Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
43726	2024-04-02 21:26	16f59db4ce1a40d20bfbce268fc2b1... 320ba8a05c90a86ea0d048e736768fab AntiDebug AntiVM wget VirusTotal Email Client Info Stealer Malware Code Injection Check memory Checks debugger unpack itself installed browsers check Browser Email				4.0		26	guest

43727	2024-04-03 07:12	1.exe dcddcc30b20e45b6c7df7f7ad6b4a20b Malicious Library Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger buffers extracted unpack itself				2.4	M	56	ZeroCERT

43728	2024-04-03 07:13	current.exe 1dcb40361c41317d2b831b1d96b46916 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself				2.0	M	37	ZeroCERT

43729	2024-04-03 07:15	download.php 3e74741669b1de60ff8e669d8cb510b9 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself Remote Code Execution				2.2	M	37	ZeroCERT

43730	2024-04-03 07:16	wek.exe bcc93e415a05ea5bb4ac3985fe389866 Generic Malware Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check VirusTotal Malware crashed				1.2	M	38	ZeroCERT

43731	2024-04-03 07:18	eeee.exe 1fc71d8e8cb831924bdc7f36a9df1741 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB suspicious privilege AntiVM_Disk VM Disk Size Check DNS		1		4.2	M	60	ZeroCERT

43732	2024-04-03 07:18	4.exe fcce0a9aa496c81dceda922d4423f2ba PE64 PE File VirusTotal Cryptocurrency Miner Malware Cryptocurrency unpack itself DNS CoinMiner		5	5 Info ET COINMINER Observed DNS Query to Cryptocurrency Mining Pool Domain (xmr .2miners .com) ET INFO Pastebin Service Domain in DNS Lookup (rentry .co) ET DROP Spamhaus DROP Listed Traffic Inbound group 7 ET INFO Observed Pastebin Service Domain (rentry .co in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner)	2.4	M	51	ZeroCERT

43733	2024-04-03 07:20	5.exe cfd2733ba128f49a373042a1a6c3fe19 Craxs RAT PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself WriteConsoleW ComputerName DNS		1	1	3.6	M	41	ZeroCERT

43734	2024-04-03 07:20	inte.exe 0edb4b6f44a1b7a2671dba5ff91f6497 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself				2.0	M	38	ZeroCERT

43735	2024-04-03 07:22	h.exe 47e5cc1aa9e86b8210a3e27398c443cf Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key				4.0		51	ZeroCERT

43736	2024-04-03 07:22	123.exe 9f632d69a52c4076934ce5f569a675bd Malicious Packer UPX PE64 PE File OS Processor Check VirusTotal Malware				0.4	M	5	ZeroCERT

43737	2024-04-03 07:24	s.exe 8df47fa5b39878fb3d17c6fff264e1a4 Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key				4.0	M	57	ZeroCERT

43738	2024-04-03 07:25	sarra.exe 12a586136d1b50eb2bc77a8205e5df52 Themida Packer PE File PE32 ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory unpack itself Windows utilities Checks Bios Collect installed applications Detects VMWare suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed	1 Keyword trend analysis	5	7 Info ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound)	14.4	M	36	ZeroCERT

43739	2024-04-03 07:27	Macro_Easy.exe 884939ef6ce29bd82add03e94a61abb9 Antivirus UPX Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger Creates executable files unpack itself AntiVM_Disk VM Disk Size Check human activity check Windows ComputerName Cryptographic key				6.6	M	55	ZeroCERT

43740	2024-04-03 07:27	sys.exe a4702dad93dc851947aa6bd7b9652c46 PE File PE32 ZIP Format PNG Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software Downloader	1 Keyword trend analysis	5	14 Info ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE RisePro CnC Activity (Outbound)	15.4	M	20	ZeroCERT