Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
2056	2024-07-21 09:52	12x2.exe c99b6aa63f8c450316e7c15cf1306ec3 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.2		59	ZeroCERT

2057	2024-07-21 09:49	669bd79ba7b76_crypted.exe#1 ea997020dfe8911e85a57e22185a827a Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself crashed					2.6		38	ZeroCERT

2058	2024-07-21 09:45	rt.exe 16c657e788d1b5f6ba16f1880ae3ffa2 Gen1 Generic Malware Malicious Library UPX PE File PE64 OS Processor Check DLL ZIP Format VirusTotal Malware Check memory Creates executable files crashed					1.8	M	38	ZeroCERT

2059	2024-07-21 09:43	si.exe c894a24b791013f77cd90631beb2c5ea Malicious Library Malicious Packer Antivirus .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself					2.4		64	ZeroCERT

2060	2024-07-21 09:36	billi_e58d74e455634dc695ed8a7b... e2fc88419295970ffa4e773dcf566f14 Malicious Packer UPX PE File PE32 VirusTotal Malware unpack itself DNS		1			3.6	M	56	ZeroCERT

2061	2024-07-21 09:36	billi_e58d74e455634dc695ed8a7b... 092c3991693cf8e0023895e4c1681fae PE File PE32 VirusTotal Malware unpack itself DNS		1			4.0	M	55	ZeroCERT

2062	2024-07-21 09:34	billi_e58d74e455634dc695ed8a7b... b9edf01e4f7bcefb95dfb9f653344569 Malicious Packer UPX PE File PE32 VirusTotal Malware unpack itself DNS		1			3.6	M	56	ZeroCERT

2063	2024-07-21 09:34	billi_e58d74e455634dc695ed8a7b... c781ee8c2429c44cda2d6d2ab3830991 Malicious Packer UPX PE File PE32 VirusTotal Malware unpack itself DNS		1			3.6	M	56	ZeroCERT

2064	2024-07-20 20:44	info.zip cbcb58ffe45c202c11bcf2070496aed6 ZIP Format VirusTotal Malware suspicious TLD DNS		2			2.2	M	56	ZeroCERT

2065	2024-07-20 20:34	AppGate018ver1.exe 8f8f6a36a8b827ceaae1228fd2669002 Vidar Client SW User Data Stealer LokiBot Gen1 Emotet ftp Client info stealer Generic Malware Themida Packer Malicious Library UPX ASPack .NET framework(MSIL) Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File PE64 OS Processor Che Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Cryptocurrency Miner Malware Telegram AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Detects VirtualBox Detects VMWare Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VMware Firewall state off anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Interception Windows Discord Browser RisePro ComputerName Firmware DNS Software crashed CoinMiner	10 Keyword trend analysis Info http://176.111.174.109/psyzh - rule_id: 40370 http://77.105.133.27/download/123p.exe - rule_id: 40857 http://91.103.252.177/api/twofish.php http://apps.identrust.com/roots/dstrootcax3.p7c http://94.232.45.38/eee01/eee01.exe - rule_id: 39938 http://91.103.252.177/api/crazyfish.php http://77.105.133.27/download/th/space.php - rule_id: 40856 https://steamcommunity.com/profiles/76561199743486170 - rule_id: 41270 https://db-ip.com/demo/home.php?s= https://iplogger.org/1nhuM4.js	28 Info db-ip.com(104.26.5.15) pool.hashvault.pro(131.153.76.130) - mailcious api64.ipify.org(104.237.62.213) api.myip.com(172.67.75.163) steamcommunity.com(23.66.133.162) - mailcious iplogger.org(104.21.4.208) - mailcious t.me(149.154.167.99) - mailcious ipinfo.io(34.117.59.81) cdn.discordapp.com(162.159.134.233) - malware lop.foxesjoy.com(172.67.159.232) - malware 149.154.167.99 - mailcious 176.111.174.109 - malware 96.7.99.225 172.67.75.163 104.26.4.15 162.159.130.233 - malware 94.232.45.38 - malware 104.21.66.124 - malware 104.237.62.213 79.137.192.13 - malware 91.103.252.177 89.111.172.64 - mailcious 77.105.133.27 - mailcious 78.46.255.249 - mailcious 34.117.59.81 121.254.136.9 172.67.132.113 131.153.76.130 - mailcious	26 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io) ET INFO TLS Handshake Failure ET DROP Spamhaus DROP Listed Traffic Inbound group 8 ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO Executable Download from dotted-quad Host ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET DROP Spamhaus DROP Listed Traffic Inbound group 30 ET INFO Observed Discord Domain (discordapp .com in TLS SNI) SURICATA Applayer Mismatch protocol both directions ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING Redirect to Discord Attachment Download ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET INFO Packed Executable Download ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE RisePro TCP Heartbeat Packet ET INFO Observed Telegram Domain (t .me in TLS SNI) ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET POLICY IP Check Domain (iplogger .org in TLS SNI)	5	28.4	M	15	ZeroCERT

2066	2024-07-20 20:32	92584v.exe 0d0b2d2e8e757e66ae44a0e3aeed2512 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.2	M	55	ZeroCERT

2067	2024-07-20 20:29	gold.exe 3828babaa69c01aa31609e67ac8c1f71 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.2	M	59	ZeroCERT

2068	2024-07-20 20:28	crowdstrike-hotfix.zip 1e84736efce206dc973acbc16540d3e5 ZIP Format Remcos VirusTotal Malware DNS		2	1		1.0		6	ZeroCERT

2069	2024-07-20 20:27	appdrivesound.exe 0f798c42cf4a3724aab608409cdb0426 North Korea Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger buffers extracted unpack itself ComputerName					3.0	M	42	ZeroCERT

2070	2024-07-20 20:27	LummaC2.exe 3d2133fcf75f684b0b8d0152c8304c9b Lumma Stealer UPX PE File PE32 VirusTotal Malware					1.2	M	54	ZeroCERT