Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
22906	2022-12-14 13:28	tempresource.tmp 2bdb5acc4e988fd06a757455ab706054 Malicious Library UPX OS Processor Check DLL PE File PE64 VirusTotal Malware PDB					1.4		5	ZeroCERT

22907	2022-12-14 11:32	SHIPPING Docs-DRAFT MBL HBL KG... 5e835a1077f20ea48cbceca3ff7160cd PWS[m] PWS .NET framework Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AgentTesla PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	4	4		14.2		50	ZeroCERT

22908	2022-12-14 09:51	nord.exe c6524cc2cb091e23be6d9526d6bcbc99 PWS Loki[b] Loki.m RAT .NET framework SmokeLoader Malicious Library Malicious Packer UPX AntiDebug AntiVM PE32 OS Processor Check PE File DLL .NET EXE JPEG Format Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder WriteConsoleW installed browsers check Kelihos Tofsee Windows Browser Email ComputerName RCE DNS Cryptographic key Software crashed Downloader	10 Keyword trend analysis Info http://31.41.244.237/jg94cVd30f/index.php?scr=1 - rule_id: 25013 http://transfer.sh/get/W4XHT0/Gay.exe - rule_id: 25258 http://31.41.244.237/jg94cVd30f/index.php - rule_id: 25013 http://62.204.41.79/fb73jc3/index.php?scr=1 http://62.204.41.79/fb73jc3/index.php http://62.204.41.6/p9cWxH/Plugins/cred64.dll - rule_id: 25001 http://62.204.41.6/p9cWxH/index.php - rule_id: 24996 http://62.204.41.6/p9cWxH/index.php?scr=1 - rule_id: 24996 http://66.11.117.45/happy/Make.exe http://62.204.41.6/newlege.exe - rule_id: 25026	10	14 Info ET DROP Dshield Block Listed Source group 1 ET MALWARE Amadey CnC Check-In ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Possible Kelihos.F EXE Download Common Structure ET POLICY Observed DNS Query to File Transfer Service Domain (transfer .sh) ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in DNS Lookup) ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET INFO Dotted Quad Host DLL Request ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	7	16.2	M	51	ZeroCERT

22909	2022-12-14 09:51	Task.ps1 e5cea8eb54d88e1d3191a9fd3b9c6432 Generic Malware Antivirus VirusTotal Malware unpack itself WriteConsoleW Windows Cryptographic key					1.2	M	2	ZeroCERT

22910	2022-12-14 09:50	bibar.exe c6524cc2cb091e23be6d9526d6bcbc99 PWS Loki[b] Loki.m Malicious Library Malicious Packer UPX PE32 OS Processor Check PE File DLL JPEG Format Malware download Amadey FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Interception Windows Email ComputerName RCE DNS Software	2 Keyword trend analysis	1	5		11.4	M	51	ZeroCERT

22911	2022-12-14 09:47	1.exe 90932373f89d77524ca0f118695a73e0 PWS[m] RAT Generic Malware Downloader Anti_VM Malicious Packer Antivirus Create Service DGA Socket ScreenShot DNS Internet API Code injection Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges FTP Http API AntiDebug AntiVM PE File PE64 VirusTotal Malware AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					7.4	M	36	ZeroCERT

22912	2022-12-14 09:45	sila.exe 49b8df81d3258be14ed78dfcda2f8fb4 RAT PWS .NET framework UPX PE32 OS Processor Check .NET EXE PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1			6.2	M	52	ZeroCERT

22913	2022-12-14 09:43	cred64.dll 9995abf2f401e4945a7d2930a3727619 PWS Loki[b] Loki.m Malicious Library PE32 DLL PE File FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Malicious Traffic Check memory Checks debugger unpack itself Email RCE DNS Software crashed	1 Keyword trend analysis	1	1		6.0	M	51	ZeroCERT

22914	2022-12-14 09:41	contal2.1.exe 7624e6fc50195fa8bc4e5bd0da55bc78 Malicious Library UPX PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself	3 Keyword trend analysis Info http://www.thetickettruth.com/h3ha/?rV0DUb=0N4LokR9uiCoW7aRFco7zu6jSnArZAq/LdT3uUKltClmieJVsMX6zSQ0xE4ZJOTIuweed6/v&LvyX=oPqLWR http://www.lawnforcement.com/h3ha/?rV0DUb=uxyndyQPaEDVD5l1zaL85Yr6gdU9jXMbCquiDZq5iAsqBDW/y4tuDCOehvkX+wxi0vATA7Ae&LvyX=oPqLWR http://www.ninideal.com/h3ha/?rV0DUb=l48G0yINaYxqgykaZFR0+o6y+2Gncfxsk7XllhJUaLsbGJX4pYEG8eHhbMKu/vO3tGLkH7iz&LvyX=oPqLWR	8	1		4.0	M	35	ZeroCERT

22915	2022-12-14 09:41	xxb.exe 04d076299d2b644c61c5d7b164a0b73d RAT Malicious Library Malicious Packer UPX PE32 .NET EXE PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Discord Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	2 Keyword trend analysis	4	3		10.6	M	47	ZeroCERT

22916	2022-12-14 09:39	macol.exe b89438b8ad038b570457bc1bb4e80a73 Malicious Library UPX PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself	1 Keyword trend analysis	6	1		5.0	M	34	ZeroCERT

22917	2022-12-14 09:38	nera.exe dfed52cd06c72e47f4d109492d1d90f4 RAT PWS .NET framework UPX PE32 OS Processor Check .NET EXE PE File VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key		1			3.8		50	ZeroCERT

22918	2022-12-14 09:38	Yxiueeomw.jpeg 35b54727b9d1ce4ce7dda7830ca9ac88 RAT PE32 .NET DLL DLL PE File VirusTotal Malware					0.8		27	ZeroCERT

22919	2022-12-13 17:31	asdaas12.exe f3fd315aaf2c1b97a2e1544e0690bd98 Generic Malware Antivirus PE32 .NET EXE PE File PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key Downloader					10.0	M	30	ZeroCERT

22920	2022-12-13 17:29	demo.exe d16df5a6a394820b2271898b31703862 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX OS Processor Check PE File PE64 VirusTotal Malware Check memory crashed					1.6	M	28	ZeroCERT