Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
44026	2024-04-24 09:24	45692.exe 5f0bd8c5cc15d405a006bd023b8d3a6c Malicious Library UPX PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself				1.6	M	28	ZeroCERT

44027	2024-04-24 13:21	ireallywanthowimportantthisgir... b4b0c10dc8fb59ed963fe34b31f6da3e MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	7 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 17 ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	4.6		33	ZeroCERT

44028	2024-04-25 10:22	HJC.exe da7c2473b5c455f25f420827af596286 Malicious Library UPX PE File DllRegisterServer dll PE32 MZP Format VirusTotal Malware RWX flags setting unpack itself Tofsee Interception crashed		2	1	4.2		52	ZeroCERT

44029	2024-04-25 10:23	ireallywanthoimportantthisgirl... 956ae61939b3dc9f9bbaed850423740b MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	7 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 17 ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	4.6	M	37	ZeroCERT

44030	2024-04-25 10:25	pros.scr 097b18a8698466754be20ba312481236 AgentTesla Malicious Library PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Browser Email ComputerName Software crashed				10.0	M	32	ZeroCERT

44031	2024-04-25 10:25	HJC.exe 2cc30d206669699e58870623365fef82 Malicious Library UPX PE File DllRegisterServer dll PE32 MZP Format VirusTotal Malware RWX flags setting unpack itself Tofsee Interception crashed		2	1	4.2		53	ZeroCERT

44032	2024-04-26 07:22	tiktok.exe 6c93fc68e2f01c20fb81af24470b790c Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB				2.2		36	ZeroCERT

44033	2024-04-26 07:22	nikto.exe 6795efba98699a0cae3c4f729b83ace9 Themida Packer Admin Tool (Sysinternals etc ...) Malicious Packer UPX PE File PE32 ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory buffers extracted unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName Firmware DNS Software crashed	1 Keyword trend analysis	5	6 Info ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)	15.4		28	ZeroCERT

44034	2024-04-26 13:21	AdvancedIPScanner.msix c79834aec56238560ad7f9fb7e96bc85 ZIP Format VirusTotal Malware				0.6		11	ZeroCERT

44035	2024-04-26 13:23	ad.msi 666151c11b7899a0c764abe711d3f9b3 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX MSOffice File CAB OS Processor Check PE File DLL PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AppData folder AntiVM_Disk VM Disk Size Check ComputerName				2.6		5	ZeroCERT

44036	2024-04-26 14:45	fxYvCG6c.exe c228f16074d1919a6bf30642a6e6541e Generic Malware Malicious Library Malicious Packer Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process Windows ComputerName Cryptographic key				8.6	M	55	guest

44037	2024-04-27 04:03	13357A53F4C23BD8AC44790AA1DB32... 204801e838e4a29f8270ab0ed7626555 Emotet Generic Malware Malicious Library UPX PE File PE32 MZP Format OS Processor Check DLL PE64 VirusTotal Malware Checks debugger Creates executable files unpack itself AppData folder crashed		1		4.0		46	guest

44038	2024-04-27 10:35	0095a2ddc9363c91fc497296555de1... aa0b53e96cbf0d9acbeccd55c4b83d75 RedLine Infostealer RedLine stealer RedlineStealer Malicious Library Confuser .NET .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key		1		3.8		56	guest

44039	2024-04-27 11:56	Exodus.exe 3b43da1be0c39802b78f6b2c55c4d7e6 PE64 PE File VirusTotal Malware DNS		4	2	2.2	M	39	ZeroCERT

44040	2024-04-27 11:58	loader-1000.exe 705685a8deace858e7fc849471c045f3 NSIS Generic Malware Malicious Library UPX Antivirus PE File PE32 PowerShell DLL OS Processor Check VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key	8 Keyword trend analysis Info http://185.172.128.59/ISetup1.exe http://apps.identrust.com/roots/dstrootcax3.p7c http://240216234727901.mjj.xne26.cfd/f/fvgbm0216901.txt https://d68kcn56pzfb4.cloudfront.net/load/dl.php?id=456 https://d68kcn56pzfb4.cloudfront.net/load/dl.php?id=425&c=1000 https://d68kcn56pzfb4.cloudfront.net/load/dl.php?id=444 https://d68kcn56pzfb4.cloudfront.net/load/load.php?c=1000 https://d68kcn56pzfb4.cloudfront.net/load/th.php?c=1000	8	7 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 32 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	12.0	M	24	ZeroCERT