Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	Player
43711	2024-04-01 07:41	cmd.10001.exe ce8e1592a4685f349136cb13c12e543f Malicious Packer UPX PE64 PE File					0.6		ZeroCERT

43712	2024-04-01 07:42	Akh.exe f3054dc7004336617747743d172b111b Malicious Library UPX AntiDebug AntiVM PE64 PE File PE32 OS Processor Check Malware Buffer PE AutoRuns PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces malicious URLs Tofsee Windows Discord DNS Cryptographic key crashed	13 Keyword trend analysis Info http://apps.identrust.com/roots/dstrootcax3.p7c http://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767_789 http://15.204.49.148/files/Amadey.exe http://cacerts.digicert.com/DigiCertGlobalRootG3.crt http://193.233.132.150/Second2.exe https://lawyerbuyer.org/7be3fd16e688515edcc0939fa9cb026c/baf14778c246e15550645e30ba78ce1c.exe https://pastebin.com/raw/xYhKBupz - rule_id: 36780 https://shipbank.org/7be3fd16e688515edcc0939fa9cb026c/3eef203fb515bda85f514e168abb5973.exe https://sty.ink/ieer6 https://cdn.discordapp.com/attachments/1211836107881447426/1222381674403201055/crypted.exe https://shipofdestiny.com/baf14778c246e15550645e30ba78ce1c.exe https://sty.ink/j903q https://yip.su/RNWPd.exe - rule_id: 37623	31 Info namemail.org() shipbank.org(104.21.10.217) lawyerbuyer.org(104.21.63.71) - malware namecloudvideo.org(104.21.65.148) - malware net.geo.opera.com(107.167.110.216) my.foosaby.com() pastebin.com(104.20.67.143) - mailcious yip.su(172.67.169.89) - mailcious cdn.discordapp.com(162.159.135.233) - malware shipofdestiny.com(104.21.32.142) operandotwo.com(172.67.160.247) cacerts.digicert.com(152.195.38.76) sty.ink(172.67.200.219) 172.67.146.202 107.167.110.211 172.67.200.219 185.172.128.144 - malware 172.67.164.28 - malware 162.159.130.233 - malware 104.21.15.5 15.204.49.148 - malware 152.195.38.76 172.67.170.65 - malware 104.21.13.170 104.21.79.77 - phishing 193.233.132.150 91.92.250.47 - mailcious 23.210.247.48 172.67.34.170 - mailcious 104.21.63.71 - malware 104.21.32.142 - malware	8 Info ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed Discord Domain (discordapp .com in TLS SNI) ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	2	11.6	M	ZeroCERT

43713	2024-04-01 07:43	ytgytftf.exe 0f6a7323fb09a98ee204e42a4695dfd9 AsyncRAT task schedule Downloader Malicious Library Malicious Packer .NET framework(MSIL) UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDe AutoRuns Code Injection Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS		2			5.2	M	ZeroCERT

43714	2024-04-01 07:44	hghghdg.exe c4497b459274cec0b9fd6e3ac6c67aaa Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Check memory Checks debugger unpack itself					0.8	M	ZeroCERT

43715	2024-04-01 07:46	pr1KoYGyugcP.exe abaf1e6e0cadc624156319232e349005 .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check suspicious privilege Check memory Checks debugger unpack itself Windows Cryptographic key					1.8	M	ZeroCERT

43716	2024-04-01 07:46	gfhghfdg.exe ec0431d7e177b29ebe913a6230500436 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE64 PE File Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Checks Bios Detects VirtualBox suspicious process WriteConsoleW VMware anti-virtualization Windows ComputerName DNS Cryptographic key Software		9			13.2	M	ZeroCERT

43717	2024-04-01 07:48	Client-built4.exe db20b98d60f589570ba13a3aa5950f99 Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Check memory Checks debugger unpack itself DNS		1			1.4	M	ZeroCERT

43718	2024-04-01 07:48	dfgfgds.exe 22afa096fc6c8ce6b3c60566e7b41c37 Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Check memory Checks debugger unpack itself					0.8	M	ZeroCERT

43719	2024-04-01 07:51	Blaze_combat.exe c9e887a8ed0014744d5f59ef07327175 Generic Malware Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check PDB					0.4	M	ZeroCERT

43720	2024-04-01 07:51	hghgfhjfhmain.exe caddfe2adb6d8c878a2a1001e7fd4fd7 Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Check memory Checks debugger unpack itself					0.8	M	ZeroCERT

43721	2024-04-01 07:52	http://www.example.com e75338a175f80b85cb99b51580451d37 Generic Malware Malicious Library UPX PE64 PE File Malware Check memory buffers extracted DNS	1 Keyword trend analysis	3			6.2	M	ZeroCERT

43722	2024-04-01 07:52	hghghgfhgfh.EXE 93b2a56dbc2bb2a4ee1b4c6f2873b50b Generic Malware Malicious Library UPX PE64 PE File Malware suspicious privilege unpack itself DNS		1			4.8	M	ZeroCERT

43723	2024-04-01 07:55	fgghghg.exe 2ee84cfcc3797afb0ca991abffab0e91 Themida Packer UPX PE64 PE File Windows crashed					1.4	M	ZeroCERT

43724	2024-04-01 07:56	current.exe ba76ca8c8922219555a894663329c3e5 Malicious Library UPX PE File PE32 OS Processor Check unpack itself Remote Code Execution					1.0	M	ZeroCERT

43725	2024-04-01 07:59	fdfdgfgf.exe 0b4ced1e11fac0306ee8d9411aea4219 Malicious Packer UPX PE File .NET EXE PE32 OS Processor Check Check memory Checks debugger unpack itself ComputerName					1.0	M	ZeroCERT