Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
43681	2024-03-30 13:22	msoffice.exe 3629444779e7e4fb9a023cda4f1473c6 njRAT backdoor PE File .NET EXE PE32 VirusTotal Malware DNS		1		3.4	M	61	guest

43682	2024-03-31 04:00	...............dot d553bd422c8d3621e21049ccc2ebe680 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash unpack itself Exploit DNS crashed		1		4.2	M	40	guest

43683	2024-03-31 11:16	lumma2.exe 3c30dbf2e7d57fdb7babdf49b87d8b31 Craxs RAT PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself WriteConsoleW ComputerName				3.0	M	54	ZeroCERT

43684	2024-03-31 11:18	june.exe b1859729b41951b28c971997246c8557 Emotet Gen1 Malicious Library UPX PE File PE32 MZP Format DllRegisterServer dll OS Processor Check PE64 DLL VirusTotal Malware Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName crashed				3.6		19	ZeroCERT

43685	2024-03-31 11:18	RoulleteBotPro_x32-x64.exe 4ef284c7f56474536bfb5d1527132def PE64 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee		2	1	2.6	M	53	ZeroCERT

43686	2024-03-31 11:18	LummaC2.exe fd9d245c5ab2238d566259492d7e9115 PE File PE32 VirusTotal Malware unpack itself crashed				2.2	M	55	ZeroCERT

43687	2024-03-31 11:20	random.exe 501172b22cd8ce26e766b8a88a90f12c Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself Remote Code Execution				2.4	M	55	ZeroCERT

43688	2024-03-31 11:21	Crypto.exe 9ebd44ed56bec49d85d5c106f0c2e99f Malicious Library Malicious Packer UPX PE File PE32 PNG Format ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency MachineGuid Check memory buffers extracted RWX flags setting unpack itself Collect installed applications AntiVM_Disk sandbox evasion anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Browser RisePro Email ComputerName DNS Software	1 Keyword trend analysis	5	9 Info ET MALWARE RisePro TCP Heartbeat Packet ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) ET MALWARE RisePro CnC Activity (Outbound)	11.4	M	46	ZeroCERT

43689	2024-03-31 11:22	binwecanmaintainthenewthingswi... ca1a5ff8098c6b5a7bf4bf524f12286e MS_RTF_Obfuscation_Objects RTF File doc LokiBot Malware download VirusTotal Malware c&c Malicious Traffic exploit crash unpack itself suspicious TLD Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	3	14 Info ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE Possible MalDoc Payload Download Nov 11 2014 ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET MALWARE LokiBot Fake 404 Response ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5.4	M	35	ZeroCERT

43690	2024-03-31 11:23	mainexec.exe a2f6df739bd33b7e2332165f6d2eebf7 PE64 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Windows ComputerName DNS Cryptographic key crashed		1		3.8	M	50	ZeroCERT

43691	2024-03-31 11:24	Yjtqssgb.exe d01054043c703acb9578842f8dae0a98 PE64 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key crashed				3.2	M	49	ZeroCERT

43692	2024-03-31 11:25	heisagirlwholovedmealotwithout... 1b64a140f23bd235c3c482429cb05065 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Exploit DNS crashed	1 Keyword trend analysis	1		5.0	M	33	ZeroCERT

43693	2024-03-31 11:27	microzx.doc 43222246288ded51499a28aa77ed3cdb MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash unpack itself suspicious TLD Tofsee Exploit DNS crashed	1 Keyword trend analysis	2	5 Info ET DNS Query to a *.top domain - Likely Hostile ET HUNTING Suspicious Domain Request for Possible COVID-19 Domain M1 ET HUNTING Suspicious TLS SNI Request for Possible COVID-19 Domain M1 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING Possible COVID-19 Domain in SSL Certificate M2	4.0	M	38	ZeroCERT

43694	2024-03-31 11:27	nikon.exe 4673027c92dbac1d082d3b8754a43de1 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself DNS		1		2.6	M	44	ZeroCERT

43695	2024-03-31 11:29	http://www.example.com 7cfb0e8a02678ccbd305bea1d747a88e VirusTotal Malware VBScript wscript.exe payload download Tofsee Dropper	1 Keyword trend analysis	2	2	10.0	M	7	ZeroCERT