Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
44176	2024-05-07 14:39	winin-checker.exe 4149f3a009a0d407a22c36d1ad3c4116 UPX PE64 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself ComputerName					2.4	M	50	ZeroCERT

44177	2024-05-07 14:42	156.exe 5b8cd5d7476ecc75bf63024abbc61827 Craxs RAT Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	4	3		14.4	M	30	ZeroCERT

44178	2024-05-07 14:44	winin.exe 18c7f4960a41689820dae3ed4449b06c PE64 PE File VirusTotal Malware		2			1.4	M	52	ZeroCERT

44179	2024-05-07 14:47	aioc_5.0.0.63_it.exe 8159129f7ea53b01c9d930c38052112e Malicious Library Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS		1			7.4	M	44	ZeroCERT

44180	2024-05-07 16:58	winin.exe 18c7f4960a41689820dae3ed4449b06c HelloXD Ransomware PE64 PE File VirusTotal Malware		2			1.4	M	51	r0d

44181	2024-05-07 17:05	libcef.exe d3466d3503d830cccdc003917572b7fc Generic Malware PE File PE32 VirusTotal Malware AutoRuns suspicious privilege RWX flags setting Windows DNS		3			4.4	M	51	r0d

44182	2024-05-07 17:58	1db61ae18c85d6aca77a4a3800af07... 1db61ae18c85d6aca77a4a3800af07b4 Generic Malware Malicious Library AntiDebug AntiVM VirusTotal Email Client Info Stealer Malware Code Injection Check memory Checks debugger unpack itself installed browsers check Browser Email					4.0		28	guest

44183	2024-05-08 07:50	ngrok.exe d028e35142a32bb77301ea582548c71a Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check VirusTotal Malware crashed					0.8	M	6	ZeroCERT

44184	2024-05-08 07:52	newexe.exe edcd9de4254f050ffa56e723be49c0c5 NSIS Generic Malware Malicious Library UPX Antivirus AntiDebug AntiVM PE64 PE File PowerShell PE32 OS Processor Check VirusTotal Malware powershell Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios Check virtual network interfaces suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW anti-virtualization Tofsee Windows ComputerName DNS Cryptographic key crashed	7 Keyword trend analysis Info http://193.233.132.234/files/setup.exe http://apps.identrust.com/roots/dstrootcax3.p7c http://nic-it.nl/games/index.php https://yip.su/RNWPd.exe - rule_id: 37623 https://realdeepai.org/6779d89b7a368f4f3f340b50a9d18d71.exe https://pastebin.com/raw/V6VJsrV3 - rule_id: 37255 https://onlycitylink.com/baf14778c246e15550645e30ba78ce1c.exe	20 Info jonathantwo.com(172.67.176.131) onlycitylink.com(104.21.18.166) realdeepai.org(172.67.193.79) firstfirecar.com(104.21.60.76) pastebin.com(172.67.19.24) - mailcious yip.su(172.67.169.89) - mailcious nic-it.nl(116.58.10.59) 172.67.193.79 172.67.19.24 - mailcious 104.21.60.76 182.162.106.33 - malware 172.67.169.89 193.233.132.234 - mailcious 81.183.132.103 104.21.31.124 - phishing 182.162.106.144 185.172.128.59 - malware 104.21.90.14 104.21.18.166 193.233.132.175 - malware	10 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 37 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET DROP Spamhaus DROP Listed Traffic Inbound group 32 ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP	2	21.6	M	23	ZeroCERT

44185	2024-05-08 07:52	ProjectE_5.exe aabe25c748360f1575c09d77cc281e07 Malicious Library UPX PE64 PE File Malware Malicious Traffic Checks debugger unpack itself ComputerName DNS	1 Keyword trend analysis	1			3.2			ZeroCERT

44186	2024-05-08 07:52	Isetup2.exe 6fbe36ef1d6599968f107c7b6eb19225 Generic Malware NSIS Antivirus Malicious Library UPX AntiDebug AntiVM PE64 PE File PowerShell PE32 OS Processor Check VirusTotal Malware powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios Check virtual network interfaces suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW anti-virtualization Tofsee Windows ComputerName DNS Cryptographic key crashed	7 Keyword trend analysis Info http://193.233.132.234/files/setup.exe http://apps.identrust.com/roots/dstrootcax3.p7c http://nic-it.nl/games/index.php https://pastebin.com/raw/xYhKBupz - rule_id: 36780 https://yip.su/RNWPd.exe - rule_id: 37623 https://realdeepai.org/6779d89b7a368f4f3f340b50a9d18d71.exe https://onlycitylink.com/baf14778c246e15550645e30ba78ce1c.exe	18 Info jonathantwo.com(104.21.31.124) onlycitylink.com(104.21.18.166) realdeepai.org(104.21.90.14) nic-it.nl(190.220.21.28) pastebin.com(172.67.19.24) - mailcious yip.su(104.21.79.77) - mailcious firstfirecar.com(104.21.60.76) 182.162.106.33 - malware 104.20.3.235 104.21.60.76 172.67.182.192 - mailcious 172.67.176.131 172.67.193.220 185.172.128.59 - malware 78.89.199.216 - malware 193.233.132.234 - mailcious 104.21.90.14 172.67.169.89	10 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 32 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET DROP Spamhaus DROP Listed Traffic Inbound group 37 ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET INFO EXE - Served Attached HTTP	2	20.2	M	22	ZeroCERT

44187	2024-05-08 07:54	rdbc.exe bebc3002ec0a3811aea8644a88bf590e Craxs RAT Malicious Library Socket AntiDebug AntiVM PE File .NET EXE PE32 PNG Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency PDB MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications AntiVM_Disk sandbox evasion anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed	1 Keyword trend analysis	5	4		15.0	M	19	ZeroCERT

44188	2024-05-08 07:57	Discord.exe f0d723bcc3e6a9b9c2bce6662d7c5075 AsyncRAT Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Tofsee DNS		5	1		2.0	M		ZeroCERT

44189	2024-05-08 07:59	cryptography_module_windows.ex... ec69806113c382160f37a6ace203e280 Gen1 Generic Malware Malicious Library UPX Anti_VM PE64 PE File OS Processor Check DLL ZIP Format VirusTotal Malware Check memory Creates executable files DNS		5			3.2	M	2	ZeroCERT

44190	2024-05-08 08:02	060.exe 95bc6944bac20cc15abd010760c63182 Emotet Gen1 Generic Malware Malicious Library UPX PE File PE32 MZP Format PE64 DLL OS Processor Check ftp DllRegisterServer dll Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName crashed					3.0	M		ZeroCERT