Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1951	2024-07-25 09:02	54gtxx.exe 1b1c6f48b7c91a48a0dcd736ed0c8d24 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.2	M	31	ZeroCERT

1952	2024-07-25 09:01	lobo.exe 848abdbd09c052799a0e0180b59f6fee Generic Malware Malicious Library UPX Malicious Packer ScreenShot Anti_VM AntiDebug AntiVM PE File PE32 OS Processor Check PE64 .NET EXE DLL Malware download Email Client Info Stealer Malware Buffer PE AutoRuns Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities Checks Bios suspicious process AppData folder suspicious TLD WriteConsoleW anti-virtualization Tofsee Windows Email ComputerName DNS Cryptographic key crashed	9 Keyword trend analysis Info http://185.216.214.218/Population.exe - rule_id: 41325 http://185.196.10.57/selectex-file-host/linkedin.exe http://185.196.10.57/selectex-file-host/Tgnviazinc.exe http://185.196.10.57/selectex-file-host/acev.exe https://solutionhub.cc/socket/?id=08CA843D0A15D2560E8FA7EE94E71AC9B38318DF02721EA26194DF153A2BEEA0&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=1CC68878051DC553418AD7&tsk=5C9F https://solutionhub.cc/socket/?id=08CA843D0A15D2560E8FA7EE94E71AC9B38318DF02721EA26194DF153A2BEEA0&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=1CC68878051DC553418AD7&tsk=5F91 https://solutionhub.cc/socket/?id=08CA843D0A15D2560E8FA7EE94E71AC9B38318DF02721EA26194DF153A2BEEA0&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=1CC68878051DC553418AD7 https://solutionhub.cc/socket/?id=08CA843D0A15D2560E8FA7EE94E71AC9B38318DF02721EA26194DF153A2BEEA0&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=1CC68878051DC553418AD7&tsk=5D https://solutionhub.cc/socket/?id=08CA843D0A15D2560E8FA7EE94E71AC9B38318DF02721EA26194DF153A2BEEA0&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=1CC68878051DC553418AD7&tsk=5F90	4	8 Info ET MALWARE ZharkBot CnC Domain in DNS Lookup (solutionhub .cc) ET DNS Query for .cc TLD ET MALWARE Observed ZharkBot Domain (solutionhub .cc in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE ZharkBot User-Agent Observed ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	1	16.2	M		ZeroCERT

1953	2024-07-25 09:00	judit1.exe c8cf26425a6ce325035e6da8dfb16c4e Gen1 Generic Malware Malicious Library UPX Malicious Packer Antivirus Anti_VM PE File PE64 DLL OS Processor Check ftp wget VirusTotal Malware Check memory Creates executable files unpack itself					3.0	M	37	ZeroCERT

1954	2024-07-25 08:58	verygoodthingstobegreatadvance... 0244568fb48a51a72c3581e220328e90 MS_RTF_Obfuscation_Objects RTF File doc Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed	1 Keyword trend analysis	1	1		3.6			ZeroCERT

1955	2024-07-25 08:57	judit1.exe c8cf26425a6ce325035e6da8dfb16c4e Gen1 Generic Malware Malicious Library UPX Malicious Packer Antivirus Anti_VM PE File PE64 DLL OS Processor Check ftp wget VirusTotal Malware Check memory Creates executable files unpack itself					3.0	M	37	ZeroCERT

1956	2024-07-25 08:55	OneDrive.exe f468ae483026819d6977e2a5e34ea52a Gen1 Generic Malware Malicious Library UPX Malicious Packer Anti_VM PE File PE64 OS Processor Check DLL ZIP Format VirusTotal Malware Check memory Creates executable files					1.8	M	49	ZeroCERT

1957	2024-07-25 08:54	Authenticator.exe 24c76871e844d80ed4b9622853ba3492 Malicious Library UPX PE File PE64 MZP Format OS Processor Check VirusTotal Malware unpack itself					1.8	M	26	ZeroCERT

1958	2024-07-25 08:51	csrss.exe f6bf8ada032d17192526ffebb48aed79 Client SW User Data Stealer Backdoor RemcosRAT browser info stealer Google Chrome User Data Downloader Malicious Library Malicious Packer Antivirus UPX Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Internet API KeyLogger AntiDe Remcos VirusTotal Malware Code Injection Check memory buffers extracted Remote Code Execution		3	1		7.2		50	ZeroCERT

1959	2024-07-25 08:51	winiti.exe a7d6f198863dada7ed361290544efc77 Malicious Library UPX PE File PE32 MZP Format VirusTotal Malware Checks debugger unpack itself Tofsee Interception crashed		2	1		3.4		45	ZeroCERT

1960	2024-07-24 21:45	test.exe 0784da3d1a6ab997b2842fbf73b29688 Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware Check memory					1.2		2	guest

1961	2024-07-24 15:43	megreatwithyourlovertothinkabo... 29b3fc11ab9d647ec19d3e02364355b2 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed	1 Keyword trend analysis	1	1		4.8	M	40	ZeroCERT

1962	2024-07-24 15:41	wethkingwearereallyamazingtoge... 54092cf8f48bd4f9f31bdb16b2f6ee65 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed	1 Keyword trend analysis	1	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		4.8	M	40	ZeroCERT

1963	2024-07-24 15:39	hersomethingnewhaveforwintoget... a819430cdd5da2c289f594ceac0f0035 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed	1 Keyword trend analysis	1			4.6	M	36	ZeroCERT

1964	2024-07-24 15:38	Purchase _Order_0000089.exe 9ce741958a80db120217ebad36bd9652 Malicious Library PE File PE64 VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself Windows Cryptographic key crashed					2.8		38	ZeroCERT

1965	2024-07-24 15:30	scan0001.doc e96e2ed88e2f2fb80d02e7cd99a1420d Doc XML Downloader Generic Malware Malicious Library UPX Word 2007 file format(docx) ZIP Format PE File DLL PE32 .NET DLL OS Processor Check RTF File doc VirusTotal Malware Microsoft buffers extracted Creates executable files unpack itself AppData folder Tofsee DNS	9 Keyword trend analysis Info http://office-updatecentral.com/armorer/opposing/stratifies/ http://office-updatecentral.com/armorer/opposing http://office-updatecentral.com/armorer/opposing/stratifies/beachheads/canto http://office-updatecentral.com/armorer/opposing/ http://office-updatecentral.com/armorer/opposing/stratifies/beachheads/ http://office-updatecentral.com/armorer/opposing/stratifies/beachheads/exacerbating http://office-updatecentral.com/armorer/opposing/stratifies/beachheads http://office-updatecentral.com/armorer/opposing/stratifies/beachheads/knolls http://office-updatecentral.com/armorer/opposing/stratifies	2	5		3.8		7	ZeroCERT