Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
2596	2024-07-02 09:44	new_image2.jpg.exe 667baab9068512e49333a7c9dfba6a34 Malicious Library Antivirus .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself ComputerName					2.4		46	ZeroCERT

2597	2024-07-02 08:01	log2.exe 8bad626419244605cb6bfa7ffef1e8cc Emotet Gen1 Generic Malware NSIS PhysicalDrive Malicious Library Downloader ASPack Malicious Packer UPX Admin Tool (Sysinternals etc ...) Antivirus .NET framework(MSIL) Anti_VM Javascript_Blob PE File PE32 MZP Format OS Processor Check DllRegisterServer d Browser Info Stealer AutoRuns Check memory Creates executable files Windows utilities AppData folder WriteConsoleW installed browsers check Windows Browser	4 Keyword trend analysis	2			4.6	M		ZeroCERT

2598	2024-07-02 08:00	log1.exe f52824923a9ff5a93f42812255439a1c Emotet Gen1 PhysicalDrive Generic Malware NSIS NMap Malicious Library Downloader ASPack Malicious Packer UPX Admin Tool (Sysinternals etc ...) Antivirus .NET framework(MSIL) Javascript_Blob Anti_VM PE File PE32 MZP Format OS Processor Check DllRegisterSer Browser Info Stealer AutoRuns Check memory Creates executable files Windows utilities AppData folder WriteConsoleW installed browsers check Windows Browser	5 Keyword trend analysis	2			4.6	M		ZeroCERT

2599	2024-07-02 07:58	svchost.exe ad8b93be8ce15ff47c2c079201bd17c9 Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	51	ZeroCERT

2600	2024-07-02 07:55	asec.exe 8962b367891c933d896bc4ed9c2cffba Generic Malware UPX Antivirus PE File PE32 PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities Disables Windows Security suspicious process WriteConsoleW Windows Update ComputerName Cryptographic key					9.0	M	45	ZeroCERT

2601	2024-07-02 07:54	kdmapper.exe afb27825d8a45bea2992eca0e060a968 Gen1 Emotet HermeticWiper Generic Malware NSIS NMap Malicious Library Malicious Packer UPX Downloader Admin Tool (Sysinternals etc ...) ASPack Anti_VM PE File PE32 MZP Format OS Processor Check DllRegisterServer dll HWP CAB ActiveXObject PE64 ftp VirusTotal Malware AutoRuns Check memory Creates executable files installed browsers check Windows Browser					4.0		69	ZeroCERT

2602	2024-07-02 07:54	buildcr.exe 88932ab33c38072946abc06b426d33b8 [m] Generic Malware Generic Malware Suspicious_Script_Bin task schedule Malicious Library UPX Socket DGA Http API ScreenShot PWS DNS Internet API AntiDebug AntiVM PE File PE32 OS Processor Check Malware download Dridex VirusTotal Malware Microsoft AutoRuns Code Injection Checks debugger buffers extracted Creates executable files unpack itself Windows utilities AppData folder malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS	3 Keyword trend analysis	6	9 Info ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Potential Dridex.Maldoc Minimal Executable Request ET MALWARE Win32/Vodkagats Loader Requesting Payload ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET MALWARE Win32/Filecoder.STOP Variant Public Key Download ET POLICY PE EXE or DLL Windows file download HTTP	2	12.2	M	55	ZeroCERT

2603	2024-07-02 07:51	csrss.exe a273d142217177ab8013d6ebeafbc22f Malicious Library Malicious Packer Antivirus UPX PE File PE64 OS Processor Check PDB Check memory Checks debugger ComputerName Remote Code Execution					1.6	M		ZeroCERT

2604	2024-07-02 07:49	IHBHXXQF.exe 5f4de1a8ed39bdcaf3e4c6d5fa547fc2 Gen1 HermeticWiper Malicious Library UPX Malicious Packer ASPack Anti_VM PE File PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check					3.2	M	14	ZeroCERT

2605	2024-07-02 07:45	snukingorig2.5.exe 7d50650cd2ba63482d4caf875ae65a8e Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File PE32 Device_File_Check OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	1 Keyword trend analysis	2	3		8.8	M	33	ZeroCERT

2606	2024-07-02 07:45	igccu.exe bb1b8864e1d82735205d07d202c5d864 LokiBot Malicious Library Socket PWS DNS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	1		13.2	M	30	ZeroCERT

2607	2024-07-01 16:46	Update.js 365d4f4e6ffed01288e0fae6e352e8a5 VBScript wscript.exe payload download Tofsee crashed Dropper	1 Keyword trend analysis	2	2		10.0			guest

2608	2024-07-01 15:33	tsjtmfdm.pkg.exe 98cc12248c1dfc68103dd9fc4d959f68 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself					1.6		26	ZeroCERT

2609	2024-07-01 15:24	outbyte-pc-repair.exe 044b5657529471e023ee2da2dad94cfa Gen1 Generic Malware Malicious Library UPX Admin Tool (Sysinternals etc ...) Malicious Packer Antivirus Anti_VM PE File PE32 MZP Format OS Processor Check DLL DllRegisterServer dll ftp PE64 Browser Info Stealer VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger Creates executable files RWX flags setting unpack itself Checks Bios AppData folder AntiVM_Disk anti-virtualization VM Disk Size Check installed browsers check Tofsee Browser ComputerName crashed	1 Keyword trend analysis	4	1		8.2		3	ZeroCERT

2610	2024-07-01 15:06	ENC.zip 34dd73380e19295eef9c195a9f35c9b3 ZIP Format VirusTotal Malware Malicious Traffic Tofsee	8 Keyword trend analysis	2	1		1.6		3	ZeroCERT