Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
44311	2024-05-16 07:34	crt.exe 7d26f511c2149b527c48face0a8a476d Emotet Gen1 Generic Malware Malicious Library UPX PE File PE32 MZP Format PE64 DLL OS Processor Check ftp DllRegisterServer dll Check memory Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName crashed				3.2			ZeroCERT

44312	2024-05-16 07:36	Windows.exe b3390afd5206f8b49b32382041b80c2b Ave Maria WARZONE RAT Generic Malware Malicious Library Downloader Malicious Packer UPX Antivirus PE File PE32 OS Processor Check VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself suspicious process WriteConsoleW Windows ComputerName Remote Code Execution DNS Cryptographic key		1		9.8	M	66	ZeroCERT

44313	2024-05-16 07:37	crypted.exe 8246f422d28415bbb58d8fa3e2891817 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed				2.0	M	36	ZeroCERT

44314	2024-05-16 07:38	taskmgr.exe 73309cc961f9645c1c2562ffcdc2dab1 Malicious Library Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key				4.0	M	58	ZeroCERT

44315	2024-05-16 07:38	danko.exe 2708fe8f7c8cd46754f3d60ba1ee5244 EnigmaProtector Malicious Packer PE File PE32 ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory buffers extracted unpack itself Windows utilities Collect installed applications suspicious process AntiVM_Disk WriteConsoleW anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed	1 Keyword trend analysis	5	8 Info ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) ET MALWARE [ANY.RUN] RisePro TCP (Activity)	12.4	M	40	ZeroCERT

44316	2024-05-16 08:44	Kaxhwswfup.exe 133fda00a490e613f3a6c511c1c660eb Hide_EXE Malicious Library .NET framework(MSIL) Anti_VM PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself ComputerName				2.2	M	43	ZeroCERT

44317	2024-05-16 08:59	x103.log 5c3eb8c100cef5725d79a35664e58646 UPX PE File PE32 VirusTotal Malware Check memory buffers extracted unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check Browser DNS		1	1	5.6	M	43	ZeroCERT

44318	2024-05-16 09:01	beautifulflowerwhenraiseinthev... 6d3be789542f3bb48e47dad639120a19 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself IP Check Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	4	8 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5.0	M	35	ZeroCERT

44319	2024-05-16 09:02	everythinggoingfineandgreatwit... 92f0065ee050a8dcd89fc59eddb048c7 MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Windows Exploit DNS crashed Downloader	3 Keyword trend analysis Info http://www.butterflygroup.net/ht3d/?ARr=TaJuVXa8zD69E3rzgnBHcrtXTrwOaZM8cT0N/R70fGbWZvadCJ+iOLXrNCS6WQsHODSZZ5YX&ndlpiZ=u4ftAr7xpX7P http://www.aaditt.com/ht3d/?ARr=Jxa8xlTunEPBVne4oi/bIU6b5tyucP/prE9/dQtU4ejg32tqlJ0LdPdUuJRqPlVl4EhKaSuV&ndlpiZ=u4ftAr7xpX7P http://23.94.36.162/4506/vnc.exe	8	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE FormBook CnC Checkin (GET)	5.2	M	37	ZeroCERT

44320	2024-05-16 09:04	Ifeanyi.exe 96cb932974b4d07cf7d11caef8c1d590 AgentTesla Malicious Library PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	2	3	11.8	M	48	ZeroCERT

44321	2024-05-16 09:04	br.msi cbd6f6f7682366b65948238e0d1f03e5 Generic Malware MSOffice File CAB VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName	1 Keyword trend analysis	2		3.0		20	ZeroCERT

44322	2024-05-16 09:06	rem.exe 06f5b8dffc6c138828adbc7f29cfc7f0 Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check Remcos VirusTotal Malware AutoRuns Check memory Windows DDNS DoTNet keylogger		2	3	3.2	M	64	ZeroCERT

44323	2024-05-16 09:07	akurg.exe 6bef283833fa82a12f2a6a73fb43a4bb Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed keylogger	1 Keyword trend analysis	2	3	8.6	M	35	ZeroCERT

44324	2024-05-16 09:08	cmd.ps1 7801b02953637126c9012fd6e630f790 Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check VirusTotal Malware DNS crashed		1		2.2	M	40	ZeroCERT

44325	2024-05-16 09:08	meter2.exe b2956ff8340e2b2eb4aa41fe953486f2 Malicious Library Malicious Packer PE File PE32 VirusTotal Malware unpack itself DNS		1		3.6	M	61	ZeroCERT