Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
44446	2024-05-21 15:44	pyramidzx.scr 8b55653ee4d81ebca0bdc88e3b5fc942 LokiBot Malicious Library .NET framework(MSIL) UPX PWS DNS AntiDebug AntiVM PE File .NET EXE PE32 ActiveXObject OS Processor Check VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs					8.2		32	ZeroCERT

44447	2024-05-21 15:46	123.exe d1ec6dbbe13ed8451b267702350c12c6 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.4	M	58	ZeroCERT

44448	2024-05-21 15:47	Payment_Advice.scr 2e488e75f59f35f2a52e403254f6ac4b Malicious Library .NET framework(MSIL) UPX AntiDebug AntiVM PE File .NET EXE PE32 ActiveXObject OS Processor Check VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself					7.2		37	ZeroCERT

44449	2024-05-21 15:52	loudzx.scr ed7336086b1e5267c0d4863325956be2 Generic Malware Malicious Library .NET framework(MSIL) UPX AntiDebug AntiVM PE File .NET EXE PE32 ActiveXObject OS Processor Check DLL Browser Info Stealer VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder Browser		15 Info www.primeplay88.org(91.195.240.19) www.mrart.co.kr(183.111.183.31) www.99b6q.xyz() www.besthomeincome24.com() www.xn--matfrmn-jxa4m.se(194.9.94.86) www.terelprime.com(66.96.161.166) www.kinkynerdspro.blog(54.38.220.85) www.aceautocorp.com(198.12.241.35) 91.195.240.19 - mailcious 54.38.220.85 - mailcious 66.96.161.166 45.33.6.223 194.9.94.85 - mailcious 183.111.183.31 198.12.241.35	1		10.8		38	ZeroCERT

44450	2024-05-21 15:52	utradvices.scr 4422a3da13d83812a791341547d90b9a Malicious Library .NET framework(MSIL) UPX PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 ActiveXObject OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	3 Keyword trend analysis	6	7 Info ET DNS Query to a .tk domain - Likely Hostile ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check	1	13.8	M	26	ZeroCERT

44451	2024-05-22 10:12	RISO_Fox.exe 1ebac077529a8693f5b474fc0996d1d8 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.4		40	ZeroCERT

44452	2024-05-22 10:12	Setup.exe a4e84bdb6fba7b3c5689b0f2bc5ec858 Generic Malware PE File PE32 PNG Format VirusTotal Malware Check memory Checks debugger unpack itself ComputerName Remote Code Execution crashed					2.8		12	ZeroCERT

44453	2024-05-22 10:14	svchost.exe f55d89f82515bde23bb272f930cb9492 Malicious Library Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key					4.0	M	53	ZeroCERT

44454	2024-05-22 10:17	v1.exe cd957aab73baa2b3aa0fd281f7d58a94 Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Windows ComputerName					5.2	M	55	ZeroCERT

44455	2024-05-22 10:17	AsyncClient.exe 6b0b8eb689573a0cbd1597e249fc4606 AsyncRAT Malicious Library Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware DNS		1			3.4		59	ZeroCERT

44456	2024-05-22 10:19	XClient.exe c3e0f159ef3e1c62acf8de87b9c966ca Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName					3.8	M	58	ZeroCERT

44457	2024-05-22 10:25	win1.exe 26125c571d6225959832f37f9ac4629a Malicious Library Malicious Packer Antivirus .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself					1.8	M	37	ZeroCERT

44458	2024-05-22 10:27	output.exe 461e951ba79964b681e9a8bc9d61a92c HermeticWiper PhysicalDrive Generic Malware Malicious Library Malicious Packer Antivirus UPX PDF AntiDebug AntiVM PE File PE32 OS Processor Check ZIP Format VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities AppData folder sandbox evasion installed browsers check Windows Browser ComputerName Remote Code Execution DNS Cryptographic key	5 Keyword trend analysis Info http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip	1			17.6	M	49	ZeroCERT

44459	2024-05-22 10:27	alabi.exe 794a7bc49c07d085d9e3cd15515f961d Generic Malware Antivirus PE File .NET EXE PE32 VirusTotal Malware powershell AutoRuns suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows ComputerName DNS Cryptographic key		1			9.6	M	41	ZeroCERT

44460	2024-05-22 10:31	crt.exe c13b43283da602b0b4111a7cff90a26c Emotet Gen1 Generic Malware Malicious Library UPX PE File PE32 MZP Format DllRegisterServer dll OS Processor Check PE64 DLL ftp VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName crashed					3.6	M	9	ZeroCERT