Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
4126	2024-05-11 19:31	av_downloader.exe 8af4f985862c71682e796dcc912f27dc Malicious Library Malicious Packer UPX AntiDebug AntiVM PE File PE32 CAB VirusTotal Malware AutoRuns MachineGuid Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities Disables Windows Security Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS	1 Keyword trend analysis	1		9.0	M	45	ZeroCERT

4127	2024-05-11 19:31	Photo.scr 24eef227b95647e2ef8edf1b194d97ca Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware crashed				2.0	M	46	ZeroCERT

4128	2024-05-11 19:30	frideurpearoundhavesuchabeauti... c46f92a410d2ba774146b68c7f245d35 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS DDNS crashed	3 Keyword trend analysis	7	4	4.0	M	38	ZeroCERT

4129	2024-05-11 19:29	htm.exe 983f094cf97faca11916d717b22b64ca Malicious Library UPX PE File DllRegisterServer dll PE32 MZP Format VirusTotal Malware unpack itself Detects VMWare VMware Tofsee Interception crashed		2	1	3.4	M	48	ZeroCERT

4130	2024-05-11 15:05	mexicangirlsareverybeautifulan... 0d7ac12ba297bd78e159a43ea09b247c MS_RTF_Obfuscation_Objects RTF File doc buffers extracted ICMP traffic RWX flags setting exploit crash Tofsee Exploit DNS DDNS crashed	2 Keyword trend analysis	52 Info paste.ee(172.67.187.200) - mailcious forxlamfile.duckdns.org(192.3.101.142) 85.214.59.108 109.109.51.9 103.103.192.139 51.89.47.213 36.99.141.101 191.6.197.244 191.96.1.123 146.59.24.90 156.251.11.188 160.121.231.70 120.77.172.36 39.61.219.100 202.29.95.12 - malware 89.132.179.61 161.97.93.251 192.3.101.142 - malware 192.185.22.100 173.198.207.4 137.66.61.164 46.242.218.88 154.201.182.65 185.141.190.195 154.9.29.232 89.191.19.91 94.23.69.241 143.198.193.141 185.146.29.29 93.123.72.70 170.239.64.169 197.248.169.246 67.43.2.167 164.46.51.142 172.67.187.200 - mailcious 162.33.30.166 154.26.231.89 88.99.174.114 192.185.175.34 192.232.215.188 107.174.121.222 121.199.55.53 160.226.173.208 79.235.135.93 173.201.190.178 207.241.199.86 209.58.169.75 85.134.27.181 199.167.131.41 78.135.106.67 128.204.133.48 69.174.97.122	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 25 ET INFO DYNAMIC_DNS Query to a .duckdns .org Domain ET INFO DYNAMIC_DNS Query to .duckdns. Domain ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain	6.0			ZeroCERT

4131	2024-05-11 15:03	system32.exe d1c30d86c227f9c6669b9e3d45489ae0 Emotet Gen1 Generic Malware Malicious Library Antivirus UPX PE64 PE File CAB DLL PE32 .NET DLL powershell AutoRuns PDB suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows ComputerName Remote Code Execution DNS Cryptographic key		1		9.8			ZeroCERT

4132	2024-05-11 15:00	crypted_87ddcda6.exe 344a8dde0a6cc31070a057bac27be18f Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed				1.8	M	27	ZeroCERT

4133	2024-05-11 14:59	MSI.msi b4a482a7e96cfdef632a7af286120156 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX MSOffice File CAB OS Processor Check PE File DLL PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AppData folder AntiVM_Disk VM Disk Size Check Tofsee ComputerName		10	2	2.8	M	13	ZeroCERT

4134	2024-05-11 14:58	12345.exe 4f2c92a5edd8ce7a482694b9ad9ecbcf Generic Malware Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check VirusTotal Malware DNS		1		1.4	M	15	ZeroCERT

4135	2024-05-11 14:57	nomal1.exe 5c97b08df1ac8a00b3a618ec5a26aeae BitRAT Generic Malware Malicious Library Downloader Admin Tool (Sysinternals etc ...) Malicious Packer UPX PE File ftp PE32 OS Processor Check VirusTotal Malware AutoRuns suspicious privilege Check memory AppData folder BitRAT Windows ComputerName DNS DDNS keylogger		2	3	6.6	M	59	ZeroCERT

4136	2024-05-11 14:56	nom.exe 95939f7e0943f1428467c77c293e6036 Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware AutoRuns Check memory Creates executable files unpack itself suspicious process Windows DNS DDNS		2	2	8.4	M	63	ZeroCERT

4137	2024-05-10 22:23	AMIFUWINx64.exe 9afdd5c7a004d9c3839754036b3ca6c2 Generic Malware Malicious Library UPX PE File PE32 MZP Format OS Processor Check PE64 VirusTotal Malware Checks debugger unpack itself AppData folder crashed				2.4		3	guest

4138	2024-05-10 16:54	Analytics-2024-05-08-091812.ip... 7290bbf769109f0a486d81d551a3d0b0 AntiDebug AntiVM OS Processor Check Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				3.4			guest

4139	2024-05-10 10:08	morningiswakupwithacupoffcoffe... f1764942482f773318b6a6b736c8327d MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash unpack itself Tofsee Exploit DNS DDNS crashed	3 Keyword trend analysis	7	4	3.6	M	37	ZeroCERT

4140	2024-05-10 10:05	hjv.exe e25ecb676f67f979e48235335467ab31 NSIS Malicious Library UPX PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder				2.6	M	31	ZeroCERT