Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
44416	2024-05-19 10:36	vpn-1002.exe ccb630a81a660920182d1c74b8db7519 NSIS Generic Malware Downloader Malicious Library UPX Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 PowerS VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key crashed	7 Keyword trend analysis Info http://apps.identrust.com/roots/dstrootcax3.p7c http://240429000936002.mjt.kqri92.top/f/fvgbm0428902.txt https://d22hce23hy1ej9.cloudfront.net/load/dl.php?id=444&c=1002 https://d22hce23hy1ej9.cloudfront.net/load/th.php?a=2836&c=1002 https://cdn-edge-node.com/online_security_mkl.exe https://d22hce23hy1ej9.cloudfront.net/load/dl.php?id=458&c=1002 https://d2csnxzxwctx26.cloudfront.net/load/load.php?c=1002	11	3		10.2		24	ZeroCERT

44417	2024-05-19 10:38	gena.exe e823604de8e1907f31935dd778dc6686 EnigmaProtector Malicious Packer PE File PE32 ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory buffers extracted unpack itself Windows utilities Collect installed applications suspicious process AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed	1 Keyword trend analysis	5	7 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound)		13.4	M	46	ZeroCERT

44418	2024-05-19 10:38	inte.exe 3f77b69c60f28f076bd02d531490b300 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Malicious Traffic WMI Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS	1 Keyword trend analysis	1	1	1	5.4	M	58	ZeroCERT

44419	2024-05-19 10:38	inte.exe d4b94a173c3eacbb022ccbaba87776be Generic Malware Malicious Library PE File PE32 VirusTotal Malware unpack itself					2.4		43	ZeroCERT

44420	2024-05-19 10:51	crypted_9f4ae6b2.exe 98daa2d8ad0b3ee66a55d6d34090e76e Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.4		40	ZeroCERT

44421	2024-05-19 10:51	xmrig-notls.exe b03bd8c9b9965ed83232260719faedbf XMRig Miner Generic Malware Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check VirusTotal Malware unpack itself ComputerName					2.0		53	ZeroCERT

44422	2024-05-19 10:53	demo.exe 951a002246e2efab46649de942b7c775 Generic Malware Malicious Library Malicious Packer PE64 PE File VirusTotal Malware Code Injection unpack itself crashed					3.4	M	35	ZeroCERT

44423	2024-05-20 07:35	conhost.exe be320b59ef29060678bcb78d6c8fa059 Malicious Library UPX PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself crashed					2.0		20	ZeroCERT

44424	2024-05-20 07:40	build13.exe b99a7c6c9e6a2eb2945d894b2ce2c63b Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself DNS crashed		3			4.4	M	48	ZeroCERT

