Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1861	2024-07-29 13:29	ef.exe 94b423329b05b002507c36396870bb25 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware DNS		2			2.2	M	64	ZeroCERT

1862	2024-07-29 13:23	cp.exe aed4c0c1a8eddddad6e556442795f474 Malicious Library Antivirus UPX PE File .NET EXE PE32 OS Processor Check Lnk Format GIF Format VirusTotal Malware Telegram AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself Check virtual network interfaces AppData folder AntiVM_Disk VM Disk Size Check Tofsee Windows ComputerName DNS keylogger		2	4		6.6		51	ZeroCERT

1863	2024-07-29 13:22	winiti.exe e8b4997fd647c6236e8d6a5460724cee Formbook North Korea Generic Malware Malicious Library .NET framework(MSIL) Antivirus UPX PWS AntiDebug AntiVM PE File .NET EXE PE32 DLL Browser Info Stealer VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder suspicious TLD WriteConsoleW Windows Browser ComputerName DNS Cryptographic key	13 Keyword trend analysis Info http://www.sqlite.org/2017/sqlite-dll-win32-x86-3160000.zip http://www.noghteyab.com/f97t/?UX8=hkoMjg324npAs1ZBeZ8TzD/yod4wthTGeTvgOqr4Vk4zrcx6pPdRyFEwEDn18B/c37XIJfunev42iw6n9kOhHfgC7TNK8DtkFlqbOeckPp33fVEaTkv/0VMweSZvG65qVo/UWng=&_e=jxcPGi4BG http://www.zocalo-fuk.com/iczo/ http://www.zocalo-fuk.com/iczo/?UX8=JY7jtaSJ5x5vzidnjWySlw1C0GfgB4v3ywH460gVL7Ewt7sZ57bbwI6mxyJFGNyl5vwWXeVDvThdvQiyRvynE/Zjj7HkpiyOTqmD4v0kKDcwzqr276eGi6TkYHYmx5vmFqXXwms=&_e=jxcPGi4BG http://www.loangoatworld.com/8y3s/?UX8=m+e1HwtEOOeM4G5NTLK68Gp6Kwp+MY7uBR7SzEsfX5sQt5Y/60pxYxuDgYg2mwpPnMRTzCuNJ1kKNM0TTa/Wnuj7pyZLvslRvIdrySy2NFkwbRUK0Niqet6rEb5EadRpffeEIOc=&_e=jxcPGi4BG http://www.miquwawa.com/tqql/ - rule_id: 41186 http://www.loangoatworld.com/8y3s/ http://www.exporationgenius.sbs/x06k/?UX8=T/qtMR3LKa4LTbjxJENTE1gbHfbcMoDNkQwOkzuXYGM8AEnHwE1BoCD8ihzw/kVeeFO4GyYqoWqmFjylDbVKWJ6wgOd2jmN6i9pg74XS81AjK7oOmIcxjkpvsNU18Pzzy/zqp1g=&_e=jxcPGi4BG - rule_id: 41185 http://www.exporationgenius.sbs/x06k/ - rule_id: 41185 http://www.tcfreal.top/sg27/ http://www.tcfreal.top/sg27/?UX8=cpYt0YSQq6qumPKkPw6QLfXM1KObFctjUwEln5zritMpGV/+kM1tCQF1oqocoz5p4KbVgOmLQvtuRCfM7FFF+QE7cX+gmvJNP2ErFAfMZUG54lXQ6wu+5V3NDlvvWDRsBB/6vdY=&_e=jxcPGi4BG http://www.miquwawa.com/tqql/?UX8=u0XZF227Y/r9f3hnjIOG+jjSMjDg7zLaE5MpTM9c21roNqnsj5Giqo9JdiKVg3NN2RVqT0KrdJuiKB8prP8iYWfx9j8cghYBBFjwmC7Tnk8aYBcBXjkKDK2u4+7cSJR9pJqJ93M=&_e=jxcPGi4BG - rule_id: 41186 http://www.noghteyab.com/f97t/	13 Info www.noghteyab.com(46.105.190.248) www.miquwawa.com(95.169.27.235) - mailcious www.loangoatworld.com(3.33.130.190) www.exporationgenius.sbs(104.21.57.28) - mailcious www.zocalo-fuk.com(157.7.107.37) www.tcfreal.top(203.161.50.128) 104.21.57.28 - mailcious 95.169.27.235 - mailcious 3.33.130.190 - phishing 203.161.50.128 157.7.107.37 45.33.6.223 51.89.93.193	2	4	13.4	M	55	ZeroCERT

1864	2024-07-28 14:48	Bin_HookShark64_2011-12-31_19.... 4f19a7e5f8225992821041d0109ffc8c AntiDebug AntiVM VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.8		1	guest

1865	2024-07-28 14:18	Bin_HookShark64_2011-12-31_19.... 4f19a7e5f8225992821041d0109ffc8c AntiDebug AntiVM VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					4.2		1	guest

