Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
38716	2021-11-05 09:34	YConsoleApp117all.exe b86c000007846c924e1f4a82a842686f RAT Generic Malware task schedule Antivirus AntiDebug AntiVM PE File PE32 .NET EXE Dridex TrickBot VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut ICMP traffic unpack itself suspicious process WriteConsoleW Kovter Windows ComputerName DNS Cryptographic key crashed		5	1		12.0		31	ZeroCERT

38717	2021-11-05 09:31	sefile2.exe 38055b609cbc5df14fd86be301eb6397 Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself RCE					2.6		23	ZeroCERT

38718	2021-11-05 09:31	9801_1635938030_9423.exe a26c091f560286c77dc695818846a27e RAT PWS .NET framework Gen1 Gen2 Generic Malware MPRESS UPX Malicious Packer Malicious Library ASPack PE File PE32 DLL .NET EXE OS Processor Check PE64 Malware download Raccoon VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency RecordBreaker Buffer PE MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted heapspray Creates executable files unpack itself Checks Bios Collect installed applications Detects VirtualBox Detects VMWare AppData folder VMware anti-virtualization installed browsers check Tofsee Stealer Windows Browser Email ComputerName RCE Firmware DNS crashed	9 Keyword trend analysis Info http://91.219.236.97//l/f/IKB87XwB3dP17Spzni02/70fba09628631dc7968147158bcd96dd2a63758b - rule_id: 7282 http://91.219.236.97//l/f/IKB87XwB3dP17Spzni02/70fba09628631dc7968147158bcd96dd2a63758b http://91.219.236.97//l/f/IKB87XwB3dP17Spzni02/3f01e0ee7d7616e1a5b10f5e09c686af287a09ab - rule_id: 7282 http://91.219.236.97//l/f/IKB87XwB3dP17Spzni02/3f01e0ee7d7616e1a5b10f5e09c686af287a09ab http://teleliver.top/mixmorty14 http://91.219.236.97/ - rule_id: 7282 http://91.219.236.97/ https://cdn.discordapp.com/attachments/899705176418578565/905408828730900501/malik_2.0.exe https://cdn.discordapp.com/attachments/896848939771367444/900335715949363280/Antesternal.exe	5	8 Info ET DNS Query to a .top domain - Likely Hostile ET INFO HTTP Request to a .top domain ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt	3	14.6		31	ZeroCERT

38719	2021-11-05 09:31	vbc.exe 2b12e8bec8e8469f62fd8469f5a8f417 RAT Generic Malware UPX AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself DNS	7 Keyword trend analysis Info http://www.sgpvbzw.com/bs8f/?rTIHm=VcAFbpst5hoStA4xyoBBe4jmHUZ7z4P8wzSZLmF+NZ34DFgukWtbBnPkXR//dm5eWUvNPNzg&AR0lI8=3fvpe http://www.bornholm-urlaub.info/bs8f/?rTIHm=GrpiHi+4Y6MdoUye3JOxqzeXFotLmKrwbYoX0FiqOVAho+aI9awmCKI4UeNGjqeithYcKcyI&AR0lI8=3fvpe http://www.eljkj.com/bs8f/?rTIHm=ftbPZ7dMfBjOzME6x3D2mpPirUb/Cf6WMtu/EK9D+rbfCbfEo11w5yJZT3f/FWT/xhBfpy5G&AR0lI8=3fvpe http://www.yozotnpasumo2.xyz/bs8f/?rTIHm=piWGFLC1+dPQsrx/4Dzx2N0yqVURvVIQyow38F6jBNs1M7R95ZXn8uBssDTHFK76CneOG/4f&AR0lI8=3fvpe http://www.swalayan.digital/bs8f/?rTIHm=geEfkjci97OTCJX4DKPyoGUqG/V1UxTKtuPeW68vjG5gR6fY8AMpEFXC1pyDY7q6q7m0S78C&AR0lI8=3fvpe http://www.handmadequatang.com/bs8f/?rTIHm=2dquk03pLdiH7YiAFVGxRN531CeCn1+K+8HPNLhDegKUPlUFBE5l5/PiO4hbWflYmF5HYOJo&AR0lI8=3fvpe http://www.rwilogisticsandbrokerage.com/bs8f/?rTIHm=O+ZFCK4COInkbeCtvcbM4cMiAd9wiFdBsN5Esn7lS6PC8Uc1RV355liD1/2ijziZVq0VIlSD&AR0lI8=3fvpe	18 Info www.swalayan.digital(198.54.117.210) www.yozotnpasumo2.xyz(150.95.255.38) www.handmadequatang.com(103.75.187.19) www.bornholm-urlaub.info(172.67.204.251) www.sgpvbzw.com(107.186.79.52) www.pinpinyouqian.xyz(176.113.70.78) www.eljkj.com(114.117.239.86) www.rwilogisticsandbrokerage.com(104.17.193.73) www.goodzza.net() 107.186.79.52 103.75.187.19 150.95.255.38 - mailcious 198.54.117.216 - phishing 104.21.44.234 104.17.196.73 - mailcious 114.117.239.86 91.209.70.71 176.113.70.78	2		9.8		32	ZeroCERT