44425	2024-05-20 07:40	Document0984757478.exe c36f798f2646092c180c6fc904c418f7 Gen1 Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX Malicious Packer PE File Device_File_Check PE32 OS Processor Check DLL FormBook Browser Info Stealer Malware download VirusTotal Malware Checks debugger buffers extracted Creates executable files unpack itself AppData folder Browser DNS	12 Keyword trend analysis Info http://www.hidrapelenobrasil.shop/tnob/ http://www.vgyuren.icu/tnob/?M768=NZLAttDy15cbxmTAaaJAAhcdtbbzbdC6cQASBxA5nayYu/GOfC/5A+IahllAzFRUiFmSt5kq6F0oVQiv/GR/+8xUZyS/zwm/ST73YGuTYQJxL0QGvxJmA8+4HRiCsYQg+9RGN1M=&8VV=cbpI8Z http://www.vgyuren.icu/tnob/ http://www.infiniteiris.xyz/tnob/ http://www.agiluxer.com/tnob/ http://www.hidrapelenobrasil.shop/tnob/?M768=TPrZ4a0urPHyVFZKcsh5aEnGH6x10c+LVWP6ua7p29CzcHV40vt+Ed5yRYmyzTCpigI2rSAw2/G/eFm8oGlzQ7+/7cLR6wXoQapfC3ZuTGxBv6b1IEkJAtht8fY8zqhXw31ZFKk=&8VV=cbpI8Z http://www.arlobear.com/tnob/ http://www.arlobear.com/tnob/?M768=mRJtfJxmotkXpphcq/QE5FfNUlyuhqJ4xTDuf4BcDBVqwLPDVx7TaFjEYZ/wXCuyUE/EPLaluHW5tfzg79EX9lgH2c6h3RXVi7dgiQ81i4DOx3Z88Lcisl2d1B4Lf8dw8FhpRx8=&8VV=cbpI8Z http://www.astrologervijay.co.in/tnob/ http://www.sqlite.org/2017/sqlite-dll-win32-x86-3200000.zip http://www.agiluxer.com/tnob/?M768=xucYkVA0pSGnJLauQED+MX/AFeENqsoRBgDyCFwoPTJzowq3+SiQ/gcTvZgaze9ZduNu+YKWql+189tIlRko0A5LPpTiApeLXRVMRPzwdFYfTFxYQJVx/YqpG4REi2vAdvDqirs=&8VV=cbpI8Z http://www.infiniteiris.xyz/tnob/?M768=dKcAFocpbczRW7Ograh51MDLU8SGd9cCF4nhV6jObVdk20h2WG8oxGerRI8ZVjKSHAzMSzznD5M+/O7693UL+HQ2E52xXWoR98sgwtG4w7xMcOP0BgswZlze6fxvf5u2IXPt7lE=&8VV=cbpI8Z	22 Info www.likbez22.store() www.hidrapelenobrasil.shop(162.241.2.244) www.ablazeaiagents.com() www.astrologervijay.co.in(43.231.124.79) www.justgoodsin.com() www.sdshopping.org() www.agiluxer.com(74.208.236.41) www.infiniteiris.xyz(162.0.237.22) www.arlobear.com(46.30.215.3) www.artismeapparel.com() www.vgyuren.icu(192.207.62.21) 104.21.11.117 162.0.237.22 194.54.164.123 162.19.139.184 - mailcious 162.241.2.244 - mailcious 43.231.124.79 74.208.236.41 - mailcious 13.225.110.102 192.207.62.21 45.33.6.223 46.30.215.3	3		7.2	M	47	ZeroCERT

44426	2024-05-20 07:42	1234.exe d3a80c7a3a80478b08cc17522a55bb44 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself DNS crashed		3			4.4	M	48	ZeroCERT