1866	2024-07-28 10:53	random.exe 8c0430ee2841a6554d709869a81a375b RedLine stealer RedlineStealer SystemBC Gen1 Themida Packer Generic Malware Downloader UPX Malicious Library .NET framework(MSIL) Malicious Packer Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audi Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Malware Microsoft AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare AppData folder VMware anti-virtualization installed browsers check Tofsee Ransomware Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	8 Keyword trend analysis Info http://185.215.113.16/Jo89Ku7d/index.php http://185.215.113.16/inc/build.exe http://185.215.113.16/inc/crypted.exe http://185.215.113.16/inc/5447jsX.exe http://185.215.113.16/inc/crypteda.exe http://185.215.113.16/inc/25072023.exe http://185.215.113.16/inc/pered.exe http://185.215.113.16/inc/2020.exe	9	16 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET HUNTING Download Request Containing Suspicious Filename - Crypted ET MALWARE Amadey Bot Activity (POST) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		17.8	M	47	ZeroCERT

1867	2024-07-28 10:42	winiti.exe 1f5c95d40c06c01300f0a6592945a72d Generic Malware Malicious Library UPX PWS AntiDebug AntiVM PE File .NET EXE PE32 DLL Browser Info Stealer VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder Browser DNS	12 Keyword trend analysis Info http://www.accelbusiness.net/sg0d/?LDcoL=ZFII8SVAvGzgMmVXToVI4LwsaVgSRAPMY6hEAWMgzd/rbIPLPNZ+lpDrj56GxiOWRiizuXBqoJ7dds0AusnvIdaVAlrc/osgyVUIbfwB8yhx2m5WAGulmI8my104pwb/sqeANsY=&tzW0=VCPfEuN http://www.hourglasspoise.net/5gvb/?LDcoL=/cc9D7vqfViixqGthiuMbdR5vErImywOC8ezpB4FmcTpRtjTbyPN8oLjmjUaYTUAZZsBqqPA4LzpXUrs3zKz1+bcJTGwBkjtMfI/kGKzlFznEvk/PsID24fmvZA2hoz8baldBw0=&tzW0=VCPfEuN http://www.lontos.top/ukrf/ http://www.sqlite.org/2016/sqlite-dll-win32-x86-3100000.zip http://www.bosonserver.net/x10g/?LDcoL=AtIpZIbrclbIO3wVV4nf5MkbKr3zgThFYZcx/yn27KMXet/sCHbTSg7iXdN1LprNnU90TGJjlk60YPXU/gV8xNKsA5d5wJ0kF02lQrh6bPl2Ka0ee+60c3gL6UuubkfRvx1R8AU=&tzW0=VCPfEuN http://www.asymtos.tech/34b9/ http://www.lontos.top/ukrf/?LDcoL=F/tpX3aJNzQcZIorwbtn4XzXZf0a/CrYoWsqF027uxYn9zYWtTXD5RI4AWcWVnLyOuVjbatHjcymGXUCp/2iE/8I1+t1d0MzMQiJ/YLZDKzAaLFDJakAPmxPg9uDu26TEYHLTo4=&tzW0=VCPfEuN http://www.bosonserver.net/x10g/ http://www.accelbusiness.net/sg0d/ http://www.asymtos.tech/34b9/?LDcoL=W6RiSnxSk7sWUyAWvsuBUQf3TLDMvpVwUriP78iMWJLg9pjq2qbXoN6eJJBee+3TNvEAo0P2a/B9rNSGOSr+g5jIYLHfTFZsXGTqlaF0jUedL/CiwqWjEQX6GQUFudPhspdJ5Ls=&tzW0=VCPfEuN http://www.theiconsummit.life/6fdz/ http://www.hourglasspoise.net/5gvb/	12 Info www.hourglasspoise.net(3.33.130.190) www.theiconsummit.life(3.33.130.190) www.lontos.top(203.161.42.162) www.accelbusiness.net(3.33.130.190) www.asymtos.tech(217.160.164.240) www.bosonserver.net(195.200.3.58) 195.200.3.58 3.33.130.190 - phishing 217.160.164.240 15.197.148.33 - mailcious 203.161.42.162 45.33.6.223	4		10.0	M	53	ZeroCERT

1868	2024-07-28 10:40	random.exe 7e43d787c0813212855c05d5cc4b1752 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself					2.0	M	38	ZeroCERT

