Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
3541	2024-05-31 10:16	bind_tcp.hta 248aa4289e3739f172987f89212e4093 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process Windows ComputerName Cryptographic key					6.0	M	36	ZeroCERT

3542	2024-05-31 10:15	dl.php 27818a4fe57d322127c3311959c5af69 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself					2.2	M	37	ZeroCERT

3543	2024-05-31 10:14	reverse_http.msi c16d8d4e2bcfb175ad690580b3502218 Generic Malware MSOffice File suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName DNS		1			4.0	M		ZeroCERT

3544	2024-05-31 10:12	bind_tcp_uuid.hta bce1078c57268ef42732dc651d2049c9 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process Windows ComputerName Cryptographic key					6.0	M	38	ZeroCERT

3545	2024-05-31 10:11	go.exe f75b6c59b0a588f5aa42cf6fb6539043 Generic Malware Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check MSOffice File VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	8 Keyword trend analysis Info https://www.google.com/favicon.ico https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AS5LTATxuwqLZF9W2tFRur6AAMjZZzegu8Uc9os5rTDCz-9FnJwJL3FGcBzstw6VI25gRxWQu3d2 https://accounts.google.com/ https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AS5LTATIuOIgU7xXcTyyt-anRuWxkZ-hYvm4dSbo_mTWrEXVznOG9dCvO1ODC_oLu9z02jksJVaYdQ&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-1928505857%3A1717117655314845 https://accounts.google.com/generate_204?eli_sQ https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png	6	1		5.4	M	21	ZeroCERT

3546	2024-05-31 10:10	ReflectiveDll_poc.dll 5c71c670dbfa86ec09cd4cf344e53686 PE64 PE File DLL VirusTotal Malware Checks debugger					0.6	M	5	ZeroCERT

3547	2024-05-31 10:08	buildjudit.exe cc7933b503e061ddde7158e108f19cc3 Gen1 Generic Malware Malicious Library UPX Malicious Packer Antivirus Anti_VM PE64 PE File DLL OS Processor Check ftp wget VirusTotal Malware Check memory Creates executable files unpack itself					3.2	M	56	ZeroCERT

3548	2024-05-31 10:08	reverse_http.ps1 01afbe1110a8dc2eb754291bd28685a5 Generic Malware Antivirus VirusTotal Malware Check memory Checks debugger RWX flags setting unpack itself ComputerName crashed					3.2	M	34	ZeroCERT

3549	2024-05-31 10:07	NimDllPayload.dll 9b18a8a5506ae514acbeb369f3b9e9e0 UPX PE64 PE File DLL VirusTotal Malware Check memory crashed					1.0	M	12	ZeroCERT

3550	2024-05-31 10:06	buildjudit.exe c09ff1273b09cb1f9c7698ed147bf22e Gen1 Generic Malware Malicious Library UPX Malicious Packer Antivirus Anti_VM PE64 PE File DLL OS Processor Check ftp wget Check memory Creates executable files unpack itself					2.0	M		ZeroCERT

3551	2024-05-31 10:05	sarra.exe be49ac418959705d20f029634d85040f Anti_VM PE File PE32 Malware download VirusTotal Malware AutoRuns MachineGuid Checks debugger unpack itself Windows utilities Checks Bios Detects VMWare suspicious process WriteConsoleW VMware anti-virtualization IP Check Tofsee Windows RisePro ComputerName DNS crashed	1 Keyword trend analysis	5	5		9.6	M	39	ZeroCERT

3552	2024-05-31 10:05	Emuxedlljrbbjp.bat a33d1bcae258475e7ec293f1abf928e5 Gen1 Generic Malware Suspicious_Script_Bin Downloader Malicious Library Malicious Packer UPX Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Interception Windows ComputerName DNS Cryptographic key DDNS crashed		4	4		7.8	M	9	ZeroCERT

3553	2024-05-31 10:05	Qwsyldgxfuefxl.bat 3e942e68cf16c51d836d7762eaa2085d Gen1 Generic Malware Suspicious_Script_Bin Downloader Malicious Library Malicious Packer UPX Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Interception Windows ComputerName DNS Cryptographic key DDNS crashed		4	4		8.0	M		ZeroCERT

