Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
43666	2024-03-29 08:02	deepweb.exe 1f2ec9232f191e28fa8d5fbcbfad3a4f PE File .NET EXE PE32 VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS		1	4	5.2	M	38	ZeroCERT

43667	2024-03-29 08:04	AppGate2103v01.exe 858bb0a3b4fa6a54586402e3ee117076 Themida Packer UPX PE64 PE File VirusTotal Malware unpack itself Windows Remote Code Execution DNS crashed		1		3.8	M	16	ZeroCERT

43668	2024-03-29 08:05	test.exe e5bb34b508be662784bfd714241d169a Craxs RAT PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself WriteConsoleW ComputerName				3.0	M	47	ZeroCERT

43669	2024-03-29 08:10	buildz.exe b63eeaaf33df089b775363868daf45a7 Client SW User Data Stealer LokiBot [m] Generic Malware ftp Client info stealer Suspicious_Script_Bin task schedule Malicious Library UPX Socket DGA Http API ScreenShot PWS DNS Internet API AntiDebug AntiVM PE File PE32 OS Processor Check Malware download Dridex VirusTotal Malware Microsoft Telegram AutoRuns PDB MachineGuid Code Injection Malicious Traffic Checks debugger buffers extracted WMI Creates executable files ICMP traffic unpack itself Windows utilities AppData folder malicious URLs WriteConsoleW Tofsee Windows ComputerName Remote Code Execution DNS crashed	3 Keyword trend analysis	11	11 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) ET INFO Observed Telegram Domain (t .me in TLS SNI) ET INFO TLS Handshake Failure ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Potential Dridex.Maldoc Minimal Executable Request ET MALWARE Win32/Vodkagats Loader Requesting Payload ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET MALWARE Win32/Filecoder.STOP Variant Public Key Download	14.6	M	34	ZeroCERT

43670	2024-03-29 08:11	http://www.example.com 2bc45853aeaa522cd77ef0f534acdd9c NSIS Suspicious_Script_Bin Hide_EXE Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P Anti VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows ComputerName	1 Keyword trend analysis	2		7.4	M	6	ZeroCERT

43671	2024-03-29 08:12	http://www.example.com 0cb4cc8a9f145e69c6765bc81faacc7e Generic Malware Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check VirusTotal Malware crashed	1 Keyword trend analysis	2		1.8	M	48	ZeroCERT

43672	2024-03-29 09:36	http://www.example.com 46bbacb63c2f6c440be347e99210c3a3 Malicious Library UPX PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Ransomware Cryakl	1 Keyword trend analysis	2		4.8	M	15	ZeroCERT

43673	2024-03-29 09:38	start.exe c1ade258f05c512e98ebc4d9d1165f8a AsyncRAT task schedule Downloader Malicious Library Malicious Packer .NET framework(MSIL) UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDe Malware download AsyncRAT NetWireRC VirusTotal Malware AutoRuns Code Injection Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DDNS DoTNet		2	4	4.8	M	53	ZeroCERT

43674	2024-03-29 09:39	appdata.exe 76df4a59b141eb56536805aa8c597c24 Craxs RAT PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself WriteConsoleW Tor ComputerName DNS		34 Info muzigor.net() muzmix.net() 148.72.70.150 193.31.27.127 108.163.147.62 - mailcious 74.208.236.229 - mailcious 89.117.169.122 173.236.195.85 195.35.33.11 216.246.47.153 172.67.184.164 185.62.75.179 150.95.115.130 172.67.137.14 - malware 154.49.142.244 172.67.192.137 103.130.216.153 85.208.144.164 154.56.47.107 69.10.36.187 144.76.62.230 66.235.200.147 - phishing 66.235.200.146 - malware 194.36.45.220 103.180.163.202 217.160.0.58 - mailcious 103.241.192.11 134.0.9.202 191.96.56.157 154.56.47.11 103.82.23.11 - mailcious 194.195.84.59 43.230.201.100 154.56.47.99	2	5.0	M	50	ZeroCERT

43675	2024-03-29 09:40	hola.exe 7b91d2784eaef8f79e4d60c1c1145d8b Malicious Library UPX PE File PE32 OS Processor Check PNG Format VirusTotal Malware PDB Check memory unpack itself Windows utilities AppData folder Windows ComputerName Remote Code Execution				4.2	M	6	ZeroCERT

43676	2024-03-29 09:42	toolspub1.exe eb37bf9e55ec9794c37a1cd473b70272 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself Remote Code Execution				1.8	M	32	ZeroCERT

43677	2024-03-29 12:24	AppGate2103v01.exe 858bb0a3b4fa6a54586402e3ee117076 Themida Packer UPX PE64 PE File VirusTotal Malware unpack itself Windows Remote Code Execution crashed				3.2	M	16	guest

43678	2024-03-29 12:27	appdata.exe 76df4a59b141eb56536805aa8c597c24 Craxs RAT PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself WriteConsoleW ComputerName				3.0	M	45	guest

43679	2024-03-29 12:32	appdata.exe 76df4a59b141eb56536805aa8c597c24 Craxs RAT PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself WriteConsoleW ComputerName				3.0	M	45	guest

43680	2024-03-29 15:44	BUSINESS%20FILES.exe 7e360ceb5c5948199b7a9528909e94b5 Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself crashed				2.6	M	53	guest