Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
22471	2022-12-08 15:57	obz2.exe d0c67160c740f62c25b0558e9563a824 RAT UPX AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key					8.8	M	49	ZeroCERT

22472	2022-12-08 15:53	REQUIREMENT LIST OF SPARES.xls 64266fc0f0b37a26e14133ad19b98b7c Generic Malware VBA_macro MSOffice File VirusTotal Malware exploit crash unpack itself Exploit crashed		2			3.0		32	ZeroCERT

22473	2022-12-08 13:33	algo agreement.docx 9e4b9ff1f4ac3230244f31fd2759ee0b Doc XML Downloader Word 2007 file format(docx) VirusTotal Malware exploit crash unpack itself Exploit crashed	2 Keyword trend analysis	2			2.8	M	11	guest

22474	2022-12-08 12:06	config_20.ps1 48779787657945345533019bbf8e14ce Generic Malware Antivirus Check memory unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key crashed		1			3.4	M		ZeroCERT

22475	2022-12-08 10:57	saiwer.exe 369321f33d5ffaeeadb4da9f33c78156 PWS Loki[b] Loki.m RAT .NET framework Gen2 Trojan_PWS_Stealer Generic Malware Credential User Data Malicious Library Malicious Packer UPX Anti_VM SQLite Cookie AntiDebug AntiVM PE32 OS Processor Check PE File DLL .NET EXE PNG Format JPEG Format Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files exploit crash unpack itself Windows utilities Collect installed applications suspicious process AppData folder WriteConsoleW installed browsers check Kelihos Tofsee Windows Exploit Browser Email ComputerName RCE DNS Cryptographic key Software crashed	11 Keyword trend analysis Info http://31.41.244.237/jg94cVd30f/index.php?scr=1 http://www.aculpainting.com/mp3studios97/mp3studios_97.exe http://31.41.244.237/jg94cVd30f/index.php http://62.204.41.6/p9cWxH/Plugins/cred64.dll - rule_id: 25001 http://62.204.41.6/p9cWxH/index.php - rule_id: 24996 http://31.41.244.237/jg94cVd30f/Plugins/cred64.dll http://62.204.41.6/p9cWxH/index.php?scr=1 - rule_id: 24996 http://31.41.244.253/goga/nash.exe http://31.41.244.188/ano/anon.exe - rule_id: 25005 http://transfer.sh/get/gI6LT0/loader.exe https://www.icodeps.com/ - rule_id: 14280	14 Info iplogger.org(148.251.234.83) - mailcious transfer.sh(144.76.136.153) - malware www.icodeps.com(149.28.253.196) - mailcious www.aculpainting.com(23.160.193.16) - malware 148.251.234.83 185.106.92.214 - mailcious 31.41.244.253 - malware 149.28.253.196 - mailcious 31.41.244.237 - malware 144.76.136.153 - mailcious 31.41.244.14 - mailcious 62.204.41.6 - malware 31.41.244.188 - malware 23.160.193.16 - malware	15 Info ET MALWARE Amadey CnC Check-In ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET DROP Dshield Block Listed Source group 1 ET MALWARE Possible Kelihos.F EXE Download Common Structure ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET POLICY IP Check Domain (iplogger .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Observed DNS Query to File Transfer Service Domain (transfer .sh) ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in DNS Lookup) ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in TLS SNI) ET INFO Dotted Quad Host DLL Request ET INFO TLS Handshake Failure	5	18.8	M	43	ZeroCERT

22476	2022-12-08 10:51	p10pim5u.exe 9f935b74e327153df023aaa48e590f97 RedLine stealer[m] Malicious Library UPX AntiDebug AntiVM PE32 OS Processor Check PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		4			10.6	M	34	ZeroCERT

22477	2022-12-08 10:49	1.exe ff8b52645b3eb0b891935435db2621a2 Malicious Library UPX PE32 OS Processor Check PE File VirusTotal Malware Buffer PE PDB Check memory Checks debugger buffers extracted unpack itself Windows utilities AppData folder sandbox evasion WriteConsoleW Windows ComputerName		1			5.0	M	31	ZeroCERT

