Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
43936	2024-04-19 13:04	xlamlikeiamverymuchwithentiret... cd7c4ece35508ec593df126f064bb3a8 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS crashed	3 Keyword trend analysis	6	2		5.0	M	36	ZeroCERT

43937	2024-04-19 13:07	22.exe f6317c56f0eba0c5ce7d0067707f96c4 Generic Malware Antivirus PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key		2			6.8	M	55	ZeroCERT

43938	2024-04-19 13:07	ireallywantakissfrommywifeshei... 9278d07272accaf33d132bb6dbf6a7e7 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed	3 Keyword trend analysis	6	2		5.0	M	36	ZeroCERT

43939	2024-04-19 13:09	rules.exe 65be3195b801d271e01d41f7bf576bd8 Generic Malware Malicious Library PE File PE32 VirusTotal Malware unpack itself Remote Code Execution					2.4	M	34	ZeroCERT

43940	2024-04-19 13:10	Transfusionist.vbs 03e2a0c33e613d9aabf9167bd28cf3c7 GuLoader Generic Malware Suspicious_Script_Bin Admin Tool (Sysinternals etc ...) Antivirus AntiDebug AntiVM VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows Advertising Google ComputerName Cryptographic key crashed	2 Keyword trend analysis	4	1		11.2		7	ZeroCERT

43941	2024-04-19 13:12	HJC.exe 29af19382bdeadee6d93b98f354e703d Emotet Malicious Library UPX PE File DllRegisterServer dll PE32 MZP Format VirusTotal Malware RWX flags setting unpack itself Tofsee Interception Remote Code Execution crashed		2	1		4.8	M	41	ZeroCERT

43942	2024-04-19 13:12	js.exe 269a3d770289d6442ad0b01e03276a10 Generic Malware Malicious Library UPX PE File DllRegisterServer dll PE32 OS Processor Check VirusTotal Malware Check memory buffers extracted Creates executable files RWX flags setting unpack itself AppData folder AntiVM_Disk sandbox evasion VM Disk Size Check Windows Browser ComputerName Remote Code Execution DNS	1 Keyword trend analysis	1	4		7.6	M	47	ZeroCERT

43943	2024-04-19 13:14	last_stage ad15c8f35af52d9258c025bc2f051e34 UPX PE File PE32 VirusTotal Malware PDB Remote Code Execution					1.2	M	14	ZeroCERT

43944	2024-04-19 13:14	shortcut.exe 2758e553732310d8b606fca67a1096c1 Malicious Library VMProtect Antivirus UPX PE File .NET EXE PE32 OS Processor Check MachineGuid Check memory Checks debugger unpack itself Check virtual network interfaces AntiVM_Disk VM Disk Size Check ComputerName crashed					3.2	M		ZeroCERT

43945	2024-04-19 13:15	amadka.exe f854143c49c4d2fa4cf73bab97ba8d3a Amadey Generic Malware UPX Antivirus Malicious Library Anti_VM PE File PE32 ZIP Format DLL OS Processor Check PE64 Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files exploit crash unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Exploit Browser RisePro Email ComputerName DNS Cryptographic key Software crashed	6 Keyword trend analysis Info http://193.233.132.56/Pneh2sXQk0/index.php http://193.233.132.167/mine/amert.exe - rule_id: 39345 http://193.233.132.56/Pneh2sXQk0/Plugins/cred64.dll http://193.233.132.56/Pneh2sXQk0/Plugins/clip64.dll http://193.233.132.167/mine/random.exe https://db-ip.com/demo/home.php?s=175.208.134.152	8	16 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 37 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Dotted Quad Host DLL Request ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound)	1	26.6	M	38	ZeroCERT

43946	2024-04-19 13:16	build_1GyXIDXRUC.exe 51b0ed6b4908a21e5cc1d9ec7c046040 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.2	M	47	ZeroCERT

