Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
2086	2024-07-20 20:11	34v3vz.exe 61547b701d759958b78b75aeca77279c Generic Malware Malicious Library UPX Malicious Packer Anti_VM PE File PE32 OS Processor Check PE64 Malware download VirusTotal Email Client Info Stealer Malware AutoRuns Malicious Traffic WMI Creates executable files Windows utilities Checks Bios suspicious process WriteConsoleW anti-virtualization Windows Email ComputerName DNS	3 Keyword trend analysis Info http://185.196.10.57/ev643v4/api.php?id=5BCCD56859158D5509DEF6EE93BD1D99E583188F0C221CF3349EDF15382DB8F4&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=1898C939111C http://185.196.10.57/ev643v4/api.php?id=5BCCD56859158D5509DEF6EE93BD1D99E583188F0C221CF3349EDF15382DB8F4&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=1898C939111C&tsk=5D9A http://185.216.214.218/Population.exe	2	4		8.6	M	61	ZeroCERT

2087	2024-07-20 20:10	g245x.exe 72cd0c2edee91a3d8e2b8a0b149ded12 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself WriteConsoleW crashed					2.4	M	49	ZeroCERT

2088	2024-07-20 20:08	ZHHR.txt.exe fa702e456caa471e2b07df76d37de539 Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check Malware download Remcos VirusTotal Malware Malicious Traffic Check memory Windows keylogger	1 Keyword trend analysis	4	2		3.4		58	ZeroCERT

2089	2024-07-20 20:08	winiti.exe 9a5faf2d13c1fb4ac9aa52154c3a6dc5 AgentTesla Malicious Library .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed	2 Keyword trend analysis	4	5 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Lookup ip-api.com ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com)		14.4	M	55	ZeroCERT

2090	2024-07-20 20:08	hc.hc.hc.hc.hchchchch.doc e677d8183d89a410a3ce59db5a2722d3 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	5	3	1	4.8	M	41	ZeroCERT

2091	2024-07-20 20:06	butterburnverysweetgirleated.g... 612b79418bc9dee5e9bf503df55a245c Generic Malware Antivirus PowerShell VirusTotal Malware VBScript powershell suspicious privilege Check memory Checks debugger wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key Dropper	2 Keyword trend analysis	4	3	1	10.0	M	5	ZeroCERT

2092	2024-07-20 20:06	we.we.we.we.wewewewe.doc 6f2f933c81549f01eb55e42a0d85535e MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	3	8 Info ET INFO Executable Download from dotted-quad Host ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.2	M	40	ZeroCERT

2093	2024-07-20 20:05	Files.exe 90b3832d4da1a85d18c9c515cb01780e Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.2		58	ZeroCERT

2094	2024-07-20 20:04	newwork.exe 3764897fd08b8427b978fb099c091f71 Generic Malware Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check Malware download Amadey VirusTotal Malware AutoRuns Malicious Traffic ICMP traffic unpack itself AppData folder Tofsee Windows DNS	1 Keyword trend analysis	5	6		7.0		63	ZeroCERT

2095	2024-07-20 20:04	669a08aa861a2_filemanager.exe#... 71be3c01c7064efaa019e6259ccb0602 Vidar Client SW User Data Stealer LokiBot ftp Client info stealer Malicious Library .NET framework(MSIL) UPX ASPack Http API PWS HTTP Code injection Internet API Anti_VM AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check FTP Client Info Stealer VirusTotal Malware Telegram PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	2 Keyword trend analysis	5	3	1	16.2	M	43	ZeroCERT

2096	2024-07-20 20:01	mimilib.dll 46e598798bdde4c72e796edcf2317b52 Malicious Packer PE File DLL PE32 VirusTotal Malware Checks debugger unpack itself crashed					2.0	M	63	ZeroCERT

2097	2024-07-20 20:01	mimispool.dll dab7a18b02399053ba3ff1e568789fce PE File DLL PE32 VirusTotal Malware Check memory Checks debugger unpack itself crashed					2.2	M	58	ZeroCERT

2098	2024-07-20 19:59	mimidrv.sys 0818699d065afcb1f397d578d3708dc2 Antivirus PE File PE32 VirusTotal Malware PDB					1.6	M	61	ZeroCERT

2099	2024-07-20 19:59	IEnetcache.hta f56f02858f071b420ca3e54922f00ccf Generic Malware Antivirus AntiDebug AntiVM PowerShell MSOffice File PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	1	5		12.2	M	26	ZeroCERT

2100	2024-07-20 19:58	psi.ps1 ff9703bcf189e4144bb277789540e1fa Generic Malware Antivirus VirusTotal Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	2		4.6		5	ZeroCERT