Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
3286	2025-01-12 15:09	sd4.ps1 8e4e58aae2cbde03809f4a002788bd16 Generic Malware Antivirus VirusTotal Malware powershell Malicious Traffic Check memory unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1		4.8		1	ZeroCERT

3287	2025-01-12 15:07	ActivePod.ocx da2ab0623e5fd0a9ee8c26b935ab1297 Generic Malware Malicious Library UPX PE File DLL PE64 DllRegisterServer dll OS Processor Check VirusTotal Malware Checks debugger	1 Keyword trend analysis			1.0		7	ZeroCERT

3288	2025-01-12 15:06	gem1.exe d61ac037c333f1bc288c1a96a4db7c21 Malicious Library Socket Http API ScreenShot Escalate priviledges Steal credential Internet API AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer Malware download VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Collect installed applications sandbox evasion IP Check installed browsers check Tofsee Ransomware MeduzaStealer Stealer Browser Email ComputerName DNS crashed		3	9 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 7 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) SURICATA Applayer Protocol detection skipped	15.0		50	ZeroCERT

3289	2025-01-12 15:06	tmx.exe 6260e34e7f5b518f3937628626dab6df RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	6.2		60	ZeroCERT

3290	2025-01-12 14:43	beacon_x86.exe a40e4a8aaf476b3d9997d05489f87c2a Malicious Library UPX AntiDebug AntiVM PE File PE32 VirusTotal Malware AutoRuns Code Injection Check memory unpack itself Windows utilities suspicious process AppData folder Windows		3		7.0		52	ZeroCERT

3291	2025-01-12 14:40	install.bat 8524f6f843902e2d19f29a578f76adf6 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1		4.6		9	ZeroCERT

3292	2025-01-12 14:35	cbot.exe 800dcb9f93715f5ed7189be2e35aebd9 Malicious Library PE File PE64 VirusTotal Malware sandbox evasion Browser DNS		1		4.4		42	ZeroCERT

3293	2025-01-12 14:34	win.exe f6d520ae125f03056c4646c508218d16 XMRig Miner Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware unpack itself ComputerName				2.0		55	ZeroCERT

3294	2025-01-12 00:51	CShield.dll db5198ea4d04bad9c91dc04ba2033579 Malicious Library PE File DLL PE32 VirusTotal Malware				1.4	M	26	guest

3295	2025-01-10 21:34	ONHQNHFT.msi 829e5e01899cac6e4326893afbf5be82 MSOffice File CAB VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check ComputerName				3.0		25	ZeroCERT

3296	2025-01-10 16:50	svhost.exe 6b3b2c4cdcc210e868ca4c3dee9584e5 Generic Malware UPX PE File PE64 OS Processor Check VirusTotal Malware Check memory				0.8		13	ZeroCERT