22478	2022-12-08 10:47	TUN3.exe f59160f8bf6d380cdecbd2db94c61deb Emotet RAT Gen1 PWS .NET framework Malicious Library UPX AntiDebug AntiVM PE32 PE File OS Processor Check PNG Format JPEG Format .NET EXE MSOffice File GIF Format DLL PE64 VirusTotal Malware AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities Check virtual network interfaces AppData folder AntiVM_Disk VM Disk Size Check human activity check Tofsee Windows Google ComputerName DNS crashed	21 Keyword trend analysis Info http://apps.identrust.com/roots/dstrootcax3.p7c http://5de5c46f-c6bb-4dc8-bd5f-34662c54ce50.s3.pl-waw.scw.cloud/mix-carrers/poweroff.exe - rule_id: 24496 http://5de5c46f-c6bb-4dc8-bd5f-34662c54ce50.s3.pl-waw.scw.cloud/mix-carrers/poweroff.exe http://360devtracking.com/ezzcbmueaa4iwhvb/fmovies - rule_id: 23046 http://www.google.com/ https://connectini.net/S2S/Disc/Disc.php?ezok=pwoffch2&tesla=6 - rule_id: 7620 https://connectini.net/Series/SuperNitouDisc.php - rule_id: 7619 https://connectini.net/ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_MyFileWW - rule_id: 7622 https://wewewe.s3.eu-central-1.amazonaws.com/WeUninstalled.exe - rule_id: 23052 https://droplex.s3.pl-waw.scw.cloud/hadhi_3icha/pub-nv5fyed7t8r9ykva.exe https://droplex.s3.pl-waw.scw.cloud/hadhi_3icha/up-da-nv5fyed7t8r9ykva.exe https://droplex.s3.pl-waw.scw.cloud/hadhi_3icha/hand-h6vuy332pnrr8zq9.exe https://connectini.net/Series/Conumer4Publisher.php - rule_id: 1976 https://connectini.net/ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_PegasunWW - rule_id: 7622 https://connectini.net/ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_mp3studioWW - rule_id: 7622 https://connectini.net/Series/kenpachi/2/goodchannel/KR.json - rule_id: 1972 https://connectini.net/Series/Conumer2kenpachi.php - rule_id: 1974 https://connectini.net/Series/configPoduct/2/goodchannel.json - rule_id: 1973 https://connectini.net/Series/publisher/1/KR.json - rule_id: 23559 https://connectini.net/ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_file2Ww - rule_id: 7622 https://connectini.net/ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_Trustnero - rule_id: 7622	27 Info trustnero.com(104.21.1.91) - mailcious a.dowgmua.com(172.67.157.126) wewewe.s3.eu-central-1.amazonaws.com(3.5.139.163) - mailcious www.google.com(142.250.207.100) google.com(172.217.25.174) 360devtracking.com(37.230.138.66) - mailcious connectini.net(37.230.138.123) - mailcious www.profitabletrustednetwork.com(173.233.137.52) - mailcious 5de5c46f-c6bb-4dc8-bd5f-34662c54ce50.s3.pl-waw.scw.cloud(151.115.10.1) apps.identrust.com(23.43.165.105) droplex.s3.pl-waw.scw.cloud(151.115.10.1) www.aculpainting.com(23.160.193.16) - malware 151.115.10.1 - malware 142.250.204.142 61.111.58.35 - malware 192.243.59.12 142.251.42.164 23.67.53.18 23.50.121.153 61.111.58.34 - malware 192.243.61.227 104.21.1.91 - mailcious 95.214.24.96 - malware 37.230.138.123 - mailcious 37.230.138.66 - mailcious 52.219.170.30 23.160.193.16 - malware	5	15 Info http://5de5c46f-c6bb-4dc8-bd5f-34662c54ce50.s3.pl-waw.scw.cloud/mix-carrers/poweroff.exe http://360devtracking.com/ezzcbmueaa4iwhvb/fmovies https://connectini.net/S2S/Disc/Disc.php https://connectini.net/Series/SuperNitouDisc.php https://connectini.net/ip/check.php https://wewewe.s3.eu-central-1.amazonaws.com/WeUninstalled.exe https://connectini.net/Series/Conumer4Publisher.php https://connectini.net/ip/check.php https://connectini.net/ip/check.php https://connectini.net/Series/kenpachi/2/goodchannel/ https://connectini.net/Series/Conumer2kenpachi.php https://connectini.net/Series/configPoduct/2/goodchannel.json https://connectini.net/Series/publisher/1/KR.json https://connectini.net/ip/check.php https://connectini.net/ip/check.php	16.0	M	34	ZeroCERT

