Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
3901	2024-05-22 10:12	Setup.exe a4e84bdb6fba7b3c5689b0f2bc5ec858 Generic Malware PE File PE32 PNG Format VirusTotal Malware Check memory Checks debugger unpack itself ComputerName Remote Code Execution crashed					2.8		12	ZeroCERT

3902	2024-05-22 10:12	RISO_Fox.exe 1ebac077529a8693f5b474fc0996d1d8 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.4		40	ZeroCERT

3903	2024-05-21 15:52	utradvices.scr 4422a3da13d83812a791341547d90b9a Malicious Library .NET framework(MSIL) UPX PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 ActiveXObject OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	3 Keyword trend analysis	6	7 Info ET DNS Query to a .tk domain - Likely Hostile ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check	1	13.8	M	26	ZeroCERT

3904	2024-05-21 15:52	loudzx.scr ed7336086b1e5267c0d4863325956be2 Generic Malware Malicious Library .NET framework(MSIL) UPX AntiDebug AntiVM PE File .NET EXE PE32 ActiveXObject OS Processor Check DLL Browser Info Stealer VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder Browser		15 Info www.primeplay88.org(91.195.240.19) www.mrart.co.kr(183.111.183.31) www.99b6q.xyz() www.besthomeincome24.com() www.xn--matfrmn-jxa4m.se(194.9.94.86) www.terelprime.com(66.96.161.166) www.kinkynerdspro.blog(54.38.220.85) www.aceautocorp.com(198.12.241.35) 91.195.240.19 - mailcious 54.38.220.85 - mailcious 66.96.161.166 45.33.6.223 194.9.94.85 - mailcious 183.111.183.31 198.12.241.35	1		10.8		38	ZeroCERT

3905	2024-05-21 15:47	Payment_Advice.scr 2e488e75f59f35f2a52e403254f6ac4b Malicious Library .NET framework(MSIL) UPX AntiDebug AntiVM PE File .NET EXE PE32 ActiveXObject OS Processor Check VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself					7.2		37	ZeroCERT

3906	2024-05-21 15:46	123.exe d1ec6dbbe13ed8451b267702350c12c6 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.4	M	58	ZeroCERT

3907	2024-05-21 15:44	pyramidzx.scr 8b55653ee4d81ebca0bdc88e3b5fc942 LokiBot Malicious Library .NET framework(MSIL) UPX PWS DNS AntiDebug AntiVM PE File .NET EXE PE32 ActiveXObject OS Processor Check VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs					8.2		32	ZeroCERT

3908	2024-05-21 07:26	oiii.exe a59664f37c25edaa69c39a65490ed3a9 HermeticWiper Generic Malware Malicious Library UPX PE64 PE File OS Processor Check JPEG Format PNG Format icon PE32 MSOffice File VirusTotal Malware PDB suspicious privilege buffers extracted Creates executable files unpack itself suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Ransomware Windows ComputerName Remote Code Execution crashed	3 Keyword trend analysis	2	2		6.8	M	16	ZeroCERT

3909	2024-05-21 07:25	RiseGood.exe 863fd1cebb05495d4ef4bb6c7333db30 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself WriteConsoleW crashed					2.4	M	40	ZeroCERT

3910	2024-05-21 07:25	file.exe 119e01fd513495f8f572f286b56e1563 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					2.4	M	34	ZeroCERT

3911	2024-05-21 07:23	winresinet.exe c3736d21ee30c4dd5eec74b630e39b46 Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check VirusTotal Malware crashed					0.8	M	8	ZeroCERT

3912	2024-05-20 12:08	net.exe 75a1801e4dc8e7c3deddae31b79d08f2 XMRig Miner Generic Malware Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check VirusTotal Malware unpack itself ComputerName					1.8	M	42	ZeroCERT

3913	2024-05-20 12:06	ph.exe 89cedf0a5b3833dc294ffc066350aebe Generic Malware Malicious Library Malicious Packer Antivirus UPX Escalate priviledges Code injection AntiDebug AntiVM PE File PE32 OS Processor Check PE64 VirusTotal Malware Buffer PE PDB Code Injection buffers extracted Creates executable files					5.6	M	52	ZeroCERT

3914	2024-05-20 11:24	dr.bat ce802b6e8add0c59b4c1ceea614bafa3 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware Code Injection Check memory RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Windows					3.8		2	ZeroCERT

3915	2024-05-20 10:49	AppStoreEvalLighthousePlugin.c... c0d7d66ce4b870e075e5d4b4f087383b AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.8			guest