3297	2025-01-10 12:58	install.msi 872cb99a4886350aa57b1c40bba29b1c Generic Malware Malicious Library MSOffice File CAB OS Processor Check VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName	1 Keyword trend analysis	98 Info gwyooeiscmwguqms.xyz() oqyaoykomyoygics.xyz() - oyewqwkusieeoqey.xyz() ggicikyqcaiyguee.xyz() ommwaqgaemsmcqwc.xyz() suwkomiqcykeyako.xyz() cauewwukyywyqiei.xyz() wuuiumemmigyyauq.xyz() - kwuuwgemogmuomwq.xyz() - ymseciekayuweoww.xyz() - uiggameqqycugsqw.xyz() yyimcoiwgckeakcm.xyz() ukyokaigmmkumgoa.xyz() - uecouukwkuceyuwg.xyz() maoeeogmuauywsyu.xyz() keosqeosukqcooco.xyz() awyomscgweuqmgaw.xyz() awwomgcseeqwkkom.xyz() oyocwswugeiqqyoo.xyz() akueuaicusaoieiy.xyz() qwywqgsmgaoiwsga.xyz() ewacuagosgqmuocm.xyz() eyoyssauceguqwmk.xyz() acwomuuukiomgqkm.xyz() keykoekseemyiewq.xyz() eyoaceoookqskqmy.xyz() ismqaewykmoiguki.xyz() eyiyueewuaqmmwcm.xyz() osmoygyawqmmimkq.xyz() qcoysaaooaiccqyu.xyz(193.32.177.34) ekcwemuekgqsimae.xyz() qiswokuokugiooky.xyz() immyecuqwkiyscys.xyz() sauygqecsusickcu.xyz() saumycuogqsqykes.xyz() oekcyqqggaegsesm.xyz() goeykqccmemkswom.xyz() keguuyioweymiaws.xyz() osaymwoggqqycmse.xyz() isaeicumkcuwqmqq.xyz() smaaowemwiwggocu.xyz() eqakguiwiqacqiwg.xyz() ososwckwcqmmwqcy.xyz() qwqsoyoqkymakowm.xyz() kkcqgowgkcoyokcu.xyz() ymqaaskiwomkucuy.xyz() wuokiysmiucoucak.xyz() smoswyoekkccyuga.xyz() gwwcqeykmseicgaw.xyz() wgcaouuqqqwucogy.xyz() ymmcwogyimsuqmcc.xyz() qqqmeagkkosgcayo.xyz() ukicsmiwggcwksam.xyz() gwamoggwyegsseao.xyz() ymuiggyusggsymoi.xyz() ymysimqoykwqeqiq.xyz() qcyksokwumicscaa.xyz() kkwkgmcoawgaoiwg.xyz() immcqsiceooqyaay.xyz() iyaikmkkowcqemsi.xyz() qigcqiaomwieqwka.xyz() smckcsaioceiyasu.xyz() eswweuycwwiiykwo.xyz() owaaygsacguucaye.xyz() iagisciiyoemgwaa.xyz() kwmcuwccqmuecgea.xyz() isemauqkwwiumyky.xyz() ukaiiiyqoooycyqm.xyz() omgooecquoweeomo.xyz() wucwykasawokemaw.xyz() smwsugycuuckemue.xyz() - esiaisyasoaoqwki.xyz() - uwgicagyykoommga.xyz() - aksuakswwkiimamq.xyz() - omsqkuiwcwoegooq.xyz() - maiyuocqqiqiiskw.xyz() - omgcoecwsqiuqyug.xyz() - gwoyamckoqoaauoq.xyz() - ysiwwoeeaaskykaw.xyz() - qiswcssocuqsaqkq.xyz() - osaeyoiqoqawauga.xyz() - wgqyouayikuyuqmk.xyz() - kecgikusmakuksma.xyz() - omasqkwqyskcagwi.xyz() - auayomwkewcomwas.xyz() - goguooqkgysueime.xyz() - muwqwgaaymomgwmi.xyz() - uksgyqiqaaiaiesi.xyz() - gcmiymmqgwuquokm.xyz() - giqukkwwcwgqcisg.xyz() - kwaywmaequkqccai.xyz() - esimsqgcwwwmyoqc.xyz() - imigkomgmqgmakqk.xyz() - ukmcqucewskcqygg.xyz() - ysawassgkwqygmmq.xyz() - kqmsgskwgemyueya.xyz() - imgeoyougkmmeuec.xyz() - 193.32.177.34		2.4	M	13	ZeroCERT

3298	2025-01-10 12:10	tnn.ps1 09f0fba23eae6e1f13662796cca68e88 Generic Malware Antivirus UPX PE File PE64 OS Processor Check VirusTotal Cryptocurrency Miner Malware Cryptocurrency powershell Check memory buffers extracted Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key BitCoinMiner CoinMiner	1 Keyword trend analysis	4	6 Info ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET COINMINER W32/BitCoinMiner.MultiThreat Subscribe/Authorize Stratum Protocol Message	7.8	M	13	ZeroCERT

3299	2025-01-10 12:04	DyM4yXX.exe 67b35433e066311e95419af40384dd92 Generic Malware Malicious Library Malicious Packer UPX DGA Http API ScreenShot HTTP DNS Internet API AntiDebug AntiVM PE File DllRegisterServer dll PE32 OS Processor Check VirusTotal Malware Code Injection buffers extracted malicious URLs				6.6		40	ZeroCERT

3300	2025-01-10 12:01	totallysafe.msi 719bd119c819ed6b689bfbc8744c2617 Generic Malware Malicious Library MSOffice File CAB OS Processor Check VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName				2.8	M	34	ZeroCERT