38720	2021-11-05 09:30	vbc.exe 221ee3fdee780aa3b465ae9c6c20560b Loki PWS Loki[b] Loki.m Generic Malware UPX Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	2 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.6		26	ZeroCERT

38721	2021-11-05 09:30	bypass.txt.ps1 398676189544dc8480ecb361490f2c1d Generic Malware Antivirus VirusTotal Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	1		5.4		14	ZeroCERT

38722	2021-11-05 09:27	socks.exe 177f3023ad736fa45c52b45259175e70 SystemBC Malicious Packer Malicious Library PE File PE32 VirusTotal Malware AutoRuns unpack itself AntiVM_Disk VM Disk Size Check Windows DNS		2			3.6		48	ZeroCERT

38723	2021-11-05 09:25	sefile3.exe 243cfd8dcfcd15e22adaee76d4852471 Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself RCE					2.6		51	ZeroCERT

38724	2021-11-05 09:25	1302_1635887431_6241.exe a7194594cf6c6e4c5b683243caa5ca29 RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		2			9.6		42	ZeroCERT

38725	2021-11-05 09:25	2939_1635967838_5945.exe b3d831056b7b55304a06d7e0bfafbd44 Gen1 RAT Gen2 [m] Generic Malware Themida Packer Generic Malware task schedule Anti_VM Malicious Library UPX Malicious Packer ASPack Steal credential ScreenShot Http API AntiDebug AntiVM PE File PE32 DLL OS Processor Check JPEG Format PE64 Malware download Raccoon VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency RecordBreaker Buffer PE MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare AppData folder AntiVM_Disk suspicious TLD WriteConsoleW VMware anti-virtualization VM Disk Size Check installed browsers check Stealer Windows Browser Email ComputerName Firmware DNS crashed	9 Keyword trend analysis Info http://62.109.25.138/swhoct.exe http://91.219.236.97/ - rule_id: 7282 http://91.219.236.97/ http://91.219.236.97//l/f/nqB27XwB3dP17SpzZSzr/8208c133edf91a84b6f782f4ed0f8693b342c36c - rule_id: 7282 http://91.219.236.97//l/f/nqB27XwB3dP17SpzZSzr/8208c133edf91a84b6f782f4ed0f8693b342c36c http://teleliver.top/martinschpokers http://91.219.236.97//l/f/nqB27XwB3dP17SpzZSzr/88336169675bfeefbb16af1a9d74950c5ebfa987 - rule_id: 7282 http://91.219.236.97//l/f/nqB27XwB3dP17SpzZSzr/88336169675bfeefbb16af1a9d74950c5ebfa987 http://62.109.25.138/serwices.exe	4	9 Info ET DNS Query to a .top domain - Likely Hostile ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download) ET INFO HTTP Request to a .top domain ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download	3	18.0		37	ZeroCERT

