Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
22381	2022-12-12 17:53	Recipt.exe 64b06d9408f8681bce5821db705273ce Admin Tool (Sysinternals etc ...) UPX PE32 PE File PNG Format JPEG Format MSOffice File VirusTotal Malware Check memory RWX flags setting unpack itself suspicious process Interception ComputerName RCE crashed					4.8		49	ZeroCERT

22382	2022-12-12 17:52	jj.exe e640d0039dc6d28f9bfabddff1863a73 Gen2 Malicious Library Malicious Packer UPX PE32 OS Processor Check PE File VirusTotal Malware human activity check					1.0	M	13	ZeroCERT

22383	2022-12-12 17:52	cred64.dll 943b635cf33d020caf36cfc2b608ff03 Ave Maria WARZONE RAT Malicious Library UPX OS Processor Check DLL PE File PE64 VirusTotal Malware PDB Checks debugger unpack itself installed browsers check Browser ComputerName crashed					2.6	M	33	ZeroCERT

22384	2022-12-12 16:18	chkds.dll 775fb391db27e299af08933917a3acda Generic Malware Malicious Library UPX PE32 OS Processor Check DLL PE File VirusTotal Malware AutoRuns Check memory Checks debugger RWX flags setting unpack itself sandbox evasion Windows Browser ComputerName crashed		1			5.2		49	ZeroCERT

22385	2022-12-12 15:21	chkds.dll 775fb391db27e299af08933917a3acda Generic Malware Malicious Library UPX PE32 OS Processor Check DLL PE File VirusTotal Malware Checks debugger RWX flags setting unpack itself sandbox evasion Windows Browser					4.0		49	r0d

22386	2022-12-12 11:32	LanguageTool.exe 9a9bac4aa21b418c54be4bfa04d979b7 NPKI RAT Generic Malware Antivirus Socket AntiDebug AntiVM PE32 .NET EXE PE File AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process Windows ComputerName DNS Cryptographic key		1			9.6			ZeroCERT

22387	2022-12-12 11:31	cred64.dll 3966ebb55d701a2b42f9a755aa925010 PWS Loki[b] Loki.m Malicious Library PE32 DLL PE File FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Malicious Traffic Check memory Checks debugger unpack itself Email Software crashed	1 Keyword trend analysis	4		1	5.4	M	46	ZeroCERT

22388	2022-12-12 11:25	explorer.exe e79b48eefa43aa34f360f68618992236 Emotet UPX AntiDebug AntiVM PE32 PE File Malware download VirusTotal Malware AutoRuns Code Injection unpack itself Windows utilities suspicious process AppData folder human activity check Windows DNS Botnet		2	1		7.4	M	42	ZeroCERT

22389	2022-12-12 11:23	TeamViewerSetupx64.exe 852011cf885e76c0441dd52fdd280db7 Gen2 Malicious Library Malicious Packer UPX Antivirus OS Processor Check PE File PE64 VirusTotal Malware PDB MachineGuid					3.2	M	21	ZeroCERT

22390	2022-12-12 11:23	TeamViewer_Desktop.exe 0c9df67f152a727b0832aa4e7f079a71 ASPack UPX PE32 PE File Malware download VirusTotal Malware AutoRuns Check memory Windows utilities WriteConsoleW Windows ComputerName DNS		1	1		4.4	M	43	ZeroCERT

22391	2022-12-12 11:18	AnyDesk.exe d332cf184ac8335d2c3581a48ee0ad87 Emotet NPKI RAT Gen2 PWS Loki[b] Loki.m Generic Malware ASPack UPX Antivirus Malicious Library Malicious Packer Socket AntiDebug AntiVM PE32 PE File JPEG Format .NET EXE OS Processor Check PE64 DLL Malware download Amadey FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows Email ComputerName DNS Cryptographic key Software Botnet	7 Keyword trend analysis Info http://45.89.255.250:8080/explorer.exe http://SmgqNt3EIxXkSAsU.xyz/jg94cVd30f/Plugins/cred64.dll http://SmgqNt3EIxXkSAsU.xyz/jg94cVd30f/index.php http://SmgqNt3EIxXkSAsU.xyz/jg94cVd30f/index.php?scr=1 http://45.89.255.250:8080/TeamViewer_Desktop.exe http://45.89.255.250:8080/LanguageTool.exe http://45.89.255.250:8080/TeamViewerSetupx64.exe	9	8 Info ET MALWARE Amadey CnC Check-In ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING Suspicious explorer.exe in URI ET MALWARE [PTsecurity] Botnet Nitol.B Checkin ET MALWARE Win32/Nitol.A Checkin		20.4		44	ZeroCERT

22392	2022-12-12 10:45	paypal.docx 7b27586c4b332c5e87784c8d3e45a523 Doc XML Downloader Word 2007 file format(docx) VirusTotal Malware exploit crash unpack itself Exploit DNS crashed	1 Keyword trend analysis	2	3		3.0	M	20	ZeroCERT

