Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
301	2024-09-07 17:08	tm.vbs e0b9a7748f289bbcdac5546c26475fef VirusTotal Malware VBScript AutoRuns WMI wscript.exe payload download unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName DNS DDNS Dropper		2	1		10.0	M	29	ZeroCERT

302	2024-09-07 17:06	java.js 961caa8b91ecbca3ce8601dc4a515e51 Antivirus MSOffice File VirusTotal Malware Check memory heapspray unpack itself Java					4.8	M	28	ZeroCERT

303	2024-09-07 17:06	sheisgoodgirlaroundmewholovedm... 2aaf86224ef3338f2f4817f3684487b4 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	1		4.4	M	28	ZeroCERT

304	2024-09-07 17:05	Chrome.exe f90a0ca2766ad3e02c15fe5622546d01 Gen1 Generic Malware Malicious Library ASPack UPX Malicious Packer Anti_VM PE File PE64 OS Processor Check DLL ZIP Format VirusTotal Malware Creates executable files					2.4	M	24	ZeroCERT

305	2024-09-07 17:04	verynicegirlwantihavetokissher... afb14dcb82dbb041183e8d492c415a13 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	1		4.8	M	41	ZeroCERT

306	2024-09-07 17:04	equitozzmondayMPDW-constraints... ac45ec4efd718861d4c51a619be863a1 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1		7.6	M	4	ZeroCERT

307	2024-09-07 17:02	Installer.exe dcb050a81038862531cf2e23a095dbd0 Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself					2.6	M	38	ZeroCERT

308	2024-09-07 16:30	mony.exe d3d04b9a91899184dd243d0c9339928a Malicious Library PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces ComputerName DNS		1			4.2	M	55	guest

309	2024-09-06 15:38	http://213.21.220.222:8080 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File PNG Format JPEG Format VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		1	2		6.4			guest

310	2024-09-06 14:32	MeMpEng.exe cf43fda6634d7674690c8eaf6c348816 Formbook Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGen Browser Info Stealer VirusTotal Malware Checks debugger buffers extracted Creates executable files unpack itself AppData folder suspicious TLD Java Browser DNS	19 Keyword trend analysis Info http://www.onlytradez.club/k1y3/?skJ-Lus=J7VJwuuG4HUA4bFTkbQEdxkpMEpXPBCRRs+F1x6QwwkcPlqAPKpQJUUQrtsDqb7Q+tjdIUGQwp4fGorxq2J//mB+PqSTwbyLcRM9dR0EDrcHS/LNmgUR990rINKp1m+e5VNnNrk=&pvx3S=Xzx0sFPmCssrV - rule_id: 42373 http://www.zenzip.xyz/9pad/?skJ-Lus=1a5ATRlanZ3ATSTMsvfkUs0ciM8umoJS8y8kT4HdOCMJyW9sS8tB9dhHCXeYKtsB5QysC2Hg2jCPifAM2S09CoHR88nq9oCTqozYG6NauxPM4LjmZuBJG1m7wEgFKI64QDVX+78=&pvx3S=Xzx0sFPmCssrV - rule_id: 42371 http://www.32wxd.top/fqtd/ - rule_id: 42374 http://www.32wxd.top/fqtd/?skJ-Lus=NOGaE4zNJ3vPzwJVq9flFF94in2IcnN0bsRklEYFuNltL64f812fYl1xoipxw6mqFzyE6nPBnWGndAD5Tl5FPYyUit02KiWxxW2zK2p9R7C5MnzH/2vAyX3OoZI/vgfMfT+cSXI=&pvx3S=Xzx0sFPmCssrV - rule_id: 42374 http://www.zenzip.xyz/9pad/ - rule_id: 42371 http://www.51cc.top/7i54/?skJ-Lus=SgV//QM+kZDZSmca7ISHR4U/9iG4TLn30ssUgf4MDLRPguhpDtuGIpE5eby1mFBEyx9n6ho2rfFD9SDq3nlePS+8rBqg/0cGFsBGWXu5QF07X9CUnUPZux9wfWAAZevyIeAs5Qc=&pvx3S=Xzx0sFPmCssrV - rule_id: 42370 http://www.foundation-repair.biz/5l7s/ - rule_id: 42369 http://www.foundation-repair.biz/5l7s/?skJ-Lus=5i9IxHyDCONgw46qIHGeUvwlYzbtgN8gQUqUIjK6jcHsfbLgiJ2s3wDRXgbc+h/bICwzf3ddx8E1HmjHsyEg1i4ki39GGAPq3qClCRMeu9QIBTg/A11C17kmPPIEN81gm2sAq9Q=&pvx3S=Xzx0sFPmCssrV - rule_id: 42369 http://www.sqlite.org/2019/sqlite-dll-win32-x86-3290000.zip http://www.2886080.xyz/eyiz/?skJ-Lus=XQ7d8vWNf2bTOhYYL6UJlqYAXy7Rg8V7tb7nan5iZXoOR23qJ7xYi6zjP0ZZPC1qNGRbW38doA+CklQhfBW16OH9GbU74opfrouVpsjlwzkQhOIIL+clvr6SJ5uB6xxabU5X5cQ=&pvx3S=Xzx0sFPmCssrV - rule_id: 42368 http://www.d71dg.top/qbiu/ - rule_id: 42375 http://www.2886080.xyz/eyiz/ - rule_id: 42368 http://www.51cc.top/7i54/ - rule_id: 42370 http://www.inmotarget.online/f94d/?skJ-Lus=qXxH1TkJqyQLN7K67UolPOrNVrH3EkVnBHKOJBevZlWzyIWqOcopXSkjMgAVQAiVcEwXsA2AXYdRBAjRF8/XmlFRLYiZtr82nLJKSk2mfCIs3NsTyuUwAMniQ4mBWHwlcbK0rUc=&pvx3S=Xzx0sFPmCssrV - rule_id: 42428 http://www.onlytradez.club/k1y3/ - rule_id: 42373 http://www.d71dg.top/qbiu/?skJ-Lus=cpFY4442L+Bmta8QONEKHiouDvWOZNVLDBDtb0iNjVMT9Lz9+WHyspHM09lzzQ6O3A+WaZO+gSWm6Q36us29ksmtCzg/K1sgttxXiQs+/4tLnxfFR1YWTQNZTBuvIfutPAZp0QU=&pvx3S=Xzx0sFPmCssrV - rule_id: 42375 http://www.inmotarget.online/f94d/ - rule_id: 42428 http://www.meetfactory.biz/xoqw/ - rule_id: 42372 http://www.meetfactory.biz/xoqw/?skJ-Lus=IHXCkUsJunCVOO2Hwv8L1/jebUXenMysZsXgVBD8KQgj+TIAwNGDK5EWhUbKXzAU4KMQODjr0cxiOqiC8Z91HBWngaVBBi9zW0XdtSpa8XSCv8AOb3sJWenXQ9ufn4pifwUOwgs=&pvx3S=Xzx0sFPmCssrV - rule_id: 42372	21 Info www.onlytradez.club(167.172.133.32) - mailcious www.zenzip.xyz(203.161.46.201) - mailcious www.inmotarget.online() - mailcious www.sgcwin77rtplive.fun() - mailcious www.foundation-repair.biz(199.59.243.226) - mailcious www.kej-sii.cloud() - mailcious www.2886080.xyz(103.249.106.91) - mailcious www.32wxd.top(206.119.82.116) - mailcious www.d71dg.top(154.23.184.60) - mailcious www.meetfactory.biz(72.14.185.43) - mailcious www.51cc.top(216.83.36.195) - mailcious 103.249.106.91 - mailcious 98.124.224.17 - mailcious 167.172.133.32 - mailcious 216.83.36.195 - mailcious 199.59.243.226 - phishing 203.161.46.201 - mailcious 206.119.82.116 - mailcious 45.33.6.223 198.58.118.167 - mailcious 154.23.184.60 - mailcious	6 Info ET INFO HTTP Request to a .top domain ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1 ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2 ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3 ET DNS Query to a .top domain - Likely Hostile ET INFO Observed DNS Query to .biz TLD	18 Info http://www.onlytradez.club/k1y3/ http://www.zenzip.xyz/9pad/ http://www.32wxd.top/fqtd/ http://www.32wxd.top/fqtd/ http://www.zenzip.xyz/9pad/ http://www.51cc.top/7i54/ http://www.foundation-repair.biz/5l7s/ http://www.foundation-repair.biz/5l7s/ http://www.2886080.xyz/eyiz/ http://www.d71dg.top/qbiu/ http://www.2886080.xyz/eyiz/ http://www.51cc.top/7i54/ http://www.inmotarget.online/f94d/ http://www.onlytradez.club/k1y3/ http://www.d71dg.top/qbiu/ http://www.inmotarget.online/f94d/ http://www.meetfactory.biz/xoqw/ http://www.meetfactory.biz/xoqw/	6.4	M	18	ZeroCERT