38726	2021-11-05 09:24	1323_1635962037_1167.exe 036f4601b88c52668d279cf3fcce2a97 RAT PWS .NET framework Generic Malware Antivirus AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut ICMP traffic unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key crashed	2 Keyword trend analysis Info https://bitbucket.org/chege3/softwarellc/downloads/mell.bin https://bbuseruploads.s3.amazonaws.com/106c20d9-164b-4dd4-b490-03c87b0b7644/downloads/291e829a-706c-448b-8691-84b28b6ee892/mell.bin?Signature=obF3uGNzicfLJDvOFCqioVS3WXE%3D&Expires=1636073254&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=M4AHPxUlgmoZgxVCyagleDv_UaGESwPf&response-content-disposition=attachment%3B%20filename%3D%22mell.bin%22	11	1		14.0		33	ZeroCERT

38727	2021-11-05 09:23	Cube_WW14.bmp 7c53b803484c308fa9e64a81afba9608 RAT Gen1 Generic Malware Malicious Packer Malicious Library UPX ASPack PE File OS Processor Check PE32 .NET EXE PE64 DLL Browser Info Stealer Malware download VirusTotal Malware AutoRuns MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Disables Windows Security Check virtual network interfaces AppData folder AntiVM_Disk suspicious TLD sandbox evasion IP Check VM Disk Size Check Tofsee Windows Browser ComputerName RCE DNS crashed	32 Keyword trend analysis Info http://www.hzradiant.com/askhelp42/askinstall42.exe http://212.192.241.15/base/api/statistics.php http://staticimg.youtuuee.com/api/?sid=600653&key=bfe10d3bf124f043738c20f287bfc0c2 - rule_id: 5258 http://www.hzradiant.com/askinstall42.exe - rule_id: 7569 http://www.hzradiant.com/askinstall42.exe http://ip-api.com/json/ http://dataonestorage.com/search_hyperfs_209.exe - rule_id: 7576 http://dataonestorage.com/search_hyperfs_209.exe http://fouratlinks.com/stockmerchandise/zillaCPM/r4XZt5MYHpEdcdmzqr2D.exe http://fouratlinks.com/stockmerchandise/serious_punch_upd/HttpTwcyK3R6gQj7t7EY.exe http://fouratlinks.com/installpartners/ShareFolder.exe http://eguntong.com/pub33.exe - rule_id: 7568 http://eguntong.com/pub33.exe http://staticimg.youtuuee.com/api/fbtime - rule_id: 6464 http://apps.identrust.com/roots/dstrootcax3.p7c http://45.133.1.107/server.txt - rule_id: 7522 http://45.133.1.107/server.txt http://requestimedout.com/xenocrates/zoroaster http://fouratlinks.com/Widgets/FolderShare.exe http://fouratlinks.com/stockmerchandise/total_out_hand/v8hBqWuKscbjZRqNatPw.exe http://212.192.241.15/base/api/getData.php https://connectini.net/Series/SuperNitouDisc.php https://d.gogamed.com/userhome/22/any.exe - rule_id: 7571 https://d.gogamed.com/userhome/22/any.exe https://el5en1977834657.s3.ap-south-1.amazonaws.com/kak.exe - rule_id: 7573 https://el5en1977834657.s3.ap-south-1.amazonaws.com/kak.exe https://connectini.net/S2S/Disc/Disc.php?ezok=folderlyla1&tesla=7 https://cdn.discordapp.com/attachments/891006172130345095/905393686618193921/help0301.bmp - rule_id: 7572 https://cdn.discordapp.com/attachments/891006172130345095/905393686618193921/help0301.bmp https://ipinfo.io/widget https://cdn.discordapp.com/attachments/891021838312931420/902505896159113296/PL_Client.bmp - rule_id: 7575 https://cdn.discordapp.com/attachments/891021838312931420/902505896159113296/PL_Client.bmp	39 Info requestimedout.com(162.255.117.78) d.gogamed.com(104.21.59.236) imgs.googlwaa.com(45.136.113.13) - malware fouratlinks.com(199.192.17.247) t.gogamec.com(172.67.204.112) apps.identrust.com(23.216.159.9) iplis.ru(88.99.66.31) - mailcious ip-api.com(208.95.112.1) eguntong.com(194.87.185.127) f.gogamef.com(104.21.72.228) iplogger.org(88.99.66.31) - mailcious connectini.net(162.0.210.44) - mailcious ipinfo.io(34.117.59.81) dataonestorage.com(45.142.182.152) - malware cdn.discordapp.com(162.159.134.233) - malware www.hzradiant.com(194.163.158.120) el5en1977834657.s3.ap-south-1.amazonaws.com(52.219.66.51) staticimg.youtuuee.com(45.136.151.102) - mailcious 182.162.106.42 - mailcious 172.67.136.94 52.219.158.38 162.255.117.78 45.142.182.152 88.99.66.31 - mailcious 162.0.210.44 - mailcious 45.133.1.107 - malware 212.192.241.15 194.87.185.127 34.117.59.81 104.21.85.99 162.159.130.233 - malware 208.95.112.1 45.136.151.102 - mailcious 194.163.158.120 - malware 45.136.113.13 - malware 199.192.17.247 172.67.204.112 172.67.185.110 23.76.153.107	10 Info SURICATA Applayer Mismatch protocol both directions SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure ET POLICY External IP Lookup ip-api.com ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	10 Info http://staticimg.youtuuee.com/api/ http://www.hzradiant.com/askinstall42.exe http://dataonestorage.com/search_hyperfs_209.exe http://eguntong.com/pub33.exe http://staticimg.youtuuee.com/api/fbtime http://45.133.1.107/server.txt https://d.gogamed.com/userhome/22/any.exe https://el5en1977834657.s3.ap-south-1.amazonaws.com/kak.exe https://cdn.discordapp.com/attachments/891006172130345095/905393686618193921/help0301.bmp https://cdn.discordapp.com/attachments/891021838312931420/902505896159113296/PL_Client.bmp	14.8	M	49	ZeroCERT