44427	2024-05-20 07:45	random.exe d0d9b758764ced5f38eddd0f9c765b79 Amadey Gen1 RedLine stealer RedlineStealer XMRig Miner Generic Malware NSIS Downloader Malicious Library UPX .NET framework(MSIL) Malicious Packer MPRESS Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal cr Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Cryptocurrency Miner Malware Cryptocurrency powershell Microsoft Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Detects VMWare powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VMware anti-virtualization VM Disk Size Check installed browsers check Kelihos Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed CoinMiner	35 Keyword trend analysis Info http://5.42.96.7/lend/lumma1234.exe http://coatdetail.fun/load/download.php?c=1004 http://5.42.96.7/lend/lumma1.exe - rule_id: 39647 http://5.42.96.170/server/12/AppGate2103v01.exe http://file-file-host6.com/downloads/toolspub1.exe - rule_id: 39651 http://5.42.96.7/lend/gold.exe - rule_id: 39643 http://77.221.151.47/install.exe - rule_id: 39645 http://5.42.96.78/files/Silent.exe http://5.42.96.78/files/start-pub.exe http://x1.i.lencr.org/ http://riskarbs.com/wegergbsertter4/upd2.php?key=35c9606d64e49b301a865b7c11183bde http://5.42.96.78/files/setup.exe http://185.172.128.19/ghsdh39s/index.php - rule_id: 38300 http://riskarbs.com/wegergbsertter4/upd2.php http://185.172.128.19/Newoff.exe http://240429000936002.mjt.kqri92.top/f/fvgbm0428902.txt http://5.42.96.7/lend/redline1.exe - rule_id: 39644 http://5.42.96.7/lend/alex.exe - rule_id: 39642 http://apps.identrust.com/roots/dstrootcax3.p7c http://5.42.96.7/zamo7h/index.php - rule_id: 39641 http://5.42.96.78/files/file300un.exe - rule_id: 39648 https://free.360totalsecurity.com/totalsecurity/360TS_Setup_Mini_WW.Marketator.CPI20230405_6.6.0.1054.exe https://d22hce23hy1ej9.cloudfront.net/load/dl.php?id=458&c=1002 https://bitbucket.org/qwizzi/tt522222/downloads/GroceryExtensive.exe https://pastebin.com/raw/E0rY26ni - rule_id: 37702 https://d22hce23hy1ej9.cloudfront.net/load/th.php?a=2836&c=1002 https://d2csnxzxwctx26.cloudfront.net/load/load.php?c=1002 https://d22hce23hy1ej9.cloudfront.net/load/dl.php?id=458&c=2841 https://bbuseruploads.s3.amazonaws.com/c238a61a-be46-44a2-84f2-dcbe608a006a/downloads/8fa016f0-6b2d-4c55-8cd6-ae05fdfeb815/GroceryExtensive.exe?response-content-disposition=attachment%3B%20filename%3D%22GroceryExtensive.exe%22&AWSAccessKeyId=ASIA6KOSE3BNINPUTCTS&Signature=IVvaIU%2Bk4bXFTwvhHaqgth67tjM%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEKf%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIDHOADIhZOmbUC8wQ1L%2BkX9WHF%2FdFSks8rjm6Sn5NzrsAiB1CFSPGGFvrlKSS7LX7TJiMKBEs7aMEgNB41XNlRH4WyqnAgggEAAaDDk4NDUyNTEwMTE0NiIMtVvNiFxS3Qgrm54GKoQCmAs1%2BQPoHPpvDIFsbUjuIbSxWRYd6AvopjLc8FSc%2BU%2BOxJrbBvhRTHsIyyLHqb95Exs%2BirIbDYzqn7ZvmeNQm9VDbAE%2Bx4bA%2B4g4hc9GcY7zI6oOqEqIwGFUFRPxS7HPdlhe7HSVGxS2MFSNFGA%2FwgUEDbAlwWK1jY%2BJg9r2A9cozo6cLgQSDridHAVyt1A%2FVhp%2FbknQnZKStXWGPjMBvtUnIrDf%2BpVLUCZIAWF4bnjchi87vx55yIxJKOkXDfdWiZdqIidvZje9T9bsL30%2Fxf8YZ2%2BRy0us2lDP1b8c2vxUo2K5yHB9eXLcKTFLoQQX3u8ZltHOBIAb7Nwzn83wqTE18rsw8%2FmpsgY6ngFciXNYdFP9p1NaXoKomjNE7%2BHOdUeLPNl8PICjgQv%2BKBzqw91%2BAhrkwqMpiyaTGFTVP7JgmC4xxibwE1uTSoRdLEc6v%2BgmOIghtc4SdM41V0JgpV8WnNlGdGNnH8bZOg9NgZLoIVttU5%2Br6pA7b%2Fb7fqWsetNxECnXkxMpXiwC2S4KTUPvxRPefGUrNW8etLsOkMylbLtmzo1amRwzlQ%3D%3D&Expires=1716159483 https://d22hce23hy1ej9.cloudfront.net/load/th.php?a=2841&c=2841 https://d1vt2h4o64rfsv.cloudfront.net/load/load.php?c=2841&a=2841 https://d22hce23hy1ej9.cloudfront.net/load/dl.php?id=444&c=1002 https://yip.su/RNWPd.exe - rule_id: 37623 https://cdn-edge-node.com/online_security_mkl.exe https://iplogger.com/1lyxz	45 Info iplogger.com(172.67.188.178) - mailcious free.360totalsecurity.com(54.192.175.27) bbuseruploads.s3.amazonaws.com(3.5.20.106) - malware download.winzip.com(23.201.35.121) xmr.2miners.com(162.19.139.184) - mailcious file-file-host6.com(45.131.41.39) - malware d22hce23hy1ej9.cloudfront.net(13.225.110.102) coatdetail.fun(194.54.164.123) cdn-edge-node.com(104.21.11.117) 240429000936002.mjt.kqri92.top(94.156.35.76) riskarbs.com(109.98.58.98) d1vt2h4o64rfsv.cloudfront.net(18.244.65.223) x1.i.lencr.org(23.52.33.11) pastebin.com(172.67.19.24) - mailcious bitbucket.org(104.192.141.1) - malware d2csnxzxwctx26.cloudfront.net(18.64.13.116) adblock2024.shop(104.21.43.83) yip.su(104.21.79.77) - mailcious 94.207.16.210 18.244.65.34 121.254.136.130 54.192.175.27 13.225.110.24 104.21.43.83 172.67.188.178 - mailcious 179.43.158.2 5.42.96.170 172.67.169.89 185.215.113.67 - mailcious 61.111.58.35 - malware 104.21.11.117 77.221.151.47 - malware 185.172.128.19 - mailcious 45.131.41.39 52.217.138.209 13.225.110.102 104.20.3.235 - malware 194.54.164.123 5.42.96.7 - malware 104.192.141.1 - mailcious 109.98.58.98 5.42.96.78 - mailcious 23.41.113.9 18.64.13.116 162.19.139.184 - mailcious	22 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 1 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET DROP Spamhaus DROP Listed Traffic Inbound group 32 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET MALWARE Possible Kelihos.F EXE Download Common Structure ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) ET COINMINER Observed DNS Query to Cryptocurrency Mining Pool Domain (xmr .2miners .com) ET POLICY Cryptocurrency Miner Checkin SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Packed Executable Download ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET DNS Query to a .top domain - Likely Hostile ET INFO HTTP Request to a .top domain ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)		32.2	M	42	ZeroCERT

