Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
2731	2024-06-25 05:28	https://l.instagram.com/?23590... AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis Info https://business.instagram.com/micro_site/url/?event_type=click https://l.instagram.com/?23590132=virtaava23590132aafc0fa1466a40a290d168bebc935ce2&e=ATMTlv6QR7cLRPRi6BPCQnYyglYtbOn12xlUTzINqVw19qiSlaZJEDdkuuszqFrruIN-TZHW&s=1&u=https://business.instagram.com/micro_site/url/?event_type=click&site=igb&destination=https://www.facebook.com/ads/ig_redirect/?d=Ad8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE&a=1&hash=Ad_y5usHyEC86F8X%2323590132\|https://pbs.twimg.com/profile_images/1793260522952966144/qGnAVdxb_normal.jpg\|virtaava	3	1	3.8			guest

2732	2024-06-25 05:18	41e3f69ecc09290e_httperrorpage... dea81ac0a7951fb7c6cae182e5b19524 AntiDebug AntiVM Email Client Info Stealer Code Injection Check memory Checks debugger unpack itself installed browsers check Browser Email				3.2			guest

2733	2024-06-25 03:22	f3162d6a1d08f609_{c13cc5e4-325... cb227212b1977c3bb7cb402ada0417ee AntiDebug AntiVM MSOffice File Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				3.4			guest

2734	2024-06-25 02:50	http://l.instagram.com/?235901... Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	3 Keyword trend analysis Info http://l.instagram.com/?23590132=virtaava23590132aafc0fa1466a40a290d168bebc935ce2&e=ATMTlv6QR7cLRPRi6BPCQnYyglYtbOn12xlUTzINqVw19qiSlaZJEDdkuuszqFrruIN-TZHW&s=1&u=https://business.instagram.com/micro_site/url/?event_type=click&site=igb&destination=https://www.facebook.com/ads/ig_redirect/?d=Ad8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE&a=1&hash=Ad_y5usHyEC86F8X%2323590132\|https://pbs.twimg.com/profile_images/1793260522952966144/qGnAVdxb_normal.jpg\|virtaava https://business.instagram.com/micro_site/url/?event_type=click https://l.instagram.com/?23590132=virtaava23590132aafc0fa1466a40a290d168bebc935ce2&e=ATMTlv6QR7cLRPRi6BPCQnYyglYtbOn12xlUTzINqVw19qiSlaZJEDdkuuszqFrruIN-TZHW&s=1&u=https://business.instagram.com/micro_site/url/?event_type=click&site=igb&destination=https://www.facebook.com/ads/ig_redirect/?d=Ad8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE&a=1&hash=Ad_y5usHyEC86F8X%2323590132\|https://pbs.twimg.com/profile_images/1793260522952966144/qGnAVdxb_normal.jpg\|virtaava	3	2	4.2			guest

2735	2024-06-24 15:51	pumairld.txt.ps1 19a7f5e2e7fd8e14d8129dcdf6c8b992 Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows Discord ComputerName DNS Cryptographic key		2	3	8.4		17	ZeroCERT

2736	2024-06-24 15:45	nyctalopicAWm.ps1 ce1d9b1f2993eb46aa483c2f5790ad58 Generic Malware Antivirus VirusTotal Malware Check memory Checks debugger unpack itself WriteConsoleW Windows ComputerName Cryptographic key crashed	1 Keyword trend analysis			3.0		22	ZeroCERT

2737	2024-06-24 15:32	pinspotterEtbYF.php.ps1 b07664f8abb0f1883e2adaa70e10ffcb Generic Malware Antivirus unpack itself WriteConsoleW Windows Cryptographic key	1 Keyword trend analysis			0.8			ZeroCERT

2738	2024-06-24 14:38	BST.msi fe821027dfc49e8017c2cc50974a00b4 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX MSOffice File CAB OS Processor Check PE File DLL PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AppData folder AntiVM_Disk suspicious TLD VM Disk Size Check Tofsee ComputerName DNS		3	3	3.2		19	ZeroCERT

2739	2024-06-24 11:36	George.exe 5bb3677a298d7977d73c2d47b805b9c3 UPX PE File PE32 VirusTotal Malware unpack itself Remote Code Execution				2.4	M	25	ZeroCERT

2740	2024-06-24 11:06	ChatLife.exe 033e16b6c1080d304d9abcc618db3bdb Suspicious_Script_Bin Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName				5.4	M	17	ZeroCERT

2741	2024-06-24 11:04	a.dll e543d220625ff34807f7418a638f0775 Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware Remote Code Execution				1.0		7	ZeroCERT

2742	2024-06-24 11:04	a.hta 2114cf2cbdbbbdd823bf2bf4db1551c0 Check memory RWX flags setting ComputerName	2 Keyword trend analysis			0.8			ZeroCERT

2743	2024-06-24 11:01	kissingisbestforcatwalkonthebe... b380556670eaff97d6dfb34144e8cbc5 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	3	1	4.6	M	38	ZeroCERT

2744	2024-06-24 11:01	new_image.jpg.exe 37302bd46eae616c2240bb480935648a Malicious Library UPX PE File DLL PE32 OS Processor Check .NET DLL VirusTotal Malware PDB				0.8		18	ZeroCERT

2745	2024-06-24 07:51	limba.exe 3e767dd673e06387e35d7362d89ddea1 Themida Packer Generic Malware Malicious Packer Anti_VM PE File PE32 ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory buffers extracted unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName Firmware DNS Software crashed	1 Keyword trend analysis	5	8 Info ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)	14.8	M	28	ZeroCERT