Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
2131	2025-02-11 10:52	SquareSpace.bat dc38ed57b189d67b26b0dd7622067cf9 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					5.0	M	5	ZeroCERT

2132	2025-02-11 10:51	jonbDes.exe f071beebff0bcff843395dc61a8d53c8 PE File PE32 VirusTotal Malware					1.2	M	57	ZeroCERT

2133	2025-02-11 10:50	random.exe 655ea6038564b40a3c583e516c9033d3 Amadey Generic Malware Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM Malware download Amadey Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Checks Bios Detects VMWare powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization VM Disk Size Check Windows ComputerName DNS Cryptographic key crashed Downloader	10 Keyword trend analysis Info http://185.215.113.43/Zu7JuNko/index.php - rule_id: 42814 http://185.215.113.75/files/6691015685/Bjkm5hE.exe http://185.215.113.75/files/fate/random.exe http://185.215.113.75/files/5643377291/7fOMOTQ.exe http://185.215.113.75/files/7527271436/012Bdpb.exe http://185.215.113.75/files/1975996902/up7d8Ym.exe http://185.215.113.75/files/7967666176/13Z5sqy.exe http://185.215.113.75/files/7644806746/jonbDes.exe http://185.215.113.75/files/5666444957/tYrnx75.exe http://185.215.113.16/mine/random.exe	4	7 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 32 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Packed Executable Download ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	10.0	M		ZeroCERT

2134	2025-02-11 10:50	random.exe 2103d8fbd7305f63a982df26d65f056f Themida ILProtector Packer UPX Malicious Library Antivirus DGA Http API ScreenShot HTTP Code injection Internet API KeyLogger Anti_VM AntiDebug AntiVM PE File PE32 .NET EXE GIF Format Lnk Format DLL .NET DLL Malware MachineGuid Code Injection Malicious Traffic Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Checks Bios Detects VMWare AppData folder malicious URLs AntiVM_Disk VMware anti-virtualization VM Disk Size Check Windows DNS crashed	5 Keyword trend analysis	1	3		13.6	M		ZeroCERT

2135	2025-02-11 10:47	7fOMOTQ.exe b348884fc13a1a86e9e3a38a647ccd24 Themida UPX PE File PE32 VirusTotal Malware Checks debugger unpack itself Checks Bios Detects VMWare VMware anti-virtualization Windows crashed					5.4	M	57	ZeroCERT

2136	2025-02-11 10:45	random.exe 4550b8e1193d6362b3f4d1ed2d037d99 Emotet Gen1 Themida Generic Malware ILProtector Packer UPX Malicious Library Antivirus DGA Http API ScreenShot HTTP Code injection Internet API KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check DLL MZP Format GIF Format Lnk Format .NET D VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Checks Bios Detects VMWare AppData folder malicious URLs AntiVM_Disk VMware anti-virtualization VM Disk Size Check Windows ComputerName DNS crashed	5 Keyword trend analysis	1	3		17.0	M	29	ZeroCERT

2137	2025-02-11 10:45	random.exe e21ff4fed2aff016fa70009e4fb13508 Themida UPX PE File PE32 Checks debugger unpack itself Checks Bios Detects VMWare AntiVM_Disk VMware anti-virtualization VM Disk Size Check Windows crashed					5.0			ZeroCERT

2138	2025-02-11 10:44	Fe36XBk.exe b1209205d9a5af39794bdd27e98134ef Themida UPX PE File PE32 VirusTotal Malware Checks debugger unpack itself Checks Bios Detects VMWare AntiVM_Disk VMware anti-virtualization VM Disk Size Check Windows crashed					6.2	M	55	ZeroCERT

2139	2025-02-11 10:42	seemethebestthingswithgivenuwi... 34991dea69f4b5d38dd7658995786b34 MS_RTF_Obfuscation_Objects RTF File doc Vulnerability VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	3	5 Info ET POLICY Possible HTA Application Download ET INFO Dotted Quad Host HTA Request ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		5.0	M	36	ZeroCERT

2140	2025-02-11 10:13	setsetup.msi b4a59dc4ba8a69ef18d1265af5039e3c Generic Malware Malicious Library MSOffice File CAB OS Processor Check VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName	1 Keyword trend analysis	2			2.4		17	ZeroCERT

2141	2025-02-10 16:37	KYNIX 24255.jar c48786041bfbc49cd7a4ac809e1f89fb ZIP Format VirusTotal Malware Check memory heapspray unpack itself Java					2.0		9	guest

2142	2025-02-10 16:30	bas.bat fcd3c21e69ff97facbbe82ca7955d171 Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM CAB PE File PE32 MZP Format VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself AppData folder WriteConsoleW DNS crashed		1			5.0	M	25	ZeroCERT