38728	2021-11-05 09:23	kak.exe 3b25bb47c77da6404c1b75133ccf2b1f RAT Gen1 Gen2 Lazarus Family Emotet Trojan_PWS_Stealer Generic Malware Themida Packer UltraVNC Credential User Data Malicious Library UPX Malicious Packer ASPack Admin Tool (Sysinternals etc ...) Anti_VM Antivirus SQLite Cookie AntiDebug Ant Browser Info Stealer Malware download VirusTotal Malware AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios Detects VMWare Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk suspicious TLD sandbox evasion VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key crashed	69 Keyword trend analysis Info http://htagzdownload.pw/SaveData/SaveData.php?ezzabour=%7B%22NameOffer%22:%22BumperWw%22,%22ip%22:%22%22,%22country%22:%22KR%22,%22DateTime%22:%222021-11-05%2012:47%22,%22Device%22:%22TEST22-PC%22,%22PCName%22:%22test22%22,%22postcheck%22:%22False%22,%22tag%22:%22kenpachi2_lylaShare1_folderlyla1_foldershare_goodchannel_registry_goodchannel_installrox2_BumperWw%22,%22Os%22:%22WIN7%22,%22Browser%22:%22Internet%20explorer%22%7D http://www.hzradiant.com/askinstall42.exe - rule_id: 7569 http://www.hzradiant.com/askinstall42.exe http://eguntong.com/pub33.exe - rule_id: 7568 http://eguntong.com/pub33.exe http://dataonestorage.com/search_hyperfs_204.exe http://fouratlinks.com/Widgets/FolderShare.exe http://45.9.20.156/pub.php?pub=five http://fouratlinks.com/installpartners/ShareFolder.exe http://file.ekkggr3.com/lqosko/p18j/cust51.exe http://staticimg.youtuuee.com/api/fbtime - rule_id: 6464 http://212.192.241.15/service/communication.php http://45.133.1.182/proxies.txt - rule_id: 6139 http://fouratlinks.com/stockmerchandise/serious_punch_upd/HttpTwcyK3R6gQj7t7EY.exe http://186.2.171.3/seemorebty/il.php?e=jg1_1faf - rule_id: 4715 http://www.hzradiant.com/askhelp42/askinstall42.exe http://staticimg.youtuuee.com/api/?sid=578995&key=b4a44f7ae92b9b3dfe2bcb545627cb4d - rule_id: 5258 http://cloutingservicedb.su/campaign2/autosubplayer.exe http://212.192.241.15/base/api/statistics.php http://45.133.1.107/server.txt - rule_id: 7522 http://45.133.1.107/server.txt http://www.mrwenshen.com/askhelp59/askinstall59.exe http://fouratlinks.com/stockmerchandise/zillaCPM/r4XZt5MYHpEdcdmzqr2D.exe http://requestimedout.com/xenocrates/zoroaster http://www.mrwenshen.com/askinstall59.exe http://ip-api.com/json/ http://apps.identrust.com/roots/dstrootcax3.p7c http://privacytoolzfor-you6000.top/downloads/toolspab2.exe http://fouratlinks.com/stockmerchandise/total_out_hand/v8hBqWuKscbjZRqNatPw.exe http://212.192.241.15/base/api/getData.php http://www.google.com/ https://connectini.net/ip/check.php?duplicate=kenpachi2_registry_goodchannel_installrox2_BumperWw https://cdn.discordapp.com/attachments/891006172130345095/905726762028240896/4chee.bmp https://cdn.discordapp.com/attachments/891006172130345095/905797756076048394/IZI.bmp https://connectini.net/ip/check.php?duplicate=kenpachi2_non-search_goodchannel_lyloutta_Traffic