Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
3511	2024-06-03 07:35	@DDRI2_2.exe 1cfa70c1b2f1eb15d9f6b0d502095360 Gen1 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check DLL ZIP Format VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Remote Code Execution				2.6	M	21	ZeroCERT

3512	2024-06-03 07:31	abc.exe 0423137cc78e3e3d7af3ecb534847d1b Malicious Library PE64 PE File VirusTotal Malware RWX flags setting DNS		1		3.2	M	62	ZeroCERT

3513	2024-06-03 07:29	logo2.jpg 74330f4c8e412ee96b41d01561ed1873 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed				2.4	M	55	ZeroCERT

3514	2024-06-03 07:29	SCP.Desktop.Client.IssueView.e... fc8a44c4044a479d678d7ecca1825be6 Emotet Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key				2.4	M	20	ZeroCERT

3515	2024-06-03 07:27	GetFormsOnline.b1b4093ff0ac420... 72c1f55ceb95184b435249f2b2c1daa3 Generic Malware Malicious Library UPX PE File PE32 DLL OS Processor Check BMP Format VirusTotal Malware Check memory Creates executable files unpack itself Check virtual network interfaces AppData folder sandbox evasion Tofsee	2 Keyword trend analysis	6	1	5.2	M	34	ZeroCERT

3516	2024-06-03 07:27	abc.ps1 33d57171c178785001cbdb8aff121710 Generic Malware Antivirus VirusTotal Malware unpack itself				1.4	M	36	ZeroCERT

3517	2024-06-03 07:25	Zinker.exe b11913361b2d4c43c00c1969184050a8 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed				2.4		52	ZeroCERT

3518	2024-06-03 07:25	volumeinfo.exe e817cc929fbc651c5bdab9e8cca0d9d9 Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself ComputerName				2.6	M	49	ZeroCERT

3519	2024-06-01 23:55	http://k0iyj8.bksinghgloballea... 907619edc8ff1338fe484f1d582d5f25 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit Java DNS crashed	3 Keyword trend analysis	4	4	4.2			guest

3520	2024-06-01 09:02	360TS_Setup_Mini_WW.Peter.CPI2... 2de14d82238bf5395e0b95e551ab8e00 HermeticWiper Generic Malware PhysicalDrive Malicious Library Downloader Malicious Packer UPX Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges PWS Internet API AntiDebug AntiVM PE File PE32 CAB OS Processor Check DLL PNG Format VirusTotal Malware PDB Check memory Creates executable files ICMP traffic unpack itself AppData folder malicious URLs AntiVM_Disk China anti-virtualization VM Disk Size Check human activity check Tofsee Windows Remote Code Execution	8 Keyword trend analysis Info http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=WW.Peter.CPI202405&os=6.1&mid=fa7bb520099706f4d9615c3663eacc55&state=153 http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1103.exe http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fa7bb520099706f4d9615c3663eacc55&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=656&tdl=656&tds=656&terr=0&tes=Status\|1,ErrorCode\|0,DnCount\|6,HttpNum\|1,DnFailCount\|6,FStatus\|1,P2SS\|656,P2PS\|0,PDMode\|2&tfl=656&tp=t&tst=1&ttdl=656&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS http://sd.p.360safe.com/AC05282966EF28F0BC58DFBBE2E9591EF2A43BD6.trt http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=WW.Peter.CPI202405&os=6.1&mid=fa7bb520099706f4d9615c3663eacc55&state=9 http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fa7bb520099706f4d9615c3663eacc55&mod=360Installer.exe&ph=BA320C501D0312BEC018E22653081CCD&p2p=1&t_id=360TS_Setup.exe&tads=20754835&tdl=103774176&tds=21074244&terr=0&tes=Status\|1,ErrorCode\|0,DnCount\|24,HttpNum\|19,DnFailCount\|23,FStatus\|1,P2SS\|103774176,P2PS\|0,PDMode\|3&tfl=103774176&tp=t&tst=1&ttdl=103774176&ttm=5000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS https://orion.ts.360.com/installapp?c=&ch=WW.Peter.CPI202405&sch=0&ver=11.0.0.1103&lan=en&os=6.1-x64&mid=fa7bb520099706f4d9615c3663eacc55&time=1717228204&checksum=B8925F61EE911EB0BB940A15	21 Info sd.p.360safe.com(54.230.169.19) tr.p.360safe.com(54.76.174.118) int.down.360safe.com(13.225.114.95) st.p.360safe.com(54.77.42.29) iup.360safe.com(54.230.61.34) orion.ts.360.com(82.145.215.152) s.360safe.com(54.255.136.181) 54.230.61.65 13.225.114.36 13.225.114.95 54.254.196.234 54.255.136.181 54.77.42.29 54.76.174.118 13.225.114.61 82.145.215.156 54.230.61.95 54.230.169.8 13.225.114.50 54.230.61.39 54.230.61.34	5 Info ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false) ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true change port flag false) ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag true) ET POLICY PE EXE or DLL Windows file download HTTP SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	7.8		2	ZeroCERT

3521	2024-06-01 09:01	ld.exe 71efe7a21da183c407682261612afc0f Generic Malware Malicious Library Malicious Packer Antivirus UPX PE64 PE File OS Processor Check Browser Info Stealer Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates shortcut unpack itself suspicious process AntiVM_Disk sandbox evasion WriteConsoleW Ransom Message Turn off Windows Error Recovery notification window anti-virtualization IP Check VM Disk Size Check installed browsers check Ransomware Windows Browser ComputerName DNS	2 Keyword trend analysis	3	4	13.4	M	61	ZeroCERT

3522	2024-06-01 09:00	gps_1688.exe c2c6ca7a9dea1fc9708b57d3ae1d9bc7 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB Check memory RWX flags setting unpack itself				2.2	M	8	guest

3523	2024-06-01 08:56	RambledMimets.exe 19b9de641a480be1236dd9712d9ccc10 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed				2.2	M	31	ZeroCERT

3524	2024-06-01 08:54	newlionscameonthejungletheyare... 6fd5b991c985e807a1e46cba0bed3d67 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed	3 Keyword trend analysis	6	2	4.2	M	32	ZeroCERT

3525	2024-06-01 08:53	WxWorkMultiOpen.exe 2ddfe23a170af97ebbfe8ccc260ef462 Generic Malware Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware PDB suspicious privilege sandbox evasion				1.8	M	23	ZeroCERT