Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
44476	2024-05-23 18:04	xin.exe ca039a10eadbf91b4d5363e4f1090141 AntiDebug AntiVM MSOffice File Code Injection ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed		17 Info widget.uservoice.com(104.17.27.92) fonts.googleapis.com(74.125.203.95) camo.githubusercontent.com(185.199.108.133) www.google-analytics.com(142.250.76.142) 142.250.207.78 104.17.29.92 104.17.30.92 142.250.66.106 104.17.27.92 104.17.28.92 104.17.31.92 216.239.38.178 216.239.34.178 216.239.36.178 185.199.110.133 - malware 216.239.32.178 172.217.25.10	1		6.2	M		ZeroCERT

44477	2024-05-23 18:04	lionisthetruekingsofthejunglew... 0305665fe64e9a6f1ece3d43bc5d5112 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed	2 Keyword trend analysis	3	6 Info ET INFO Executable Download from dotted-quad Host ET HUNTING Suspicious csrss.exe in URI ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		4.2	M	32	ZeroCERT

44478	2024-05-23 18:06	crypted.exe 5f3aeb71b5f03a122bce55ffc079fa63 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.4	M	41	ZeroCERT

44479	2024-05-23 18:08	1.hta a77becccca5571c00ebc9e516fd96ce8 AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		4.6		25	ZeroCERT

44480	2024-05-23 18:09	csrss.exe b616cc8c02b88cff3a1d36ab29673399 NSIS Malicious Library UPX PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Ransomware					4.0	M	27	ZeroCERT

44481	2024-05-23 20:54	1.jpg d1a446c5c7563fb7901a33313ddb9d05 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					2.4	M	37	ZeroCERT

44482	2024-05-24 07:38	svc.exe 92c57dd80b764a028749520017d44e76 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself					2.0	M	61	ZeroCERT

44483	2024-05-24 07:40	GoogleUpdateTaskMachineQCW.exe 4e9292f02efc44abd5a2671439283405 PE64 PE File VirusTotal Cryptocurrency Miner Malware Cryptocurrency DNS CoinMiner		2	1		2.4		56	ZeroCERT

44484	2024-05-24 07:41	SrbijaSetupHokej.exe 528b9a26fd19839aeba788171c568311 Generic Malware Malicious Library UPX PE File PE32 MZP Format OS Processor Check PE64 VirusTotal Malware Checks debugger unpack itself AppData folder					2.0		2	ZeroCERT