https://dumancue.com/dd7c8e90c804f83b712eb175eb0daaef.exe https://cdn.discordapp.com/attachments/891006172130345095/905726625025511474/sloader0401.bmp https://d.gogamed.com/userhome/25/any.exe https://source3.boys4dayz.com/installer.exe https://ipinfo.io/widget https://iplogger.org/1Xxky7 https://www.listincode.com/ - rule_id: 2327 https://cdn.discordapp.com/attachments/893177342426509335/905791554113912932/uglinesses.jpg https://cdn.discordapp.com/attachments/891006172130345095/905757933961359380/wetsetup0401.bmp https://cdn.discordapp.com/attachments/891006172130345095/905917017234735184/Topov0402.bmp https://connectini.net/Series/kenpachi/2/goodchannel/KR.json - rule_id: 1972 https://connectini.net/ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_piyyyyWW https://cdn.discordapp.com/attachments/905701898806493199/905826613411864596/BumperWW.exe https://cdn.discordapp.com/attachments/891006172130345095/905857242451046431/CKBReFn.bmp https://iplogger.org/13LYu7 https://iplogger.org/1GWfv7 https://cdn.discordapp.com/attachments/891021838312931420/902505896159113296/PL_Client.bmp - rule_id: 7575 https://cdn.discordapp.com/attachments/891021838312931420/902505896159113296/PL_Client.bmp https://connectini.net/Series/SuperNitouDisc.php https://cdn.discordapp.com/attachments/896617596772839426/897483264074350653/Service.bmp https://cdn.discordapp.com/attachments/891006172130345095/905799227140083712/real0402.bmp https://connectini.net/S2S/Disc/Disc.php?ezok=folderlyla1&tesla=7 https://connectini.net/Series/configPoduct/2/goodchannel.json - rule_id: 1973 https://cdn.discordapp.com/attachments/905701898806493199/905894437480181790/Setup12.exe https://iplogger.org/12AVi7 https://litidack.com/af016c52b60489b5da52d037a2d6dd6b/dd7c8e90c804f83b712eb175eb0daaef.exe https://connectini.net/ip/check.php?duplicate=kenpachi2_registry_goodchannel_adxpertmedia_advancedmanager https://connectini.net/Series/Conumer4Publisher.php - rule_id: 1976 https://cdn.discordapp.com/attachments/891006172130345095/905750415910514738/5780_0401.bmp https://f.gogamef.com/userhome/25/1bec5879a5da641fb388046719b3c83e.exe https://cdn.discordapp.com/attachments/891006172130345095/905919347988508692/Passat0402.bmp https://connectini.net/Series/Conumer2kenpachi.php - rule_id: 1974 https://cdn.discordapp.com/attachments/891006172130345095/905393686618193921/help0301.bmp - rule_id: 7572 https://cdn.discordapp.com/attachments/891006172130345095/905393686618193921/help0301.bmp	78 Info fouratlinks.com(199.192.17.247) source3.boys4dayz.com(104.21.33.188) ipinfo.io(34.117.59.81) tambisup.com(91.206.15.183) - mailcious ip-api.com(208.95.112.1) apps.identrust.com(23.216.159.81) requestimedout.com(162.255.117.78) eguntong.com(194.87.185.127) www.hzradiant.com(194.163.158.120) t.gogamec.com(104.21.85.99) file.ekkggr3.com(172.67.162.110) - malware iplogger.org(88.99.66.31) - mailcious