Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
43546	2024-03-20 08:17	HeaderFinder.exe 5f3c52c804bf6adadac97e2e53179bee PE File PE32 .NET EXE VirusTotal Malware PDB suspicious privilege Check memory Checks debugger unpack itself					3.0	M	40	ZeroCERT

43547	2024-03-20 14:38	HeaderFinder.exe 5f3c52c804bf6adadac97e2e53179bee Icarus Stealer PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Check memory Checks debugger unpack itself					3.0	M	40	r0d

43548	2024-03-20 16:30	HxD32.exe 804f06b24fba7ba4e1122faf2b119a2b Emotet PhysicalDrive Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX PE File PE32 MZP Format OS Processor Check VirusTotal Malware Checks debugger unpack itself crashed					2.0		1	guest

43549	2024-03-21 07:17	risepro67.exe f1e9663c2a81ddbf2b94ad43072a954a Craxs RAT PE File .NET EXE PE32 PDB Check memory Checks debugger unpack itself WriteConsoleW ComputerName					1.8	M		ZeroCERT

43550	2024-03-21 07:19	random.exe 2e9936ceff7cb899d72ae573cb8ca876 CryptBot PE File PE32 Malware download Malware AutoRuns MachineGuid unpack itself Windows utilities Checks Bios Detects VirtualBox Detects VMWare suspicious process WriteConsoleW VMware anti-virtualization IP Check Tofsee Windows RisePro ComputerName DNS crashed	2 Keyword trend analysis	8	4		9.8	M		ZeroCERT

43551	2024-03-21 07:19	timeSync.exe 287c0ab11acffca7b5ce14f4d8ae3f4d Malicious Library UPX PE File PE32 OS Processor Check unpack itself					0.4	M		ZeroCERT

43552	2024-03-21 07:20	devon.exe 371a4e1549f6661f09384749a9926a4d CryptBot Amadey Themida Packer Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library UPX Antivirus Socket ScreenShot Steal credential DNS Code injection Anti_VM AntiDebug AntiVM PE File PE32 OS Processor Check ZIP Format MSOffice File icon Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency powershell AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare powershell.exe wrote suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Exploit Browser RisePro Email ComputerName DNS Cryptographic key Software crashed Downloader	15 Keyword trend analysis Info http://193.233.132.56/Pneh2sXQk0/index.php http://193.233.132.56/Pneh2sXQk0/Plugins/cred64.dll http://193.233.132.62:57893/hera/amadka.exe - rule_id: 39491 http://www.maxmind.com/geoip/v2.1/city/me http://193.233.132.56/Pneh2sXQk0/Plugins/clip64.dll http://193.233.132.167/cost/go.exe https://accounts.google.com/generate_204?6agu2w https://www.google.com/favicon.ico https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Dko%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=ko&passive=true&service=youtube&uilel=3&ifkv=ARZ0qKKfANW_2eFTWdDeN5HinidXCwyBeS0Y2PAvuefzuSx80bKxRyj5_F-pSH27ZfD62yOZVr9r_w https://db-ip.com/demo/home.php?s=175.208.134.152 https://accounts.google.com/_/bscframe https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Dko%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=ko https://www.youtube.com/account https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Dko%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=ko&ifkv=ARZ0qKIvg7vJWFF19pPUmFpbrYpZ2wDfEbQxD45GdZ4-8awPZfwqI0kh_ZqzmAl3O8W2rHLHGh8FgQ&passive=true&service=youtube&uilel=3&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-251614898%3A1710972868354406 https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png	18 Info db-ip.com(172.67.75.166) www.google.com(142.250.207.100) www.youtube.com(142.250.76.142) - mailcious ssl.gstatic.com(172.217.25.163) ipinfo.io(34.117.186.192) accounts.google.com(64.233.188.84) www.maxmind.com(104.18.146.235) 142.251.220.78 74.125.203.84 104.18.145.235 34.117.186.192 193.233.132.74 193.233.132.62 - mailcious 193.233.132.56 - malware 142.251.222.196 104.26.5.15 193.233.132.167 - malware 142.250.199.67	16 Info ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) ET MALWARE [ANY.RUN] RisePro TCP (Activity) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET INFO Dotted Quad Host DLL Request ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	1	29.4	M	24	ZeroCERT

43553	2024-03-21 07:20	ohara.exe 282dedc28c435180f5cf202ed21d8360 Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check Malware download Malware AutoRuns MachineGuid Windows utilities suspicious process WriteConsoleW IP Check Tofsee Windows RisePro ComputerName DNS	2 Keyword trend analysis	7	6 Info ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE [ANY.RUN] RisePro TCP (Activity) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP (External IP)		4.4	M		ZeroCERT

43554	2024-03-21 07:21	crypted.exe 9b5a036b6c0ad4683c19fd0a5737d296 Craxs RAT ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 PDB Code Injection Check memory Checks debugger buffers extracted unpack itself crashed					6.4	M		ZeroCERT

43555	2024-03-21 07:23	rty45.exe a3cc4a0054f5c47f3513117efaf2f335 Generic Malware Malicious Packer UPX PE64 PE File VirusTotal Malware PDB unpack itself Check virtual network interfaces Tofsee Remote Code Execution DNS	1 Keyword trend analysis	5	1		3.6	M	36	ZeroCERT

43556	2024-03-21 07:24	control.exe 1c35fbe0502a246c9e89d91c80ab65f6 Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	58	ZeroCERT

43557	2024-03-21 07:26	cry.exe 960eb4d74f0f0c05c4c43ce1e98bf571 Client SW User Data Stealer LokiBot Craxs RAT ftp Client info stealer Http API PWS Code injection AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself malicious URLs Tofsee ComputerName DNS crashed	1 Keyword trend analysis	5	3		11.4	M	51	ZeroCERT

43558	2024-03-21 07:26	june.exe 0f12e18f3a4da6647273810de0ac63a0 Emotet Gen1 Malicious Library UPX Antivirus PE File PE32 MZP Format PE64 OS Processor Check DllRegisterServer dll DLL VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName crashed					3.6	M	6	ZeroCERT

43559	2024-03-21 07:28	may.exe 0510338646cc1ba136cc3f6ebed04a0e Emotet Gen1 Malicious Library UPX Antivirus PE File PE32 MZP Format DllRegisterServer dll OS Processor Check PE64 DLL VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName crashed					4.2	M	5	ZeroCERT

43560	2024-03-22 02:26	https://share.icloud.com/photo... 6b54bfe28a2bb2f88cdff2a6c550aee4 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format JPEG Format MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	4	3		4.2			guest