Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
43561	2024-03-22 07:30	eurofreedomtogetloverseverywhe... b41bf9cf1f4eaa4d13e85385fbc81f7c MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware buffers extracted exploit crash unpack itself Exploit DNS crashed		1			5.2	M	33	ZeroCERT

43562	2024-03-22 07:30	kissingagirlissoeasyrecentlyir... 6e0935d0e6c119b346c499f2d8ec171e MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Exploit DNS crashed		1			4.8	M	38	ZeroCERT

43563	2024-03-22 07:33	Pac-Man.exe 8951c19af1a1bc8423823007abdf9ade Malicious Library ASPack UPX PE File PE32 MZP Format DLL OS Processor Check VirusTotal Malware Check memory Creates executable files unpack itself AppData folder					2.0		2	ZeroCERT

43564	2024-03-22 07:35	Max.exe db5417155182f4e3a9277c2652065256 Emotet Malicious Library PE File PE32 VirusTotal Malware unpack itself DNS crashed		2			6.4	M	52	ZeroCERT

43565	2024-03-22 07:37	download.php 8a253a52fd7966496adbe1df50559e5a Amadey Themida Packer Generic Malware Antivirus Malicious Library UPX Anti_VM AntiDebug AntiVM PE File PE32 Lnk Format GIF Format ZIP Format MSOffice File DLL OS Processor Check PE64 Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Exploit Browser RisePro Email ComputerName DNS Cryptographic key Software crashed Downloader	14 Keyword trend analysis Info http://193.233.132.56/Pneh2sXQk0/index.php http://193.233.132.56/Pneh2sXQk0/Plugins/cred64.dll http://193.233.132.62:57893/hera/amadka.exe - rule_id: 39491 http://193.233.132.56/Pneh2sXQk0/Plugins/clip64.dll http://193.233.132.167/cost/go.exe https://accounts.google.com/_/bscframe https://db-ip.com/demo/home.php?s=175.208.134.152 https://accounts.google.com/generate_204?tDwxhQ https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Dko%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=ko&ifkv=ARZ0qKKJJYoiZsiS1Z8z_RLax0KWrHLrZ-Ljdwc_XIB4G7KUsujy8DkBQhHT62NzFPVOsLJYV7Pwbg&passive=true&service=youtube&uilel=3&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-1223960732%3A1711060283365296 https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Dko%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=ko&passive=true&service=youtube&uilel=3&ifkv=ARZ0qKJ7HngAjwTOJfVL3molHlZ-erUI_XldzQHaGFen0AB8VQqKFkgZd9oE_4JWWduaYblvzrAc7A https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Dko%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=ko https://www.youtube.com/account https://www.google.com/favicon.ico https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png	16 Info db-ip.com(172.67.75.166) www.google.com(142.250.207.100) www.youtube.com(142.250.206.206) - mailcious ssl.gstatic.com(142.250.206.195) ipinfo.io(34.117.186.192) accounts.google.com(64.233.188.84) 172.67.75.166 142.250.66.132 193.233.132.62 - mailcious 34.117.186.192 108.177.97.84 142.250.204.78 193.233.132.74 216.58.203.67 193.233.132.56 - malware 193.233.132.167 - malware	14 Info ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET INFO Executable Download from dotted-quad Host ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE RisePro CnC Activity (Inbound) ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Dotted Quad Host DLL Request ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	1	27.8	M	27	ZeroCERT

43566	2024-03-22 07:37	bin.exe 8e27b488a1e9ba920c1e7427ad51a5e9 Malicious Library UPX PE File PE32 DLL VirusTotal Malware Check memory Creates shortcut Creates executable files unpack itself AppData folder DNS		1			3.2	M	15	ZeroCERT

43567	2024-03-22 07:38	HDDrive1095_XinAnPlug3030_2023... 5161057e078b8ce0c1bbf96cc947eda1 Gen1 Malicious Library UPX PE File PE32 MZP Format PE64 OS Processor Check DLL VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder human activity check					3.6		18	ZeroCERT

43568	2024-03-22 07:38	288c47bbc1871b439df19ff4df68f0... 5eb23b5f7ea35da055fbf010ae00e01f Gen1 Emotet Suspicious_Script_Bin Malicious Library UPX WinRAR PE File .NET EXE PE32 OS Processor Check PE64 DLL DllRegisterServer dll MZP Format VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName crashed					6.0	M	49	ZeroCERT

43569	2024-03-22 07:39	wewinthelovershearttounderstan... 739952f0a0e1a4558caa05809e7eb76c MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS crashed	2 Keyword trend analysis	3	3		5.0	M	38	ZeroCERT

43570	2024-03-22 07:40	fullwork.exe b2b60c50903a73efffcb4e33ce49238f Craxs RAT ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself crashed					7.6		50	ZeroCERT

43571	2024-03-22 07:42	wininit.exe 589ddf53393fe19f58105dfdf56879e3 Process Kill Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Remcos VirusTotal Malware AutoRuns Malicious Traffic Check memory Checks debugger Creates executable files unpack itself AppData folder Windows	1 Keyword trend analysis	4	1		6.8	M	26	ZeroCERT

43572	2024-03-22 07:42	ISetup8.exe c0411ffee313c4de470f1ec2ed970af7 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					1.8		25	ZeroCERT

43573	2024-03-22 07:43	ISetup10.exe b8d922472d6da5b157598c94b8677fa5 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself DNS		1			2.6		56	ZeroCERT

43574	2024-03-22 07:44	vuln.exe c5047553437abcf995eea34859bef6d0 UPX PE File PE32 VirusTotal Malware WriteConsoleW					1.2		32	ZeroCERT

43575	2024-03-22 07:48	Runtime.exe be5041fb817fe1edf7e6c487db9b5534 PE64 PE File .NET EXE VirusTotal Malware Check memory Checks debugger ICMP traffic unpack itself Check virtual network interfaces Windows DNS Cryptographic key		1			5.0	M	43	ZeroCERT