22393	2022-12-12 10:37	poweroff.exe 9289f3ba71da27aea6b7ff44a5bf2885 RAT PWS .NET framework UPX PE32 .NET EXE PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself					2.4	M	31	ZeroCERT

22394	2022-12-12 09:48	CR3.exe 8a750de9841355fb6f01c923e71303ef Emotet RAT Gen1 PWS .NET framework Malicious Library UPX AntiDebug AntiVM PE32 PE File PNG Format JPEG Format MSOffice File OS Processor Check GIF Format .NET EXE DLL PE64 VirusTotal Malware AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder AntiVM_Disk VM Disk Size Check human activity check Tofsee Windows Google ComputerName DNS crashed	19 Keyword trend analysis Info http://apps.identrust.com/roots/dstrootcax3.p7c http://chainsaw-man.s3.pl-waw.scw.cloud/costa-ins/poweroff.exe http://360devtracking.com/ezzcbmueaa4iwhvb/fmovies - rule_id: 23046 http://www.google.com/ https://connectini.net/S2S/Disc/Disc.php?ezok=pwoffch2&tesla=7 - rule_id: 7620 https://connectini.net/Series/publisher/1/KR.json - rule_id: 23559 https://connectini.net/Series/SuperNitouDisc.php - rule_id: 7619 https://wewewe.s3.eu-central-1.amazonaws.com/WeUninstalled.exe - rule_id: 23052 https://droplex.s3.pl-waw.scw.cloud/hadhi_3icha/pub-nv5fyed7t8r9ykva.exe - rule_id: 25016 https://droplex.s3.pl-waw.scw.cloud/hadhi_3icha/up-da-nv5fyed7t8r9ykva.exe - rule_id: 25017 https://droplex.s3.pl-waw.scw.cloud/hadhi_3icha/hand-h6vuy332pnrr8zq9.exe - rule_id: 25018 https://connectini.net/Series/Conumer4Publisher.php - rule_id: 1976 https://connectini.net/ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_PegasunWW - rule_id: 7622 https://connectini.net/ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_mp3studioWW - rule_id: 7622 https://connectini.net/Series/kenpachi/2/goodchannel/KR.json - rule_id: 1972 https://connectini.net/Series/Conumer2kenpachi.php - rule_id: 1974 https://connectini.net/Series/configPoduct/2/goodchannel.json - rule_id: 1973 https://connectini.net/ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_file2Ww - rule_id: 7622 https://droplex.s3.pl-waw.scw.cloud/widgets/powerOff.exe	22 Info wewewe.s3.eu-central-1.amazonaws.com(52.219.171.130) - mailcious www.google.com(142.250.207.100) google.com(172.217.25.174) 360devtracking.com(37.230.138.66) - mailcious connectini.net(37.230.138.123) - mailcious www.profitabletrustednetwork.com(173.233.137.52) - mailcious iplogger.com(148.251.234.93) - mailcious apps.identrust.com(23.32.56.72) chainsaw-man.s3.pl-waw.scw.cloud(151.115.10.1) www.loransheart.com(23.160.193.16) droplex.s3.pl-waw.scw.cloud(151.115.10.1) - malware grilloo.net(159.8.122.140) 172.217.161.36 148.251.234.93 - mailcious 95.214.24.96 - malware 173.233.137.44 37.230.138.66 - mailcious 23.43.165.105 151.115.10.1 - malware 52.219.171.106 37.230.138.123 - mailcious 172.217.31.14	6 Info ET INFO Observed DNS Query to .cloud TLD ET INFO HTTP Request to Suspicious *.cloud Domain SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO TLS Handshake Failure ET HUNTING Terse Unencrypted Request for Google - Likely Connectivity Check	15 Info http://360devtracking.com/ezzcbmueaa4iwhvb/fmovies https://connectini.net/S2S/Disc/Disc.php https://connectini.net/Series/publisher/1/KR.json https://connectini.net/Series/SuperNitouDisc.php https://wewewe.s3.eu-central-1.amazonaws.com/WeUninstalled.exe https://droplex.s3.pl-waw.scw.cloud/hadhi_3icha/pub-nv5fyed7t8r9ykva.exe https://droplex.s3.pl-waw.scw.cloud/hadhi_3icha/up-da-nv5fyed7t8r9ykva.exe https://droplex.s3.pl-waw.scw.cloud/hadhi_3icha/hand-h6vuy332pnrr8zq9.exe https://connectini.net/Series/Conumer4Publisher.php https://connectini.net/ip/check.php https://connectini.net/ip/check.php https://connectini.net/Series/kenpachi/2/goodchannel/ https://connectini.net/Series/Conumer2kenpachi.php https://connectini.net/Series/configPoduct/2/goodchannel.json https://connectini.net/ip/check.php	14.8	M	39	ZeroCERT

22395	2022-12-12 09:42	Adsme.exe 6e11432b2f77efd7d18ac993c4bb348e Malicious Library PE File PE64 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself					2.0	M	18	ZeroCERT