Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
44191	2024-05-08 08:02	artifact.exe 3a87727e80537e3d27798bc4af55a54b Malicious Library PE64 PE File Malware download Cobalt Strike Cobalt Malware c&c buffers extracted RWX flags setting unpack itself ComputerName DNS	2 Keyword trend analysis	1	4	3.0	M		ZeroCERT

44192	2024-05-08 08:04	candy.exe 9eefd6a7ded126926524719593d0ac07 EnigmaProtector Malicious Packer PE File PE32 ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory buffers extracted unpack itself Windows utilities Collect installed applications suspicious process AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed	1 Keyword trend analysis	5	6 Info ET MALWARE RisePro TCP Heartbeat Packet SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE RisePro CnC Activity (Inbound) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)	12.2	M		ZeroCERT

44193	2024-05-08 08:07	ngrok.exe f886615860dbbcd3fe966cf1c79203f9 Malicious Library Malicious Packer UPX PE64 PE File wget OS Processor Check sandbox evasion WriteConsoleW				1.8	M		ZeroCERT

44194	2024-05-09 07:36	eee01.exe 0576835e3964b2d0bd3a87c3c80115b2 Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File PE32 MZP Format VirusTotal Malware unpack itself AntiVM_Disk VM Disk Size Check				3.0	M	18	ZeroCERT

44195	2024-05-09 07:37	lomik.exe 9fd353d70e6814ecb7ab0c866feb6b7e EnigmaProtector Malicious Packer PE File PE32 ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory buffers extracted unpack itself Windows utilities Collect installed applications suspicious process AntiVM_Disk WriteConsoleW anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed	1 Keyword trend analysis	5	8 Info ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)	12.2	M	38	ZeroCERT

44196	2024-05-09 07:38	update.exe bd4fecd7009225a2618b2a47d9bcf6e5 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware				1.8	M	37	ZeroCERT

44197	2024-05-09 07:39	AlterableStockstill.exe e4680b5d58eb24f57fa55432f03bead9 Generic Malware Malicious Library PE File PE32 VirusTotal Malware Remote Code Execution				2.2	M	54	ZeroCERT

44198	2024-05-09 07:42	mimi.exe 201cd297b3a0fe2bbe24c8dd42747c08 Malicious Packer UPX PE64 PE File OS Processor Check VirusTotal Malware unpack itself				1.8		44	ZeroCERT

44199	2024-05-09 11:02	.hta 18dbd534f0a9f76cfb874a7a7e688c90 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PowerShell Lnk Format GIF Format ZIP Format Vulnerability VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	1	2	12.4	M	24	ZeroCERT

44200	2024-05-09 11:02	2.hta bb537c9f88a70e710c5993e3fe383bb6 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PowerShell Lnk Format GIF Format ZIP Format VirusTotal Email Client Info Stealer Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Exploit Email ComputerName DNS Cryptographic key crashed	2 Keyword trend analysis	1	2	12.4	M	24	ZeroCERT

44201	2024-05-09 11:05	3.hta 4ab94c892e634430c8eabae82af4d875 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PowerShell Lnk Format GIF Format ZIP Format Vulnerability VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	1	2	12.4	M	24	ZeroCERT

44202	2024-05-09 11:05	4.hta 1e5a563b24dd2e44b449042b69ddbd7c Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PowerShell Lnk Format GIF Format ZIP Format VirusTotal Email Client Info Stealer Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Exploit Email ComputerName DNS Cryptographic key crashed	2 Keyword trend analysis	1	2	12.4	M	24	ZeroCERT

44203	2024-05-09 11:06	1.hta cc022fea5d0660e1e221b02d2c55553b Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PowerShell ZIP Format Lnk Format GIF Format Vulnerability VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	1	2	12.4	M	24	ZeroCERT

44204	2024-05-09 11:06	beautifulgirlsarerememberingth... 5e1a930f016dadf045d8962abfc13581 MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Windows Exploit DNS crashed Downloader	6 Keyword trend analysis Info http://www.gregoriusalvin.com/a42m/ http://www.qeintechnologies.com/IYiwE0.bin http://192.3.109.149/20780/hjv.exe http://www.sqlite.org/2020/sqlite-dll-win32-x86-3330000.zip http://www.tintasmaiscor.com/a42m/ http://www.gregoriusalvin.com/a42m/?R2SEOS=6CH/YRMAK7aydmoeIYug/5bPLtmJ66q3593I/qH1Euv5gdtO1aVIO5sIkdD8Uy+PegRauaWIQNwg1s6QWSBfdi8lbfjBcXeXE7/rv5fmweeN04I7MmJWMdAH+Ho2e4yDZBqoJ1k=&PvPh=CYalcyam-GQM6F	13 Info www.italiangreyhounds.online() www.gregoriusalvin.com(103.247.10.164) www.qeintechnologies.com(199.217.106.226) www.tintasmaiscor.com(162.240.81.18) www.designsbysruly.com() www.gcashservice247.com() www.weeveno.com() www.infomail.website() 199.217.106.226 192.3.109.149 - mailcious 45.33.6.223 162.240.81.18 - mailcious 103.247.10.164	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE FormBook CnC Checkin (GET) M5	5.4	M	34	ZeroCERT

44205	2024-05-09 11:08	rakshasa.exe 653247865f2d222abc8ad696d6e756e3 Malicious Library Malicious Packer UPX PE64 PE File VirusTotal Malware Check virtual network interfaces WriteConsoleW				2.0	M	18	ZeroCERT