twitter.com(104.244.42.65) privacytoolzfor-you6000.top(5.8.76.207) cdn.discordapp.com(162.159.134.233) - malware telegram.org(149.154.167.99) www.mrwenshen.com(103.155.92.29) dumancue.com(172.67.134.37) el5en1977834657.s3.ap-south-1.amazonaws.com(52.219.158.22) www.listincode.com(149.28.253.196) - mailcious d.gogamed.com(104.21.59.236) yandex.ru(77.88.55.50) www.google.com(172.217.175.228) google.com(172.217.161.78) f.gogamef.com(172.67.136.94) htagzdownload.pw(35.205.61.67) connectini.net(162.0.210.44) - mailcious www.profitabletrustednetwork.com(192.243.59.12) - mailcious dataonestorage.com(45.142.182.152) - malware litidack.com(104.21.2.71) cloutingservicedb.su(104.21.39.127) staticimg.youtuuee.com(45.136.151.102) - mailcious 5.8.76.207 172.67.145.75 208.95.112.1 186.2.171.3 - mailcious 2.56.59.42 - mailcious 103.155.92.29 - malware 96.16.99.73 91.206.15.183 - mailcious 162.159.135.233 - malware 45.9.20.156 77.88.55.66 162.255.117.78 52.219.156.18 142.250.207.78 172.67.128.223 45.142.182.152 88.99.66.31 - mailcious 212.192.241.15 162.0.210.44 - mailcious 45.133.1.107 - malware 142.250.204.68 104.21.72.228 194.87.185.127 34.117.59.81 104.244.42.65 - suspicious 45.133.1.182 - malware 95.217.123.66 172.67.134.37 35.205.61.67 - mailcious 23.216.159.81 52.219.66.30 - malware 193.56.146.36 - malware 172.67.148.61 149.154.167.99 212.193.30.113 104.21.66.169 - malware 45.136.151.102 - mailcious 94.26.249.132 192.243.59.12 194.163.158.120 - malware 149.28.253.196 104.244.42.193 - suspicious 199.192.17.247 172.67.204.112 77.88.55.50 104.21.59.236	22 Info ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA Applayer Mismatch protocol both directions ET DNS Query to a .pw domain - Likely Hostile ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin ET INFO EXE - Served Attached HTTP ET INFO Packed Executable Download ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related ET INFO Executable Download from dotted-quad Host ET POLICY External IP Lookup ip-api.com ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET INFO HTTP Request to a .top domain ET DNS Query to a .top domain - Likely Hostile ET HUNTING Possible EXE Download From Suspicious TLD ET INFO TLS Handshake Failure ET INFO HTTP Request to a .pw domain ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin M2		25.2	M	45	ZeroCERT

38729	2021-11-05 09:23	ConsoleApp16.exe 519c77369218476103250e9d89e0db48 AgentTesla browser info stealer Generic Malware Google Chrome User Data Create Service Socket Code injection Sniff Audio KeyLogger Escalate priviledges Downloader AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key crashed keylogger		2			11.4		23	ZeroCERT

38730	2021-11-05 09:21	187.exe 72f4779d8e2878b5aefb4fca91c7c5b0 RAT Generic Malware UPX AntiDebug AntiVM PE File PE32 .NET EXE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Check virtual network interfaces anti-virtualization Tofsee Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	5	1		8.4			ZeroCERT