311	2024-09-06 14:23	66d97993e0460_stealc_w9.vmp.ex... a79fa370fdeecbb187f96558a76534b5 Generic Malware Malicious Library UPX PE File PE32 VirusTotal Malware					2.2	M	51	ZeroCERT

312	2024-09-06 14:21	66ba1a1880f9e_crypta.exe#kiscr a8b732ee59958581b2d5c62bb5b60c7a Stealc Client SW User Data Stealer ftp Client info stealer Generic Malware Malicious Library Malicious Packer .NET framework(MSIL) UPX ASPack Http API PWS AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check Malware download FTP Client Info Stealer VirusTotal Malware c&c Buffer PE PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Collect installed applications suspicious process sandbox evasion WriteConsoleW anti-virtualization installed browsers check Stealc Stealer Windows Browser ComputerName Remote Code Execution DNS Software plugin	3 Keyword trend analysis	1	8 Info ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	2	16.4	M	55	ZeroCERT

313	2024-09-06 14:21	66d98aa7bea3e_newPrime.exe#rea... c4d092354c3f964ee1d9671f2517a6c9 Malicious Library UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName Remote Code Execution					3.6	M	43	ZeroCERT

314	2024-09-06 14:19	66d9da4dc547c_vrge12.exe#d12 b34fcafdfc4ddbe4db51b22dd618b8d9 Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Malicious Library Antivirus Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer Malware download Vidar VirusTotal Malware c&c PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications malicious URLs sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser ComputerName DNS plugin	2 Keyword trend analysis	1	5 Info ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	1	13.6	M	41	ZeroCERT

315	2024-09-06 14:18	66d9de22f231f_crypted.exe#1 e600b6015b0312b52214f459fcc6f3c2 RedLine stealer Malicious Library Antivirus .NET framework(MSIL) ScreenShot PWS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft Buffer PE PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	5	7 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		16.2	M	44	ZeroCERT