Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
44116	2024-05-03 15:53	svchosts.exe 10e53496bc04214f85f2ba5688430edb XMRig Miner Generic Malware Malicious Library Malicious Packer UPX PE File DllRegisterServer dll PE32 OS Processor Check PE64 VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns Check memory Creates executable files unpack itself Auto service Check virtual network interfaces WriteConsoleW Windows ComputerName Remote Code Execution Firmware					6.6		53	ZeroCERT

44117	2024-05-03 15:54	buben.exe 89614bcd95a77224939391e14e6a45d4 EnigmaProtector Malicious Packer PE File PE32 Malware download VirusTotal Malware AutoRuns MachineGuid unpack itself Windows utilities suspicious process WriteConsoleW IP Check Tofsee Windows RisePro ComputerName DNS crashed	1 Keyword trend analysis	5	6 Info ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE [ANY.RUN] RisePro TCP (External IP)		7.6	M	31	ZeroCERT

44118	2024-05-03 15:56	system.exe 059d9888296f3847e68774bf2adb2225 Generic Malware Malicious Library UPX PE File DllRegisterServer dll PE32 OS Processor Check VirusTotal Malware Windows Remote Code Execution DNS crashed	1 Keyword trend analysis	1	2		2.8	M	55	ZeroCERT

44119	2024-05-03 16:00	get300.exe 4cea9711ee6cf7c880c00246253fd14a Generic Malware Malicious Library UPX Antivirus AntiDebug AntiVM PE64 PE File PowerShell PE32 OS Processor Check VirusTotal Malware powershell Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization Tofsee Windows ComputerName DNS Cryptographic key crashed	7 Keyword trend analysis Info http://193.233.132.234/files/setup.exe http://apps.identrust.com/roots/dstrootcax3.p7c http://193.233.132.234/files/thterh.exe https://yip.su/RNWPd.exe - rule_id: 37623 https://realdeepai.org/6779d89b7a368f4f3f340b50a9d18d71.exe https://pastebin.com/raw/V6VJsrV3 - rule_id: 37255 https://skategirls.org/baf14778c246e15550645e30ba78ce1c.exe	15 Info skategirls.org(104.21.55.197) jonathantwo.com(104.21.31.124) realdeepai.org(104.21.90.14) pastebin.com(104.20.4.235) - mailcious yip.su(172.67.169.89) - mailcious 172.67.193.79 172.67.176.131 121.254.136.18 185.172.128.59 - malware 104.21.79.77 - phishing 193.233.132.234 - mailcious 193.233.132.175 - malware 104.21.90.14 172.67.19.24 - mailcious 172.67.172.161	9 Info ET DNS Query for .su TLD (Soviet Union) Often Malware Related SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DROP Spamhaus DROP Listed Traffic Inbound group 37 ET DROP Spamhaus DROP Listed Traffic Inbound group 32 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	2	21.6	M	44	ZeroCERT

44120	2024-05-04 14:17	webeautifultogetitbackwithenti... 626acb4c6c9d2819c4cde10a34b9df73 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	3		4.6	M	34	ZeroCERT

44121	2024-05-04 14:18	shelovedsomeonetounderstandthe... a2b050f9634ea0c8cb1456e13b59b505 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself IP Check Tofsee Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	3	9 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.4	M	35	ZeroCERT

44122	2024-05-04 14:19	youhaveonefilefortody.vbs d8042714120e0e780d00490e045a2816 VirusTotal Malware VBScript wscript.exe payload download Creates shortcut Check virtual network interfaces Tofsee Dropper	1 Keyword trend analysis	2	2		10.0	M	21	ZeroCERT

44123	2024-05-04 14:20	prnportsixinfromationalprotect... 49e3c07508aa3f53a67fbec97fa07dc1 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	3 Keyword trend analysis	6	3		4.6	M	35	ZeroCERT

44124	2024-05-04 14:21	yohan.exe 7f991bd7699126d6cca12241de7e7c44 Generic Malware Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware Checks debugger Disables Windows Security Windows DNS		1			4.4	M	48	ZeroCERT

44125	2024-05-04 14:22	wewanthowthemagicalwordshappen... b113b57d6e1f23380163d91dcfa68a5a MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	3		5.0	M	38	ZeroCERT

44126	2024-05-04 14:24	Archivenfromationalprotectiont... 2b9ab36214ca6de144e42468706d2c64 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed	3 Keyword trend analysis	6	2		4.6	M	38	ZeroCERT

44127	2024-05-04 14:24	hotstuffnewrdp.vbs bf7046a9d40c33822cbf5dea1c9629ec VirusTotal Malware VBScript wscript.exe payload download Creates shortcut Check virtual network interfaces Tofsee DNS Dropper	1 Keyword trend analysis	3	2		10.0	M	11	ZeroCERT

44128	2024-05-04 14:26	master.exe eb508c21c59a7fff7924f7243e5949e8 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware					1.8	M	51	ZeroCERT

44129	2024-05-05 10:17	ExcUserFault_imagent-2024-04-2... 1194e4a6c9cc73464db69aed6aa4dedd AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.4			guest

44130	2024-05-05 10:33	T76434567000.exe fbccdd35ee6dccadaeaa69e37fbbd171 Generic Malware Suspicious_Script_Bin Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	3 Keyword trend analysis	6	7 Info ET DNS Query to a .tk domain - Likely Hostile ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check		11.0		34	ZeroCERT