44428	2024-05-20 08:55	sdf34ert3etgrthrthfghfghjfgh.e... 7fce620eed38da6eb6552e1713e4fa84 Malicious Library Downloader Malicious Packer UPX PE File PE32 MZP Format OS Processor Check VirusTotal Malware Check memory unpack itself crashed					2.2	M	31	ZeroCERT

44429	2024-05-20 08:55	gena.exe e520f65d2af59a1c69a96809fd025d9b EnigmaProtector Malicious Packer PE File PE32 ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory buffers extracted unpack itself Windows utilities Collect installed applications suspicious process AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed	1 Keyword trend analysis	5	7 Info ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE RisePro CnC Activity (Inbound)		13.4	M	46	ZeroCERT

44430	2024-05-20 08:59	csrss.exe 591deb3212cb1720fa03640f6257b5dc Browser Login Data Stealer Gen1 EnigmaProtector Generic Malware UPX Malicious Library Malicious Packer AntiDebug AntiVM PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Telegram MachineGuid Code Injection Malicious Traffic Check memory WMI Creates executable files unpack itself Collect installed applications suspicious process sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Stealc Stealer Windows Browser Email ComputerName DNS Software crashed plugin	9 Keyword trend analysis Info http://142.93.40.72/msvcp140.dll http://142.93.40.72/freebl3.dll http://142.93.40.72/softokn3.dll http://142.93.40.72/ http://142.93.40.72/vcruntime140.dll http://142.93.40.72/nss3.dll http://142.93.40.72/sql.dll http://142.93.40.72/mozglue.dll https://t.me/obeliszxgeaea_1337	3	13 Info ET INFO TLS Handshake Failure ET INFO Observed Telegram Domain (t .me in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity		12.8	M	49	ZeroCERT