44485	2024-05-24 07:41	rooma.exe 1dcce19e1a6306424d073487af821ff0 Generic Malware Malicious Library PE File PE32 DLL FormBook Browser Info Stealer Malware download VirusTotal Malware buffers extracted Creates executable files unpack itself AppData folder Browser DNS	19 Keyword trend analysis Info http://www.magmadokum.com/fo8o/?wZKEjc=qL3nKp+YSjoaTomnND+fiETGbzpIgkHGMW8DXsDTZ4AADrD7Wpn1kxM1jYW2/C2WhyBblBh5NUSWrO5bZjyCcVkJYbxxq5QITB2h2xAyEikjbcoqZSmDOCeIE8A+B7hyBKIW8mw=&Waqa=s-tm2C8j http://www.magmadokum.com/fo8o/ http://www.rssnewscast.com/fo8o/?wZKEjc=x3jV/ECx7FuzXOI+6CNaISj98UIEn47HyCIVaqWvGMMqpfz0YC5wNp/pxM1zEFNKv4nPeGfT8/lZrDaJmccs4488pD+gaHK32CxgTEs5a2vdBlM4hQBa8nlaMF5vesFSU19kJNk=&Waqa=s-tm2C8j http://www.3xfootball.com/fo8o/ http://www.donnavariedades.com/fo8o/ http://www.elettrosistemista.zip/fo8o/ http://www.rssnewscast.com/fo8o/ http://www.techchains.info/fo8o/ http://www.goldenjade-travel.com/fo8o/?wZKEjc=LFKqyrcu7g1NCa8bIVnmntQ0zrEKrQSprIMLtaWgKJ9bBKQr4dsn0J7ZoYUgIJ+R6Sel8OhXEcHhC7LyM9bkgjIIu2U6i6kbe5asCJcEX28JEcHJIWfCjODnuc7OiogdzaMrHf8=&Waqa=s-tm2C8j http://www.sqlite.org/2016/sqlite-dll-win32-x86-3130000.zip http://www.kasegitai.tokyo/fo8o/ http://www.goldenjade-travel.com/fo8o/ http://www.techchains.info/fo8o/?wZKEjc=vefd0teQh+kbruh+iKW53cdcsQD4oFyRDgCUoL90YCYLczV+Hcc/VZ2eVbboy/u5EgiS3CnxBclKZHyNJ/4ALr08/A/SWk5lVGufGp2P4fG4f3GonqE4cYuaa0/JNC0RZIlRWrU=&Waqa=s-tm2C8j http://www.antonio-vivaldi.mobi/fo8o/ http://www.3xfootball.com/fo8o/?wZKEjc=IhZyPQIGe6uK3zPwwQVGm4hCASyaX3xlW2eS79Xk6ut4afzj0LiRHBqZsEmyTx+18GfGhVOagMos+c9dx/PGjLGAfpOvJ7U3hUqpnKd0zHv/hQdGhX4G3JlCydyJ23yerjxn4r8=&Waqa=s-tm2C8j http://www.kasegitai.tokyo/fo8o/?wZKEjc=0LNqIGaAWMhMIMLOr1FzuAu+QFTp+Isr9lFre+yu3/9GvRNYi1uHghhDsQ/pqDAQ+wkUrFUIurr7TLyDqzId9vCn3h40hICDSYZjejM1bTxHHnFMxARLyMCZMUhSp6GMEGHL0HI=&Waqa=s-tm2C8j http://www.antonio-vivaldi.mobi/fo8o/?wZKEjc=PTl5gU/3CD/Xhg5KAVLGoeqWcilDUK5FTZuVmm6gfrwSjnBrSraU5xyBGUoA1k9xMbAGIU7PLJqf1PTsNd74L3d6+NgzbyGN2pTsiSyIeh1B8hC/nFfIu9UZrk9ku3J39HvVUu8=&Waqa=s-tm2C8j http://www.donnavariedades.com/fo8o/?wZKEjc=l+301ZvITCxaX9AA7VU8BaNl0giE4t3JgzctOQx29qSsrxX8kw490hU6vymbZWA2w8GmYCogcgx/MI4pNd8ITQiOXzox9fl9oCNBaJd4bIe7oyUKC5LhLVNYvjLZULJxgsfERiI=&Waqa=s-tm2C8j http://www.elettrosistemista.zip/fo8o/?wZKEjc=bO1UBvtoHFNUmlWB73HniX/lRhcpQxU1qF418M7UHpKKa2cgLZsmK6mwaSCrivds7LXL3uoK+MTOMGhYNdwtdjBMQu6yx1bfgOYvdpbzJPd/eSD2kHjCkD+QxgbYBRdZBXmxn1k=&Waqa=s-tm2C8j	20 Info www.elettrosistemista.zip(195.110.124.133) www.liangyuen528.com() www.magmadokum.com(85.159.66.93) www.techchains.info(66.29.149.46) www.donnavariedades.com(23.227.38.74) www.kasegitai.tokyo(202.172.28.202) www.3xfootball.com(154.215.72.110) www.goldenjade-travel.com(116.50.37.244) www.antonio-vivaldi.mobi(46.30.213.191) www.rssnewscast.com(91.195.240.94) 202.172.28.202 85.159.66.93 - mailcious 116.50.37.244 195.110.124.133 - mailcious 46.30.213.191 - mailcious 66.29.149.46 45.33.6.223 23.227.38.74 - mailcious 91.195.240.94 - phishing 154.215.72.110	3		6.6	M	60	ZeroCERT

44486	2024-05-24 07:42	Bypass3_Pure_Mode.exe 6e1e63e97c09758e3db18ea31bd95284 Generic Malware Malicious Library Malicious Packer UPX Antivirus Anti_VM PE File .NET EXE PE32 PE64 ftp OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger Creates executable files unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key					5.2	M	58	ZeroCERT

44487	2024-05-24 07:46	vax.exe efb0c31543ca816cd9a55cafd730224c Malicious Library Malicious Packer Antivirus .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Check memory Checks debugger unpack itself					0.8	M		ZeroCERT

44488	2024-05-24 07:47	Testing.exe 144f1b1c4b9cdad97d8dd1a3a89e7ea1 Suspicious_Script_Bin Malicious Library Malicious Packer Antivirus .NET framework(MSIL) UPX Confuser .NET PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Telegram Buffer PE AutoRuns Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder installed browsers check Tofsee Windows Browser DNS		4	6 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) ET HUNTING Telegram API Domain in DNS Lookup		7.0	M	60	ZeroCERT

44489	2024-05-24 07:47	sharonzx.exe 0b67adeb422396c047e87fa78a9e8e80 Loki LokiBot Generic Malware Malicious Library .NET framework(MSIL) Antivirus Socket PWS DNS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c powershell PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process malicious URLs WriteConsoleW installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	16 Info rocheholding.top(172.67.165.74) - malware 108.177.125.84 172.217.25.170 - malware 104.21.65.180 - mailcious 172.217.27.36 142.250.206.234 - malware 142.250.204.110 142.250.76.131 216.58.203.67 216.58.200.228 142.250.76.142 - mailcious 142.251.222.195 172.217.24.78 172.217.24.97 172.217.27.46 172.217.25.174 - mailcious	8 Info ET DNS Query to a .top domain - Likely Hostile ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP Request to a .top domain ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Fake 404 Response	1	16.0	M	40	ZeroCERT

44490	2024-05-24 07:47	Client.exe 7ac0adf482250172280defec7a7054da Malicious Library Malicious Packer Antivirus .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself DNS		1			2.6	M	63	ZeroCERT