43947	2024-04-19 13:18	o9RbXKF6ZJDK949.scr 739cefccf7fa26e1f7f9923a6cc9620a Generic Malware Malicious Library .NET framework(MSIL) Antivirus AntiDebug AntiVM PE File .NET EXE PE32 DLL Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows Browser ComputerName Cryptographic key	14 Keyword trend analysis Info http://www.wewear-jim.com/9upe/ http://www.rkq86.website/9upe/ http://www.elenasurace.com/9upe/ http://www.webwheelsmedia.com/9upe/?DEn3=NSaCIZEoJ+QZ9jhF7tGDa+BLrEl0CK7Y96sMLirGe7sAJNGWEq2haaIDmSWp5pek3fOljaFVwf9eD3E05Ub0QyiP1sqr/DG6ZDElNR+6IIlsZoOyWosn7gR0L3c79adfxmQQp18=&6N=uFu_uEha_vdqrt9 http://www.webwheelsmedia.com/9upe/ http://www.elenasurace.com/9upe/?DEn3=roxVtZ6sPbqNh3mmVsIVFGlZg6mVXDhYapneEeUBrZ6gsD61pFwm4w8vCQUZ8838/v4xuxqTXQ3vquRQRSvS8x4sDL7HX1Kr5+4oY6tLYNDuU6rqNgpZgsmXdXZKkQsWwlY/qsQ=&6N=uFu_uEha_vdqrt9 http://www.book-of-degen.xyz/9upe/?DEn3=w8ceaZezyRwJxQICLHqVb8U/ZCj0O3GRVN4zSgr8MPWHVqOcrJ/AN6KAjgmhVVCGormLE0lSzE4ZXdW6chjE6eb6/+Um41z0Bsg5e+8+y/yF6GG+e9JqVhUYOXhdW5X0FVLwUQo=&6N=uFu_uEha_vdqrt9 http://www.book-of-degen.xyz/9upe/ http://www.applesolve.com/9upe/?DEn3=kNu3VLHdy2qLq2t0g8a4WpY0UEFP+oO+aXmu0FybT3J4obaRnHm7/qNvSnU6g5M9Potav1I9h8BPHs7SGURDc+CMgPGgU1DqYhR58+5eiA76tZfMGIuQdhKzGe4jIrALf/YuiF0=&6N=uFu_uEha_vdqrt9 http://www.sqlite.org/2018/sqlite-dll-win32-x86-3240000.zip http://www.applesolve.com/9upe/ http://www.wewear-jim.com/9upe/?DEn3=/0uOrRlAg1O0h1gSL0PyiwT1m8MI30HeGLx/vAKDXBPRefGx2pNK4ZDQRhus9iU+8XJ+1v+0+5UILlAlva2yetuXnrt/D2zTU6ZnrAl3uuTfmMV8gyoYpZNelPrzr6iVl54/Nbk=&6N=uFu_uEha_vdqrt9 http://www.rkq86.website/9upe/?DEn3=ZiRrp0B+qg3ajnxesOi8agsjvCPBc77bLQYrd0Vyocfp5DdL00yg53FpmSyOsltuaKsI/xD3SlAC6Pba1qEeq6Xc1xCtt5jIfskoFaC5CyupALSgForvVCkyHahycVL6pGpPO3M=&6N=uFu_uEha_vdqrt9 http://www.qj0yean.us/9upe/	15 Info www.qj0yean.us(91.195.240.123) www.wewear-jim.com(91.195.240.117) www.elenasurace.com(62.149.189.71) www.webwheelsmedia.com(162.241.253.78) www.rkq86.website(137.175.115.33) www.applesolve.com(188.116.38.155) www.book-of-degen.xyz(75.2.60.5) 162.241.253.78 - malware 75.2.60.5 - mailcious 137.175.115.33 91.195.240.117 - mailcious 62.149.189.71 45.33.6.223 91.195.240.123 - mailcious 188.116.38.155			13.2	M	40	ZeroCERT

43948	2024-04-19 13:18	H8w3nxJQ4Gya5ED.scr 75fd7827bbf0b22f48275d5882af458f AgentTesla Generic Malware Malicious Library .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Windows Browser Email ComputerName Cryptographic key Software crashed keylogger	1 Keyword trend analysis	2	1		15.0	M	46	ZeroCERT

43949	2024-04-19 13:19	Amzey.exe 926fc8b724cc682d97cf0849c0fcbda3 Generic Malware WinRAR Malicious Library UPX Antivirus PE File PE32 OS Processor Check PowerShell VirusTotal Malware powershell PDB suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Remote Code Execution Cryptographic key					6.4	M	19	ZeroCERT

43950	2024-04-19 13:20	Factura_SA161.pdf.lnk 6b602c96ff01c4f55c7a625b2358a988 Generic Malware Suspicious_Script_Bin NSIS Hide_EXE Downloader UPX Malicious Library Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persiste VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI heapspray Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW installed browsers check Interception Windows Browser ComputerName DNS Cryptographic key	1 Keyword trend analysis	2	7 Info ET INFO Dotted Quad Host PDF Request ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Executable Download from dotted-quad Host ET INFO Embedded Executable File in PDF - This Program Cannot Be Run in DOS Mode ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download		18.4	M	24	ZeroCERT