Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
43501	2024-03-17 10:54	reverse.exe 8112ccd12e36db77368fd7870395e09b PE File PE64 VirusTotal Malware DNS crashed		1		3.6	M	65	ZeroCERT

43502	2024-03-17 10:55	987123.exe acbc25eea9ca672493f170df3a5c3226 Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware unpack itself Remote Code Execution				1.6	M	30	ZeroCERT

43503	2024-03-17 10:55	libcurl.dll 202b52616e161f48345302c2cf3dcb71 Malicious Library UPX PE File DLL PE64 OS Processor Check VirusTotal Malware PDB Checks debugger unpack itself crashed				2.0	M	13	ZeroCERT

43504	2024-03-17 10:57	current.exe 4c3b47b75d32218706df654359d4295a Malicious Library UPX PE32 PE File OS Processor Check unpack itself Remote Code Execution				1.0	M		ZeroCERT

43505	2024-03-17 10:57	emailbox.exe 83e5d8ae4bda535c4b5e28ce87e0c611 Craxs RAT Socket AntiDebug AntiVM PE32 PE File .NET EXE PNG Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency PDB MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications AntiVM_Disk sandbox evasion anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Browser RisePro Email ComputerName DNS Software	2 Keyword trend analysis	7	8 Info ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) ET MALWARE RisePro CnC Activity (Outbound)	14.4	M	39	ZeroCERT

43506	2024-03-17 10:59	Soft.exe cc7a161c8929dd7413b92d6eaf0d473c UPX PE File PE64 VirusTotal Malware Remote Code Execution DNS		2		2.8	M	38	ZeroCERT

43507	2024-03-17 11:00	Software.exe 333136f93e800e920a79e6a1a1e3e1f4 UPX Malicious Library PE32 PE File OS Processor Check VirusTotal Malware AutoRuns MachineGuid Check memory Creates executable files unpack itself AppData folder Windows DNS		1		6.2	M	48	ZeroCERT

43508	2024-03-18 09:35	NetworkService.exe 0f6ffc2e70d312972d592fd43d49b10c Generic Malware Antivirus Socket KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE PowerShell VirusTotal Malware powershell Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key				11.8	M	62	guest

43509	2024-03-18 09:36	DataServicesWindows.exe 8a1c6ab6aeeec522d4d2d483543cb6ad Generic Malware task schedule .NET framework(MSIL) Antivirus ScreenShot PWS DNS KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE PowerShell VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key				12.0	M	61	guest

43510	2024-03-18 17:24	https://jackd.cc/candy.apk cdfeb6f6d7014e9e1eb84ff662e8ff68 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format JPEG Format MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	4	3	5.0		13	guest

43511	2024-03-19 07:49	ghfhhminfudk.exe 06366656ad8ddb302958398f10d38e7b AntiDebug AntiVM PE File PE64 AutoRuns MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process Windows ComputerName Cryptographic key crashed		2		8.6			ZeroCERT

43512	2024-03-19 07:50	june.exe bffada4bebc4c838e8834e501df50713 Emotet Gen1 Malicious Library UPX Antivirus PE32 PE File MZP Format PE64 DLL DllRegisterServer dll OS Processor Check Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName crashed				3.6	M		ZeroCERT

43513	2024-03-19 07:51	current.exe 5e41baf7dfd47eb402ac956e8f8fe6b7 Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware unpack itself Remote Code Execution				1.6	M	31	ZeroCERT

43514	2024-03-19 07:52	gfgghdhwhatsup.exe b03c2d7df7eabc44f36397cb66ac3e77 PE File PE64 Malware download VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process Windows ComputerName DNS SilentCryptoMiner	1 Keyword trend analysis	4	4	6.6	M	48	ZeroCERT

43515	2024-03-19 07:53	Tweeter%20Traffic.exe b6e7e5592b914ed29149bc605c0e4b0c UPX .NET framework(MSIL) PE32 PE File .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself Windows				2.4		9	ZeroCERT