3554	2024-05-31 08:18	amers.exe f55d40b74d38f0fcea654437183a7b1e Amadey Emotet HermeticWiper Gen1 RedLine stealer RedlineStealer NPKI SmokeLoader Generic Malware UltraVNC PhysicalDrive Suspicious_Script_Bin EnigmaProtector NSIS Buhtrap Group Downloader Malicious Library Antivirus UPX Malicious Packer Admin Tool (Sy Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Cryptocurrency Miner Malware powershell Microsoft Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Auto service Detects VMWare Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VMware China Firewall state off anti-virtualization IP Check VM Disk Size Check human activity check installed browsers check PrivateLoader Tofsee Ransomware GameoverP2P Zeus Stealer Windows Browser Advertising ComputerName Trojan Banking Firmware DNS Cryptographic key Software crashed CoinMiner	37 Keyword trend analysis Info http://85.192.56.26/api/flash.php http://147.45.47.70/lend/lumma1234.exe http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=3b96717f137ac716bab250f817240788&mod=360Installer.exe&ph=BA320C501D0312BEC018E22653081CCD&p2p=1&t_id=360TS_Setup.exe&tads=14824882&tdl=103774176&tds=14571280&terr=0&tes=Status\|1,ErrorCode\|0,DnCount\|23,HttpNum\|18,DnFailCount\|22,FStatus\|1,P2SS\|103774176,P2PS\|0,PDMode\|3&tfl=103774176&tp=t&tst=1&ttdl=103774176&ttm=7219&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS http://185.172.128.69/download.php?pub=inte http://sd.p.360safe.com/AC05282966EF28F0BC58DFBBE2E9591EF2A43BD6.trt http://85.192.56.26/api/bing_release.php http://147.45.47.70/lend/file300un.exe http://5.42.66.10/download/123p.exe http://s.360safe.com/safei18n/query_env.htm?v611=DgY0MAEIaE8ANQABAACIxljg%2Bs3AO%2B0eWhzT0CCPWqvYqoW%2FAXsYCkM61lI%2BjOdsVPZofosJfkCESIQRWuogw%2Bxnis1yNTX%2BrFjUu6Agqzr7kjY%2FLdgky7wDkGwc1XBOmQC4lKBxt2mIp6Ntq%2FaVMIjGmvkz3VZAnrlTdRwC6RQbG5%2BLDjWJ1p%2FmKxXWoNNk700GNXR5xGTIwsxCwki4zsrmGoivJ0Qf9A45nkrMHdSG6RZfjTMCiFDkqsBk4iHajyAb4j%2F2JtKI4HfOJwBZ%2FBSRCThuwwfgVUkxwGsXYg37lTWkQgNdiCixMwoCkb770r4G4gQUR0%2FBAdU%2BEJinoJ3yydoquYw3e5hR%2BBmWS4tWrUz0bl9LrJXnrP5CcdiAJ3ITPstRbLsmxqf4VDOts1Z75JuBm6GmmA0kf4X7RZvIf2F8Ir5P0kmgaCKCvEm9ndsRxV5dZ%2F72AxQrWWc%3D http://147.45.47.70/lend/swizzzz.exe http://x1.i.lencr.org/ http://fleur-de-lis.sbs/jhgfd http://147.45.47.70/lend/fileosn.exe http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1054&pid=WW.Marketator.CPI20230405&os=6.1&mid=3b96717f137ac716bab250f817240788&state=9&dt=7&size=103774176&ds=14824882.29 http://147.45.47.149:54674/shop/kino.exe http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab http://185.172.128.19/ghsdh39s/index.php - rule_id: 38300 http://185.172.128.19/Newoff.exe - rule_id: 39892 http://147.45.47.70/lend/gold.exe http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1054&pid=WW.Marketator.CPI20230405&os=6.1&mid=3b96717f137ac716bab250f817240788&state=153 http://judgecaption.hair/load/download.php?c=1002 http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1103.exe http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=3b96717f137ac716bab250f817240788&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=656&tdl=656&tds=656&terr=0&tes=Status\|1,ErrorCode\|0,DnCount\|6,HttpNum\|1,DnFailCount\|6,FStatus\|1,P2SS\|656,P2PS\|0,PDMode\|2&tfl=656&tp=t&tst=1&ttdl=656&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS http://judgecaption.hair/load/download.php?c=1001 http://147.45.47.70/lend/33333.exe http://147.45.47.70/tr8nomy/index.php http://apps.identrust.com/roots/dstrootcax3.p7c https://free.360totalsecurity.com/totalsecurity/360TS_Setup_Mini_WW.Marketator.CPI20230405_6.6.0.1054.exe https://fleur-de-lis.sbs/jhgfd https://db-ip.com/demo/home.php?s= https://dj1a9dwix5pje.cloudfront.net/load/ddl.php?c=1001 