22479	2022-12-08 10:46	.win32.exe 4be31e244804fd6d2e0a8ba49447352a Malicious Library UPX PE32 OS Processor Check PE File VirusTotal Malware PDB unpack itself RCE DNS		1			2.8	M	44	ZeroCERT

22480	2022-12-08 10:44	JHBHGatT.exe 60c2ecb44642d9e51cd4b17b82358cb8 PWS[m] SMTP KeyLogger AntiDebug AntiVM PE File PE64 Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AgentTesla PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger		5	2		14.4	M	22	ZeroCERT

22481	2022-12-08 10:41	7s4udn5F1.exe b22e904e9814c22f6e32667b015c6dad Confuser .NET PE32 .NET EXE PE File VirusTotal Malware Check memory Checks debugger unpack itself ComputerName					2.6		44	r0d

22482	2022-12-08 10:40	setup_1670430157.2111816.exe 89b2ce64736e525d07b5385fa50c5266 RedLine stealer[m] Malicious Library Admin Tool (Sysinternals etc ...) UPX AntiDebug AntiVM PE32 OS Processor Check PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications suspicious TLD installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		2	1		13.2	M	20	ZeroCERT

22483	2022-12-08 10:39	vbc.exe 2b087c00777a630a4100c122f4687783 Malicious Library UPX PE32 PE File VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself	23 Keyword trend analysis Info http://www.lyonfinancialusa.com/henz/ - rule_id: 23666 http://www.afterdarksocial.club/henz/ - rule_id: 23667 http://www.brennancorps.info/henz/?8pdL3zD=P4ST2IJPckjMYpRf2hTG7XGyBDGAy7OOggEf6mHPhnME1yGBMW0exDItYRA37f+XnLyPH15dACF6dKWBGe8FrnsbvwR+k5hXy5NlDxw=&3f_X2=Q2JhLx4h0JC - rule_id: 23670 http://www.phootka.ru/henz/?8pdL3zD=w1bwPjtuf2ZlKfJJwO+BTMATo3IZhxYr0xwxA7aVeAjkl5kFf+SBsbPh/8ORAg46rPRxP2SAJydpY5hX47JJGDyZCrebhSML6UzwAv0=&3f_X2=Q2JhLx4h0JC - rule_id: 23673 http://www.patrickguarte.com/henz/ - rule_id: 23668 http://www.automotiveparts-store.com/henz/ - rule_id: 24899 http://www.seufi.com/henz/?8pdL3zD=IBGzHMg16oJNSPrzw250+MvRfpuZJ+UNeLGkgBGOsROhXn3QAnT7j8xX9Jlog+RFk3dGiXHpM08k153fm/VBkqw4m0Htf2ZTok+naIQ=&3f_X2=Q2JhLx4h0JC - rule_id: 24900 http://www.lopezmodeling.com/henz/ - rule_id: 23671 http://www.courdak.info/henz/?8pdL3zD=vdyVzLcxoZUoogW6+NKMfwQ5LAGTMZCWuq0zGM5B+O39UoDsvg/hobD3JDgVlVzjVFZes90R2RhtZev/AI+f5OQ7oLMklDSyOnM4EYU=&3f_X2=Q2JhLx4h0JC - rule_id: 23789 http://www.lyonfinancialusa.com/henz/?8pdL3zD=I97X75yj3reE70KD0H/Cak1oo2zHy9G/KKFZ2xPoakAfOE75REIsiEdUspxqeb3/DlFpoh36cAjqvl85DwXllB7WLme1uHpNnCumkME=&3f_X2=Q2JhLx4h0JC - rule_id: 23666 http://www.phootka.ru/henz/ - rule_id: 23673 http://www.lopezmodeling.com/henz/?8pdL3zD=dpH6BKfQQ0cm5ImeofuKRskABJrBNfLp0vSyI4bn1RZjePkdeS9a/FiQgEdxlvmzsB0l+sQcpRgj8HqvSEXtkBUtM/7b2ek1qpGMuFI=&3f_X2=Q2JhLx4h0JC - rule_id: 23671 http://www.sqlite.org/2022/sqlite-dll-win32-x86-3390000.zip http://www.foxwhistle.com/henz/ - rule_id: 23672 http://www.sqlite.org/2021/sqlite-dll-win32-x86-3340000.zip http://www.foxwhistle.com/henz/?8pdL3zD=jIhXpQA4pSG2yYWBbTjo4KjMDsvsQ9F5uiLrR0YNz1ez7r/FQUV2XPmUrykxRWDvkt62w03aCUUodajM6m+91s+tfqSr6z5AiriQQhU=&3f_X2=Q2JhLx4h0JC - rule_id: 23672 http://www.eufidelizo.com/henz/?8pdL3zD=wcp3urA+/rGtUuNVdzf16ZeZGpZq4XGXlvUWG7FdGjeYGPzd5j/gkjEzvi43j/MvxviINYayZJCRqWKQvjoVWw+U5Y7ODGkonKNL7W0=&3f_X2=Q2JhLx4h0JC - rule_id: 23665 http://www.automotiveparts-store.com/henz/?8pdL3zD=l755dn3SV1HJ85bgdYLXX0FitE0O++oBuxO/p/rOD3cyNdqLfUPJLAMkl1O9xhY/fGSw1luYDYlS6H/677nep41+QBgryFqg6K8ooWg=&3f_X2=Q2JhLx4h0JC - rule_id: 24899 http://www.afterdarksocial.club/henz/?8pdL3zD=8TptbrIX6F4NxrWdTnVKCiNdtmXGEuELv5cUeaX5N5UPFd9Hxy/eCwrx8CSqMIuqYtp16J6ah9tFi3/97BblSlVnUMukTQJmI59ItyY=&3f_X2=Q2JhLx4h0JC - rule_id: 23667 http://www.seufi.com/henz/ - rule_id: 24900 http://www.patrickguarte.com/henz/?8pdL3zD=5p9Ov6C7qce51hIp6nkbqV/d59cDddN77lLEFw6Ufibk2yN56suGmW9SnR2oT5DaW1POG/xMOeVc/Muqlx89dGklgcJInIpBk29/OFI=&3f_X2=Q2JhLx4h0JC - rule_id: 23668 http://www.brennancorps.info/henz/ - rule_id: 23670 http://www.courdak.info/henz/ - rule_id: 23789	24 Info www.19t221013d.tokyo() - mailcious www.seufi.com(2.57.90.16) - mailcious www.lyonfinancialusa.com(206.233.197.135) - mailcious www.afterdarksocial.club(162.214.129.149) - mailcious www.courdak.info(66.29.151.40) - mailcious www.foxwhistle.com(154.22.100.62) - mailcious www.eufidelizo.com(192.185.217.47) - mailcious www.automotiveparts-store.com(162.0.238.93) - mailcious www.brennancorps.info(2.57.90.16) - mailcious www.sqlite.org(45.33.6.223) www.phootka.ru(195.24.68.23) - mailcious www.patrickguarte.com(155.159.61.221) - mailcious www.lopezmodeling.com(192.185.35.86) - mailcious 162.214.129.149 - mailcious 154.22.100.62 - mailcious 195.24.68.23 - malware 192.185.217.47 - mailcious 66.29.151.40 - mailcious 2.57.90.16 - mailcious 45.33.6.223 192.185.35.86 - mailcious 162.0.238.93 - mailcious 206.233.197.135 - mailcious 155.159.61.221 - mailcious	1	21 Info http://www.lyonfinancialusa.com/henz/ http://www.afterdarksocial.club/henz/ http://www.brennancorps.info/henz/ http://www.phootka.ru/henz/ http://www.patrickguarte.com/henz/ http://www.automotiveparts-store.com/henz/ http://www.seufi.com/henz/ http://www.lopezmodeling.com/henz/ http://www.courdak.info/henz/ http://www.lyonfinancialusa.com/henz/ http://www.phootka.ru/henz/ http://www.lopezmodeling.com/henz/ http://www.foxwhistle.com/henz/ http://www.foxwhistle.com/henz/ http://www.eufidelizo.com/henz/ http://www.automotiveparts-store.com/henz/ http://www.afterdarksocial.club/henz/ http://www.seufi.com/henz/ http://www.patrickguarte.com/henz/ http://www.brennancorps.info/henz/ http://www.courdak.info/henz/	4.2	M	28	ZeroCERT

22484	2022-12-08 10:38	.csrss.exe cc225cb1905a406897961c0377a9624e PWS .NET framework PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself					5.6	M	24	ZeroCERT

22485	2022-12-08 10:35	linda5.exe d6b4631a2fc321751906eef19c85bdef Malicious Library UPX AntiDebug AntiVM PE32 OS Processor Check PE File DLL PDB Code Injection Checks debugger unpack itself AppData folder RCE					2.6	M		ZeroCERT