Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
2911	2024-06-17 14:33	psyzh 0fece9d4a04aae570fa8673cc1fdb912 Malicious Library UPX PE File PE32 OS Processor Check unpack itself Remote Code Execution					1.4			ZeroCERT

2912	2024-06-17 14:26	file.rar eb8589a8b967f7be1a94b8ae4cb0a15c Vidar Escalate priviledges PWS KeyLogger AntiDebug AntiVM Malware download Cryptocurrency Miner Malware Telegram suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check Tofsee Windows Discord RisePro Remote Code Execution DNS CoinMiner	11 Keyword trend analysis Info http://176.111.174.109/psyzh http://5.42.66.10/download/th/space.php - rule_id: 39944 http://5.42.99.177/api/crazyfish.php - rule_id: 40006 http://apps.identrust.com/roots/dstrootcax3.p7c http://94.232.45.38/eee01/eee01.exe - rule_id: 39938 http://5.42.99.177/api/twofish.php - rule_id: 40008 http://80.78.242.100/d/385135 http://5.42.66.10/download/123p.exe - rule_id: 39935 https://lop.foxesjoy.com/ssl/crt.exe - rule_id: 40188 https://steamcommunity.com/profiles/76561199699680841 - rule_id: 40206 https://db-ip.com/demo/home.php?s=	34 Info db-ip.com(172.67.75.166) pool.hashvault.pro(142.202.242.45) - mailcious cdn-download.avgbrowser.com(23.199.47.133) api64.ipify.org(104.237.62.213) api.myip.com(104.26.8.59) steamcommunity.com(23.66.133.162) - mailcious lop.foxesjoy.com(104.21.66.124) - malware t.me(149.154.167.99) - mailcious ipinfo.io(34.117.186.192) cdn.discordapp.com(162.159.134.233) - malware vk.com(87.240.132.67) - mailcious iplogger.org(172.67.132.113) - mailcious 94.232.45.38 - malware 182.162.106.33 - malware 182.162.106.144 184.26.241.154 - mailcious 149.154.167.99 - mailcious 147.45.47.126 - mailcious 34.117.186.192 5.42.99.177 - mailcious 125.253.92.50 176.111.174.109 - malware 104.26.8.59 162.159.130.233 - malware 65.109.240.138 - mailcious 172.67.159.232 77.91.77.80 - malware 5.42.66.10 - malware 23.52.128.153 80.78.242.100 173.231.16.77 104.26.4.15 87.240.132.78 - mailcious 172.67.132.113	28 Info ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI ET INFO TLS Handshake Failure ET DROP Spamhaus DROP Listed Traffic Inbound group 30 ET DROP Dshield Block Listed Source group 1 ET DROP Spamhaus DROP Listed Traffic Inbound group 1 ET INFO Executable Download from dotted-quad Host SURICATA Applayer Mismatch protocol both directions ET INFO Observed Discord Domain (discordapp .com in TLS SNI) ET HUNTING Redirect to Discord Attachment Download ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET MALWARE [ANY.RUN] RisePro TCP (Token) ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET INFO Observed Telegram Domain (t .me in TLS SNI) ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Activity) SURICATA Applayer Wrong direction first Data	7	4.2	M		ZeroCERT

2913	2024-06-17 13:43	__x64___setup___x32__.zip 7e05adc41fe0d6484c3cc75893991a2f ZIP Format Malware Malicious Traffic Tofsee	2 Keyword trend analysis	3	1		1.2			ZeroCERT

2914	2024-06-17 13:37	NewKindR.exe fdafb92fc1868e533daa18f318d8e322 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself DNS		1			3.0	M	50	ZeroCERT

2915	2024-06-17 13:35	setup.exe 59f7c6aba00ac82304ed8e658ff4768f Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios suspicious process WriteConsoleW anti-virtualization Windows ComputerName DNS Cryptographic key		1			12.2	M	53	ZeroCERT

2916	2024-06-17 13:34	servoces64.exe 540c3c9ae1b97353b49de9a216532d72 Anti_VM PE64 PE File VirusTotal Malware					1.4	M	21	ZeroCERT

2917	2024-06-17 13:33	NewLatest.exe 07101cac5b9477ba636cd8ca7b9932cb Amadey Generic Malware Malicious Packer Malicious Library UPX PE File PE32 OS Processor Check PE64 Malware download Amadey VirusTotal Cryptocurrency Miner Malware AutoRuns Malicious Traffic Creates executable files unpack itself AppData folder Windows DNS CoinMiner	3 Keyword trend analysis	8	8 Info ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org)	3	6.4	M	38	ZeroCERT

2918	2024-06-17 13:31	monster.exe 3f4f5c57433724a32b7498b6a2c91bf0 Gen1 Generic Malware Malicious Library UPX Malicious Packer Antivirus Anti_VM PE64 PE File DLL OS Processor Check wget ftp VirusTotal Malware Check memory Creates executable files unpack itself					2.8	M	20	ZeroCERT

2919	2024-06-17 13:31	b2c2c1.exe f8ec725e4b969f157fd70166e73a56a3 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution DNS		1			3.2	M	51	ZeroCERT

2920	2024-06-17 13:29	setup222.exe 8677376c509f0c66d1f02c6b66d7ef90 Downloader PE64 PE File VirusTotal Malware MachineGuid Creates executable files Check virtual network interfaces Tofsee	1 Keyword trend analysis	3	1		3.0	M	32	ZeroCERT

2921	2024-06-17 13:27	dhl.exe fc58e29974c49a329c30188f5a468e08 Generic Malware Malicious Library PE File PE32 VirusTotal Malware AutoRuns Creates executable files unpack itself suspicious process Windows	1 Keyword trend analysis	2	1		5.2	M	64	ZeroCERT

2922	2024-06-17 13:26	chrome.exe d35043ced01af08d55ec8cb5d3f368c7 Generic Malware Malicious Library UPX DllRegisterServer dll PE File PE32 OS Processor Check VirusTotal Malware Remote Code Execution					2.0		47	ZeroCERT

2923	2024-06-17 11:20	adobe.exe 5fb6f9de46e67ad7d07418a02417aa92 UPX PE64 PE File VirusTotal Malware unpack itself					2.0		26	r0d

2924	2024-06-17 10:26	s.exe b7b18619464ce06f97278c1cf029a5cb Browser Login Data Stealer Generic Malware Malicious Packer Malicious Library UPX PE File PE32 Browser Info Stealer VirusTotal Malware Browser DNS		1	1		2.0	M	8	ZeroCERT

2925	2024-06-17 10:25	b.exe ccd45a73d555f6a89b06924e150680e5 Malicious Packer Malicious Library UPX PE File PE32 VirusTotal Malware Windows utilities suspicious process Windows	4 Keyword trend analysis	2	2		2.6		39	ZeroCERT