Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
44551	2021-06-21 12:45	ferrari.exe d7cf6a60f9b30ae5ae5e0124b88f5b90 Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows DNS crashed				4.0	M	45	ZeroCERT

44552	2021-06-21 12:44	file.exe 58e5562209d50978efd614dd040ef4ca PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows crashed				3.2	M	36	ZeroCERT

44553	2021-06-21 12:40	jaws 04b3c04aa965443963cbe30966ff9d04 AntiDebug AntiVM VirusTotal Email Client Info Stealer Malware Code Injection Check memory Checks debugger unpack itself Browser Email				3.8		20	ZeroCERT

44554	2021-06-19 19:01	Setup.exe 5499fd2b9a83a2de834ba2539d2d210d PWS .NET framework Emotet Gen1 AsyncRAT backdoor BitCoin AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check DLL PE64 Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder AntiVM_Disk WriteConsoleW VMware IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key crashed	11 Keyword trend analysis Info http://ynabrdosmc.xyz/ http://yaklalau.xyz/ http://ipinfo.io/ip http://ipinfo.io/country https://ipqualityscore.com/api/json/ip/gp65l99h87k3l1g0owh8fr8v99dme/175.208.134.150 https://ssl.gstatic.com/gb/images/i1_1967ca6a.png https://www.google.com/ https://api.ip.sb/geoip https://iplogger.org/2qJhq6 https://www.google.com/images/hpp/Chrome_Owned_96x96.png https://ipinfo.io/country	18 Info ynabrdosmc.xyz(178.57.217.111) www.google.com(172.217.161.36) ssl.gstatic.com(172.217.31.163) yaklalau.xyz(141.136.0.74) iplogger.org(88.99.66.31) - mailcious everestsoftrade.com(68.65.120.87) - malware ipinfo.io(34.117.59.81) api.ip.sb(172.67.75.172) ipqualityscore.com(172.67.72.12) 172.67.75.172 178.57.217.111 141.136.0.74 88.99.66.31 - mailcious 142.250.66.36 68.65.120.87 - malware 142.250.66.99 34.117.59.81 172.67.72.12	7 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY Possible External IP Lookup ipinfo.io ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO TLS Handshake Failure SURICATA HTTP unable to match response to request	19.2	M	36	ZeroCERT

44555	2021-06-19 19:00	Toner-RecoverSetup.exe b1ca84cb3ebb2c3ecc6bc4707130c98b PWS .NET framework Emotet BitCoin AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic unpack itself Collect installed applications Check virtual network interfaces AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key crashed	8 Keyword trend analysis Info http://ynabrdosmc.xyz/ https://www.google.com/favicon.ico https://www.google.com/images/branding/googlelogo/1x/googlelogo_white_background_color_272x92dp.png https://ssl.gstatic.com/gb/images/i1_1967ca6a.png https://www.google.com/ https://api.ip.sb/geoip https://iplogger.org/2qJhq6 https://www.google.com/images/hpp/Chrome_Owned_96x96.png	10	3	13.4	M	13	ZeroCERT

44556	2021-06-19 10:16	aim-387176491.xlsm 11acc8a0e82823aff2bc5753ba941369 Check memory Creates executable files unpack itself suspicious process Tofsee DNS	2 Keyword trend analysis	4	2	4.0			guest

44557	2021-06-19 10:15	aim-386037884.xlsm 5e8b78d60a546712a68abedb64f3a455 Check memory Creates executable files unpack itself suspicious process Tofsee	2 Keyword trend analysis	4	2	3.4			guest

44558	2021-06-19 10:13	aim-386827314.xlsm 4b2be2409dbf11d8e43eb6784ecc258f Creates executable files unpack itself suspicious process Tofsee DNS	2 Keyword trend analysis	4	2	3.8			guest

44559	2021-06-19 10:13	aim-386818343.xlsm 5a55625270351cd035ffff122fcae85e Check memory Creates executable files unpack itself suspicious process Tofsee	2 Keyword trend analysis	4	2	3.4			guest

44560	2021-06-19 10:07	hut.exe 4ccbe3a8fa850367d5efde685a350d80 Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library PE File PE32 VirusTotal Malware RWX flags setting unpack itself Tofsee crashed	1 Keyword trend analysis	2	1	3.6	M	43	r0d

44561	2021-06-19 10:02	Pupdate.exe 84378601c313693fbd323d32c4ff677f Malicious Library PE File OS Processor Check PE32 PDB unpack itself Windows DNS crashed				2.8			ZeroCERT

44562	2021-06-19 10:02	maaacccc..exe 0061d17ff54d214c5ea6867cb815caea AgentTesla email stealer browser info stealer Google Chrome User Data DNS Socket KeyLogger Code injection ScreenShot persistence AntiDebug AntiVM PE File OS Processor Check PE32 VirusTotal Malware AutoRuns PDB Code Injection Check memory buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows DNS		1		10.4		44	ZeroCERT

44563	2021-06-19 10:02	lv.exe 80135410ab6846b7264a67e135530903 Gen1 Gen2 Malicious Library DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM PE File PE32 DLL OS P VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows DNS crashed		1		7.6		37	ZeroCERT

44564	2021-06-19 10:01	kk.exe b557a14d15bdb2a1ec7da60784c61ffe Raccoon Stealer PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows crashed				3.4		43	ZeroCERT

44565	2021-06-19 09:09	d3 cb34374f1b5fb771076872c6b14b7501 PE File PE32 VirusTotal Malware PDB				1.0		13	ZeroCERT