Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
22486	2022-12-08 09:53	Setup.exe 1d812a08acd9e8dce50adc344fbac211 NPKI Generic Malware Malicious Library UPX Antivirus PE32 PE File OS Processor Check BMP Format Browser Info Stealer Malware download VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications powershell.exe wrote suspicious process AppData folder AntiVM_Disk suspicious TLD sandbox evasion WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check Tofsee Zeus CryptBot Windows Browser Email ComputerName Trojan DNS Cryptographic key Software	2 Keyword trend analysis	4	7 Info ET DNS Query to a .top domain - Likely Hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE Trojan Generic - POST To gate.php with no accept headers ET INFO HTTP Request to a .top domain ET MALWARE Win32/Cryptbot V2 Data Exfiltration Attempt ET MALWARE Generic -POST To gate.php w/Extended ASCII Characters (Likely Zeus Derivative)		13.6	M	29	ZeroCERT

22487	2022-12-08 09:49	loader.exe 2ef6c7916c9ab2b9f900fad1825789a8 Generic Malware Malicious Library Malicious Packer UPX OS Processor Check PE File PE64 VirusTotal Malware crashed					0.6	M	8	ZeroCERT

22488	2022-12-08 09:48	snake.docx 3b853ae547346befe5f3d06290635cf6 Word 2007 file format(docx) unpack itself Tofsee	2 Keyword trend analysis	4	1		1.6			ZeroCERT

22489	2022-12-08 09:47	file.exe 48bb472e2ae054cce5c9dc4a5cc7b3f3 Gen2 Generic Malware Malicious Library UPX Antivirus PE32 OS Processor Check PE File PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName RCE Cryptographic key	1 Keyword trend analysis	2	2		10.0		52	ZeroCERT

22490	2022-12-08 09:47	pl2.exe f919de1034edc7b8a4a5a8aa8f0067dd Malicious Library UPX PE32 PE File .NET DLL DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder					2.4		6	ZeroCERT

22491	2022-12-08 09:45	pakii.exe 32bbd2bd2b4d2e185783f25d64c6cdbf PWS[m] Admin Tool (Sysinternals etc ...) SMTP Code injection KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed		2	2		12.2	M	26	ZeroCERT

22492	2022-12-08 09:45	000000.exe 1c60e364996e19438ff8fae421c52393 Generic Malware Malicious Library Malicious Packer UPX Antivirus OS Processor Check PE File PE64 VirusTotal Malware crashed					0.6		7	ZeroCERT

22493	2022-12-08 05:35	http://wagwalker.test-app.link 991249b1da4faebe139fe961c6ffb360 PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	2	3		4.2			guest

22494	2022-12-07 16:13	Juzgado 09 civil del circuito ... 4a69b0a3796dd688d57e11658ac1058c Antivirus Word 2007 file format(docx) VirusTotal Malware RWX flags setting					2.0		26	ZeroCERT

22495	2022-12-07 16:10	Juzgado 09 civil del circuito ... 4a69b0a3796dd688d57e11658ac1058c Antivirus Word 2007 file format(docx) VirusTotal Malware exploit crash unpack itself Exploit crashed					2.6		26	ZeroCERT

22496	2022-12-07 16:03	cred64.dll 98cc0f811ad5ff43fedc262961002498 PWS Loki[b] Loki.m Malicious Library PE32 DLL PE File FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Malicious Traffic Check memory Checks debugger unpack itself Email RCE DNS Software crashed	1 Keyword trend analysis	1	1	1	6.0	M	53	ZeroCERT

22497	2022-12-07 15:51	pb1109.exe d925de50dd98dbed8ec6b93c98e6900c Malicious Library VMProtect PE File PE64 VirusTotal Malware crashed					2.0	M	23	ZeroCERT

22498	2022-12-07 15:51	newlege.exe 065ee41f9a4f66bd96f0448d68cc4178 RedLine stealer[m] PWS Loki[b] Loki.m RAT .NET framework Malicious Library Malicious Packer UPX Admin Tool (Sysinternals etc ...) VMProtect Create Service Escalate priviledges AntiDebug AntiVM PE32 OS Processor Check PE File DLL .NET EXE PE64 JPEG Fo Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder WriteConsoleW installed browsers check Tofsee Interception Windows Browser Email ComputerName WordPress RCE DNS Cryptographic key Software crashed	9 Keyword trend analysis Info http://www.time4unow.com/wp-content/file.exe http://byh.ajn322bb.com/files/pe/pb1109.exe http://62.204.41.6/p9cWxH/Plugins/cred64.dll http://62.204.41.6/p9cWxH/index.php http://62.204.41.6/p9cWxH/index.php?scr=1 http://31.41.244.188/new/linda5.exe - rule_id: 24510 http://31.41.244.188/lego/5jk29l2fg.exe http://31.41.244.188/miha/wish.exe http://31.41.244.188/ano/anon.exe	10	10 Info ET DROP Dshield Block Listed Source group 1 ET MALWARE Amadey CnC Check-In ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Dotted Quad Host DLL Request	1	19.4	M	49	ZeroCERT

22499	2022-12-07 15:51	lib32.exe 72eae711b521c031d8c4616459f6da89 UPX PE File PE64 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Windows Cryptographic key					2.6		38	ZeroCERT

22500	2022-12-07 15:50	Logic%20Media%20Explorer.exe fa9b0ac29dc8d6d7d6078c6bb16bf669 Gen2 Malicious Library Malicious Packer UPX Antivirus OS Processor Check PE File PE64 VirusTotal Malware PDB RCE DNS		1	1		3.0		5	ZeroCERT