.194) - mailcious 172.67.182.87 - malware 148.251.234.83 148.251.234.93 - mailcious 172.67.75.166 104.26.4.15 147.135.231.58 - mailcious 163.123.143.4 - mailcious 95.142.206.1 - mailcious 95.142.206.3 45.15.156.229 - mailcious 194.169.175.124 - mailcious 83.97.73.128 - malware 91.215.85.147 - malware 45.12.253.74 - malware 94.142.138.131 - mailcious 157.254.164.98 - mailcious 34.117.59.81 104.26.5.15 104.17.214.67 87.240.132.72	15 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) SURICATA Applayer Mismatch protocol both directions ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Download from dotted-quad Host ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Packed Executable Download ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO EXE - Served Attached HTTP ET INFO TLS Handshake Failure ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET POLICY IP Check Domain (iplogger .org in TLS SNI)	7	5.8	M		ZeroCERT

17324	2023-06-07 13:42	index.html e66507bcd2afe260f82a61cb981ec964 AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed		2	2		3.8			guest

17325	2023-06-07 13:40	System.ERROR.Log.915f56c710ede... 821fa2667e4aec575987afcef2276fe5 CAB MSOffice File DLL PE64 PE File Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces AntiVM_Disk VM Disk Size Check ComputerName DNS	1 Keyword trend analysis	4			5.2			ZeroCERT