1869	2024-07-28 10:40	recreatednewthingswithentriene... 0a9c028203a8416be8db7371550d0fb5 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself suspicious TLD Windows Exploit DNS crashed	14 Keyword trend analysis Info http://104.219.239.104/80/winiti.exe http://www.sqlite.org/2016/sqlite-dll-win32-x86-3110000.zip http://www.hourglasspoise.net/5gvb/ http://www.asymtos.tech/34b9/?_aRhhan=W6RiSnxSk7sWUyAWvsuBUQf3TLDMvpVwUriP78iMWJLg9pjq2qbXoN6eJJBee+3TNvEAo0P2a/B9rNSGOSr+g5jIYLHfTFZsXGTqlaF0jUedL/CiwqWjEQX6GQUFudPhspdJ5Ls=&my_=BkIk6xdg http://www.accelbusiness.net/sg0d/?_aRhhan=ZFII8SVAvGzgMmVXToVI4LwsaVgSRAPMY6hEAWMgzd/rbIPLPNZ+lpDrj56GxiOWRiizuXBqoJ7dds0AusnvIdaVAlrc/osgyVUIbfwB8yhx2m5WAGulmI8my104pwb/sqeANsY=&my_=BkIk6xdg http://www.lontos.top/ukrf/?_aRhhan=F/tpX3aJNzQcZIorwbtn4XzXZf0a/CrYoWsqF027uxYn9zYWtTXD5RI4AWcWVnLyOuVjbatHjcymGXUCp/2iE/8I1+t1d0MzMQiJ/YLZDKzAaLFDJakAPmxPg9uDu26TEYHLTo4=&my_=BkIk6xdg http://www.asymtos.tech/34b9/ http://www.bosonserver.net/x10g/?_aRhhan=AtIpZIbrclbIO3wVV4nf5MkbKr3zgThFYZcx/yn27KMXet/sCHbTSg7iXdN1LprNnU90TGJjlk60YPXU/gV8xNKsA5d5wJ0kF02lQrh6bPl2Ka0ee+60c3gL6UuubkfRvx1R8AU=&my_=BkIk6xdg http://www.theiconsummit.life/6fdz/?_aRhhan=Oie1FXKEyOqxuNWWyjoIb9DaNOxncG0Z1Eay2KtVdEC34I4dz//PFxK656i6sULSR99flzaSlbWC6MMpR37rak2rbcKEmCHEFn0mJCNpP5WZ+he/mmH/AJ6z3o1TiNYnnRR6Wlk=&my_=BkIk6xdg http://www.bosonserver.net/x10g/ http://www.hourglasspoise.net/5gvb/?_aRhhan=/cc9D7vqfViixqGthiuMbdR5vErImywOC8ezpB4FmcTpRtjTbyPN8oLjmjUaYTUAZZsBqqPA4LzpXUrs3zKz1+bcJTGwBkjtMfI/kGKzlFznEvk/PsID24fmvZA2hoz8baldBw0=&my_=BkIk6xdg http://www.accelbusiness.net/sg0d/ http://www.lontos.top/ukrf/ http://www.theiconsummit.life/6fdz/	13 Info www.hourglasspoise.net(15.197.148.33) www.theiconsummit.life(15.197.148.33) www.lontos.top(203.161.42.162) www.accelbusiness.net(3.33.130.190) www.asymtos.tech(217.160.164.240) www.bosonserver.net(195.200.3.58) 15.197.148.33 - mailcious 3.33.130.190 - phishing 104.219.239.104 - mailcious 217.160.164.240 195.200.3.58 203.161.42.162 45.33.6.223	9 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO HTTP Request to a .top domain ET INFO Observed DNS Query to .life TLD ET INFO HTTP Request to Suspicious .life Domain ET DNS Query to a *.top domain - Likely Hostile		5.4	M	39	ZeroCERT

1870	2024-07-28 10:36	Display1.exe 88696cf17417a2339b63f9452404c839 Generic Malware task schedule Malicious Library WinRAR UPX AntiDebug AntiVM PE File PE32 OS Processor Check .NET EXE VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder WriteConsoleW ComputerName Remote Code Execution crashed					8.6	M	28	ZeroCERT

1871	2024-07-28 10:36	build_2024-07-25_20-56.exe bea49eab907af8ad2cbea9bfb807aae2 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					1.8	M	53	ZeroCERT

1872	2024-07-28 10:34	dccrypt.exe 55398a65a9d1abb512e943a0d8901cb0 Generic Malware Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check .NET EXE VirusTotal Malware PDB Code Injection Check memory Checks debugger Creates executable files unpack itself WriteConsoleW Remote Code Execution crashed					6.4	M	57	ZeroCERT

1873	2024-07-28 10:34	DecryptJohn.exe c1853d1c36dc461668c9af843d07cc58 Generic Malware Malicious Library Malicious Packer UPX PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder crashed					3.4	M	50	ZeroCERT

1874	2024-07-27 20:30	YesTraderRun.exe 0c95469e9ee3bc62c0678d7ae0bed71c Themida Packer Generic Malware Anti_VM PE File PE32 VirusTotal Malware					1.4		2	guest

1875	2024-07-27 15:07	LMTS.txt.exe 3ad8cb387874a15488508bf269fd2520 Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX Antivirus ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Malware download Remcos VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check installed browsers check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS keylogger	1 Keyword trend analysis	8	7 Info ET INFO DYNAMIC_DNS Query to a .duckdns .org Domain ET INFO DYNAMIC_DNS Query to .duckdns. Domain SURICATA TLS invalid record type SURICATA TLS invalid record/traffic SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Remcos 3.x Unencrypted Checkin ET MALWARE Remcos 3.x Unencrypted Server Response		18.4		59	ZeroCERT