https://bitbucket.org/qwizzi/tt522222/downloads/GroceryExtensive.exe - rule_id: 39693 https://pastebin.com/raw/E0rY26ni - rule_id: 37702 https://fleur-de-lis.sbs/post/File_294/setup294.exe https://orion.ts.360.com/installapp?c=&ch=WW.Marketator.CPI20230405&sch=0&ver=11.0.0.1103&lan=en&os=6.1-x64&mid=3b96717f137ac716bab250f817240788&time=1717128845&checksum=7B01354214C41247269FE750 https://yip.su/RNWPd.exe - rule_id: 37623 https://dj1a9dwix5pje.cloudfront.net/load/loader-1001.exe	77 Info free.360totalsecurity.com(54.192.175.109) db-ip.com(104.26.4.15) sd.p.360safe.com(13.225.129.154) lop.foxesjoy.com(104.21.66.124) - malware fleur-de-lis.sbs(172.67.213.39) ipinfo.io(34.117.186.192) gigapub.ma(51.75.247.100) yip.su(172.67.169.89) - mailcious st.p.360safe.com(54.77.42.29) iup.360safe.com(54.230.61.95) s.360safe.com(54.255.136.181) xmr-eu1.nanopool.org(54.37.137.114) - mailcious monoblocked.com(45.130.41.108) - malware download.winzip.com(23.43.165.155) dj1a9dwix5pje.cloudfront.net(18.64.13.95) int.down.360safe.com(18.244.61.79) x1.i.lencr.org(23.35.220.247) f000.backblazeb2.com(104.153.233.177) - mailcious bitbucket.org(104.192.141.1) - malware zeph-eu2.nanopool.org(51.68.137.186) - mailcious orion.ts.360.com(82.145.215.152) f.123654987.xyz(37.221.125.202) api64.ipify.org(104.237.62.213) api.myip.com(172.67.75.163) tr.p.360safe.com(54.76.174.118) judgecaption.hair(194.54.164.123) pastebin.com(104.20.3.235) - mailcious vk.com(87.240.132.67) - mailcious 54.230.61.65 94.232.45.38 - malware 54.77.42.29 104.20.3.235 - malware 54.230.61.95 64.185.227.155 104.26.5.15 18.244.61.37 172.67.169.89 185.215.113.67 - mailcious 77.91.77.33 - malware 34.117.186.192 185.172.128.19 - mailcious 147.45.47.149 18.244.61.79 51.195.138.197 5.42.66.47 - mailcious 18.64.13.203 54.230.61.39 54.230.61.34 91.202.233.232 - mailcious 45.130.41.108 - malware 172.67.19.24 - mailcious 104.153.233.177 - mailcious 51.75.247.100 54.255.136.181 18.244.61.7 23.52.33.11 194.54.164.123 - malware 13.225.129.190 104.21.66.124 - malware 37.221.125.202 185.172.128.69 - malware 5.42.66.10 - malware 104.192.141.1 - mailcious 172.67.213.39 121.254.136.9 104.26.9.59 54.76.174.118 54.192.175.109 18.244.61.49 82.145.215.156 87.240.132.78 - mailcious 185.172.128.82 - malware 185.172.128.159 - malware 23.43.165.153 85.192.56.26 147.45.47.70 - malware 51.15.65.182 - mailcious	33 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Microsoft net.tcp Connection Initialization Activity ET INFO Packed Executable Download ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DROP Spamhaus DROP Listed Traffic Inbound group 1 ET INFO TLS Handshake Failure ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true change port flag false) ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag true) ET MALWARE Amadey Bot Activity (POST) ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false) ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org) SURICATA Applayer Mismatch protocol both directions ET MALWARE Private Loader Related Activity (GET) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO EXE - Served Attached HTTP ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) ET MALWARE Suspected PrivateLoader Activity (POST) ET DROP Spamhaus DROP Listed Traffic Inbound group 14	5	40.8	M	41	ZeroCERT

3555	2024-05-31 07:52	well.exe 861859a608c8769febf142e752abb057 Client SW User Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library UPX Http API PWS Code injection Create Service Socket DGA ScreenShot Escalate priviledges Steal credential Sniff Audio HTTP DNS BitCoin I Browser Info Stealer Code Injection Check memory Checks debugger exploit crash unpack itself malicious URLs installed browsers check Exploit Browser crashed					5.4	M		ZeroCERT