Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
44836	2024-06-04 07:26	legendainstalls.exe da85889e565ecc8279c0d3b12ea0b40b Generic Malware UPX Malicious Library Malicious Packer PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder WriteConsoleW crashed				3.6	M	31	ZeroCERT

44837	2024-06-04 07:29	win.exe f74e8a071b955f39231c4c209e30f1a3 Malicious Library Malicious Packer Antivirus UPX PE64 PE File OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself				2.0	M	46	ZeroCERT

44838	2024-06-04 07:31	kano.exe 439dafb5ed95e1036a120948e7996ea0 Malicious Packer Anti_VM PE File PE32 ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory buffers extracted unpack itself Windows utilities Collect installed applications suspicious process AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed	1 Keyword trend analysis	5	8 Info ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) ET MALWARE [ANY.RUN] RisePro TCP (Activity)	12.6	M	31	ZeroCERT

44839	2024-06-04 07:33	amm.exe 66d2e8e0fbc5b35bb09587834841f50e Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed				2.4	M	51	ZeroCERT

44840	2024-06-04 07:35	0603.exe d4bed9420bd66fbf3c483e1dacabb726 Gen1 Generic Malware Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware PDB RWX flags setting unpack itself Remote Code Execution DNS		1		3.4	M	31	ZeroCERT

44841	2024-06-04 07:37	igcc.exe cfaef1fbcfc3a09ccc8baf621b681025 AgentTesla Malicious Library .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	4	3	12.6	M	31	ZeroCERT

44842	2024-06-04 09:13	ATHM.txt.exe 4cadcfbc01966e7247d9baa9c39ad5bf Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Malware download Remcos VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS keylogger	1 Keyword trend analysis	3	2	11.8		64	ZeroCERT

44843	2024-06-04 09:25	lionsareinternationallykingoft... 99e65c433745f1db70b929bf97d855c7 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	3 Keyword trend analysis	6	2	4.2	M	34	ZeroCERT

44844	2024-06-04 09:25	ocean.scr fe4ebc62a5498c4d43699abe554febb0 Client SW User Data Stealer Backdoor RemcosRAT browser info stealer Google Chrome User Data Downloader Malicious Library .NET framework(MSIL) UPX ScreenShot Create Service Socket Escalate priviledges PWS Sniff Audio DNS Internet API KeyLogger AntiDebug An Browser Info Stealer Malware download Remcos VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check Windows Browser Email ComputerName DNS DDNS keylogger	1 Keyword trend analysis	4	4	14.0		46	ZeroCERT

44845	2024-06-04 09:27	X.vbs d5313cc18e38615e3a8eb94ea331cf1d Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	5	1	9.2	M	6	ZeroCERT

44846	2024-06-04 09:33	avg_secure_browser_setup.exe 60feb08011db31607cee2a5bc1f2206f HermeticWiper NSIS Generic Malware PhysicalDrive Malicious Library UPX Malicious Packer PE File PE32 DLL DllRegisterServer dll OS Processor Check PE64 MSOffice File CAB Browser Info Stealer VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Collect installed applications Auto service Check virtual network interfaces AppData folder AntiVM_Disk sandbox evasion anti-virtualization VM Disk Size Check installed browsers check Tofsee Ransomware Fortinet Windows Browser ComputerName Firmware DNS	5 Keyword trend analysis Info http://update.avgbrowser.com/service/update2 http://apps.identrust.com/roots/dstrootcax3.p7c http://update.avgbrowser.com/service/update2?cup2key=9:283269675&cup2hreq=aa761c4c78c12df5c3450c172e959808e6ee2cca746d691e17a93b16d42cf812 http://browser-update.avg.com/browser-avg/win/x64/109.0.24111.121/AVGBrowserInstaller.exe https://stats.securebrowser.com/?_=1717476269278&retry_tracking_count=0&last_request_error_code=0&last_request_error_message=&last_request_status=0&last_request_system_error=0&request_proxy=0	8	2	21.0		3	ZeroCERT

44847	2024-06-04 09:57	StatRKZU.msi b896c2b2ae51f7100a342c73f5062896 MSOffice File CAB VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check ComputerName				3.4		40	ZeroCERT

44848	2024-06-04 10:14	StatRKZU.msi b896c2b2ae51f7100a342c73f5062896 ScreenShot AntiDebug AntiVM MSOffice File CAB Lnk Format GIF Format Malware download NetWireRC VirusTotal Email Client Info Stealer Malware Campaign suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Konni Browser RAT Email ComputerName	3 Keyword trend analysis	2	3	6.8		40	ZeroCERT

44849	2024-06-04 10:19	temp1.zip 25d2fe0a75b2e677c1ce76e732c5b59c ZIP Format VirusTotal Malware IP Check Tofsee DNS		4	6 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET INFO DYNAMIC_DNS Query to a *.likescandy .com Domain ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY External IP Lookup SSL Cert Observed (ipinfo .io) SURICATA Applayer Wrong direction first Data	2.0		10	ZeroCERT

44850	2024-06-04 11:06	BjDYewiY.vbs 7b5b8d04475bc1ebbb77601f57e3e625 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	3	1	8.6		23	ZeroCERT