Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
43516	2024-03-19 07:56	TeamFour.exe 3b069f3dd741e4360f26cb27cb10320a RedLine stealer UPX .NET framework(MSIL) PE32 PE File .NET EXE OS Processor Check Microsoft suspicious privilege Check memory Checks debugger unpack itself Windows DNS Cryptographic key		1	1		2.0			ZeroCERT

43517	2024-03-19 07:57	may.exe bd9cef3efef0a053a2818bb8bb7bbcb8 Emotet Gen1 Malicious Library UPX Antivirus PE32 PE File MZP Format OS Processor Check PE64 DllRegisterServer dll DLL Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName DNS crashed		1			3.6	M		ZeroCERT

43518	2024-03-19 07:57	Yellow%20Pages%20Scraper.exe 60ee968291e60900894fc9d914a48a80 .NET framework(MSIL) PE32 PE File .NET EXE Check memory Checks debugger unpack itself					0.8			ZeroCERT

43519	2024-03-19 08:00	build.exe 3b9e9e130d52fe95c8be82aa4b8feb74 Client SW User Data Stealer LokiBot [m] Generic Malware ftp Client info stealer Suspicious_Script_Bin task schedule Malicious Library UPX Socket DGA Http API ScreenShot PWS DNS Internet API Code injection AntiDebug AntiVM PE32 PE File OS Processor Check Malware download Dridex VirusTotal Malware Microsoft Telegram AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files ICMP traffic unpack itself Windows utilities AppData folder malicious URLs WriteConsoleW Tofsee Windows ComputerName Remote Code Execution DNS crashed	5 Keyword trend analysis	12 Info t.me(149.154.167.99) - mailcious sdfjhuz.com(175.120.254.9) - malware api.2ip.ua(172.67.139.220) sajdfue.com(200.117.13.65) steamcommunity.com(104.76.78.101) - mailcious 149.154.167.99 - mailcious 104.21.65.24 5.75.210.0 175.120.254.9 - malware 201.119.96.166 217.195.207.156 104.76.78.101 - mailcious	11 Info ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Potential Dridex.Maldoc Minimal Executable Request ET MALWARE Win32/Vodkagats Loader Requesting Payload ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Observed Telegram Domain (t .me in TLS SNI) ET INFO TLS Handshake Failure ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET MALWARE Win32/Filecoder.STOP Variant Public Key Download		14.6	M	31	ZeroCERT

43520	2024-03-19 08:00	meterpreter_no_x64_p3333.exe ccd26298318a95ff4dcb6748acf7d217 Malicious Packer PE32 PE File VirusTotal Malware unpack itself					3.0	M	60	ZeroCERT

43521	2024-03-19 08:02	update.exe 3be93b7272a95d1e804c84c4db9cdacf Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					2.2	M	57	ZeroCERT

43522	2024-03-19 08:04	ffffffffffbbbbb_crypted.exe 5a2a3883dbb564b4ae87d05707d4cd5d Gen1 Generic Malware Malicious Library Malicious Packer Antivirus UPX PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key		1			4.4	M	58	ZeroCERT

43523	2024-03-19 08:06	meterpreter.exe 0c6f90d2ed763c4ea1c6b3a86e4d2bb4 Generic Malware PE File PE64 VirusTotal Malware					2.4	M	59	ZeroCERT

43524	2024-03-19 08:08	1.exe 797750259e06cdfb642067eeb3728f74 Malicious Library Malicious Packer PE32 PE File VirusTotal Malware suspicious privilege crashed					1.8	M	32	ZeroCERT

43525	2024-03-19 08:11	Ama2.exe b9c3c735a3d1eae297ca362bee3393ef UPX .NET framework(MSIL) Socket Http API HTTP DNS Code injection Internet API AntiDebug AntiVM PE32 PE File .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself suspicious TLD Windows DNS Cryptographic key	1 Keyword trend analysis	2	2	1	11.2	M	53	ZeroCERT

43526	2024-03-19 08:15	goldprime123mm.exe 541265de5e9bbbdbd0a8105716fc6ef8 RedLine stealer Craxs RAT ScreenShot PWS AntiDebug AntiVM PE32 PE File .NET EXE PDB Code Injection Check memory Checks debugger buffers extracted unpack itself WriteConsoleW Windows DNS Cryptographic key		1			8.8	M		ZeroCERT

43527	2024-03-19 08:15	HEU_KMS_Activator_v25.0.0.exe ae6b6bbbdb71c6aa2e93ed13f33a45ac Process Kill Generic Malware PhysicalDrive Malicious Library FindFirstVolume CryptGenKey ASPack UPX Malicious Packer [C] OS PE32 PE File Device_File_Check OS Processor Check PNG Format BMP Format PE64 wget JPEG Format .NET EXE DLL icon ftp VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger WMI Creates executable files ICMP traffic Windows utilities suspicious process sandbox evasion WriteConsoleW human activity check Windows ComputerName		2			7.4	M	51	ZeroCERT

43528	2024-03-19 08:17	hghghjhfhleviticus.exe 585cc99fbf9df24009231d70d007c236 Malicious Library PE File PE64 unpack itself					0.6	M		ZeroCERT

43529	2024-03-19 11:03	meterpreter.exe 0c6f90d2ed763c4ea1c6b3a86e4d2bb4 Metasploit Generic Malware PE64 PE File VirusTotal Malware					2.4	M	59	r0d

43530	2024-03-19 11:07	reverse.exe 8112ccd12e36db77368fd7870395e09b Metasploit Generic Malware PE64 PE File VirusTotal Malware DNS crashed		1			3.6	M	60	r0d