2143	2025-02-10 16:28	NetworkScreensaverFactory7Free... 18fa8e73bcadfb7aecb02c9a036e8f8d MSOffice File CAB VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk VM Disk Size Check human activity check ComputerName DNS		2			4.0	M	25	ZeroCERT

2144	2025-02-10 16:24	SysToolsvCardConverterSetup.ms... 5cbc7e749bc01170dacbdff68e128b38 MSOffice File CAB VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk VM Disk Size Check ComputerName DNS		1			4.8	M	2	ZeroCERT

2145	2025-02-10 16:24	cann.exe 4be8edd2f271ecc53882580be2e3ebee Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check DLL Browser Info Stealer VirusTotal Malware Checks debugger buffers extracted Creates executable files unpack itself AppData folder Browser	15 Keyword trend analysis Info http://www.fucwnq.info/8p8i/?qoKc=a5l09Qp7pmsEf5yEtumfCmA4FJVgofitYhzqP254uHRmdCJe0SpyQhm38Yzcw/+6dQGNFUTCvRXb4wQ7Y748Z1MnJQds33GHQKwPFv7Amruup7U6sDj2YIwaHo5Edb8bmBbyyTI=&yR=ndkzf3gLVCbpmz http://www.caral.tokyo/kfme/ http://www.kjuw.party/g3xj/ http://www.boldision.website/b8eq/?qoKc=7qreF0g0yHNsuLEpIgmFDF0P7XiGJ68LmHVNrHwkTGJwi8NfRV+L+LhEs53NK3AfUFEY1ftAcCcukpd3JNcW3tIka6ByuqumFJ8wRbbsPZpUoeQDdNS0f8IqJSFmgKyEuWAryy8=&yR=ndkzf3gLVCbpmz http://www.boldision.website/b8eq/ http://www.bellysweep.net/lpe2/?qoKc=RhVJGX3VZmae2RC4FIkpAE1HE+DPgQdHz3W6vlv0Ccn73ZE0fxGV0LjNUZTxlUpEAMNylNW9fZA+l0v/XDABfxLx+s5hMUYd3d0HcqGmB41+sDziknOopP5c4C5IcbKn17rsFi8=&yR=ndkzf3gLVCbpmz http://www.gluconolmx.shop/iys0/ http://www.sqlite.org/2019/sqlite-dll-win32-x86-3300000.zip http://www.kjuw.party/g3xj/?qoKc=yzTCMKbIVqYb6b8IyghfHGOZzbQMHF7UvBh9Hut7g+oZLTYSt7eY8TwoXkohSYAGAyCDuiJelC0lIv6SYlovlQbueynCg59aEIx/oGSFfD4D1TjC9B6gWuSLGZO2+muYaEItlXc=&yR=ndkzf3gLVCbpmz http://www.caral.tokyo/kfme/?qoKc=HwTMo50ydVuzQMtN8JDEpC8K/s71ZK5RHfRt2qeNlpKe5ZVnjscOL+fCDo3O+zY1iP1txwM/d+s2bu8J+S9L8x2ZEb3FDLALW42A67IsevToskMca8uHHJRWlUdFygGoDvtM+VA=&yR=ndkzf3gLVCbpmz http://www.timeinsardinia.info/kwdu/ http://www.fucwnq.info/8p8i/ http://www.bellysweep.net/lpe2/ http://www.gluconolmx.shop/iys0/?qoKc=MCiAf83PE47TpUlQwZH20Vptto0FJmDRsPp81iy1ipl0xoB4AVaQcKFZKJ96H2l37Ibo7Hr6U2u3uhBbyIEHOhLZLmvHUMcDsf+HiIdiR/6iXv+if1fAh3x5pTf5XAwOW50YUus=&yR=ndkzf3gLVCbpmz http://www.timeinsardinia.info/kwdu/?qoKc=n4q+6Qdz8o2Hnps38ZC+Mt8x7/Ivyk2kfVGRbeE6AIA5co0fwfjOCeEbo59UDreg0bfmZet6FZoo9iLfYT89x1JQ3P85dvt0HK1ARetpDlQKPgUO+iMwJLDirKhbZCj83kQCFe0=&yR=ndkzf3gLVCbpmz	15 Info www.kjuw.party(134.122.135.48) www.timeinsardinia.info(104.21.90.239) www.bellysweep.net(84.32.84.32) www.caral.tokyo(199.59.243.228) www.boldision.website(63.250.47.57) www.fucwnq.info(47.83.1.90) www.gluconolmx.shop(13.228.81.39) 134.122.133.80 199.59.243.228 84.32.84.32 - mailcious 47.83.1.90 104.21.90.239 - mailcious 63.250.47.57 - mailcious 45.33.6.223 13.228.81.39			7.2	M	49	ZeroCERT