Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
45211	2024-06-09 09:34	nc.exe ba1a8e79b0354e180c88350f2fd965fe PE File PE32 VirusTotal Malware WriteConsoleW					2.4		46	ZeroCERT

45212	2024-06-09 09:34	RunasCs_net2.exe 92e567d0590f2763960910e4bb85a871 Generic Malware Antivirus PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself					2.0		46	ZeroCERT

45213	2024-06-09 09:36	chat.exe 4c0deb28ba6ff90d8dcd8113b494442b Malicious Library PE64 PE File VirusTotal Malware RWX flags setting DNS crashed		1			4.0	M	51	ZeroCERT

45214	2024-06-09 09:36	svchost.exe 2de9a9ecf306c424eab7ace09227090f Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself					2.0	M	60	ZeroCERT

45215	2024-06-09 09:38	SharpHound.ps1 310d06e1da8a16b5121ead4874f634fa Generic Malware Antivirus VirusTotal Malware Check memory unpack itself					1.6	M	35	ZeroCERT

45216	2024-06-09 09:39	work.exe fcd2251a8050b590a00cfe90dde9bd4c Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File PE32 VirusTotal Malware AutoRuns Creates executable files RWX flags setting unpack itself AppData folder Windows crashed					4.0	M	60	ZeroCERT

45217	2024-06-09 14:24	Satin06.exe 09ab6049a1abaac4ce2aef0dc60b6b6d Formbook Gen1 Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume Cry FormBook Browser Info Stealer Malware download VirusTotal Malware Checks debugger buffers extracted Creates executable files unpack itself AppData folder Browser DNS	21 Keyword trend analysis Info http://www.antonio-vivaldi.mobi/fo8o/?-g=PTl5gU/3CD/Xhg5KAVLGoeqWcilDUK5FTZuVmm6gfrwSjnBrSraU5xyBGUoA1k9xMbAGIU7PLJqf1PTsNd74L3d6+NgzbyGN2pTsiSyIeh1B8hC/nFfIu9UZrk9ku3J39HvVUu8=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39855 http://www.magmadokum.com/fo8o/ - rule_id: 39856 http://www.magmadokum.com/fo8o/?-g=qL3nKp+YSjoaTomnND+fiETGbzpIgkHGMW8DXsDTZ4AADrD7Wpn1kxM1jYW2/C2WhyBblBh5NUSWrO5bZjyCcVkJYbxxq5QITB2h2xAyEikjbcoqZSmDOCeIE8A+B7hyBKIW8mw=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39856 http://www.3xfootball.com/fo8o/ - rule_id: 39852 http://www.donnavariedades.com/fo8o/ - rule_id: 39861 http://www.donnavariedades.com/fo8o/?-g=l+301ZvITCxaX9AA7VU8BaNl0giE4t3JgzctOQx29qSsrxX8kw490hU6vymbZWA2w8GmYCogcgx/MI4pNd8ITQiOXzox9fl9oCNBaJd4bIe7oyUKC5LhLVNYvjLZULJxgsfERiI=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39861 http://www.3xfootball.com/fo8o/?-g=IhZyPQIGe6uK3zPwwQVGm4hCASyaX3xlW2eS79Xk6ut4afzj0LiRHBqZsEmyTx+18GfGhVOagMos+c9dx/PGjLGAfpOvJ7U3hUqpnKd0zHv/hQdGhX4G3JlCydyJ23yerjxn4r8=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39852 http://www.rssnewscast.com/fo8o/ - rule_id: 39857 http://www.techchains.info/fo8o/ - rule_id: 39858 http://www.sqlite.org/2018/sqlite-dll-win32-x86-3230000.zip http://www.techchains.info/fo8o/?-g=vefd0teQh+kbruh+iKW53cdcsQD4oFyRDgCUoL90YCYLczV+Hcc/VZ2eVbboy/u5EgiS3CnxBclKZHyNJ/4ALr08/A/SWk5lVGufGp2P4fG4f3GonqE4cYuaa0/JNC0RZIlRWrU=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39858 http://www.elettrosistemista.zip/fo8o/ - rule_id: 39860 http://www.goldenjade-travel.com/fo8o/ - rule_id: 39854 http://www.sqlite.org/2021/sqlite-dll-win32-x86-3340000.zip http://www.kasegitai.tokyo/fo8o/ - rule_id: 39853 http://www.antonio-vivaldi.mobi/fo8o/ - rule_id: 39855 http://www.rssnewscast.com/fo8o/?-g=x3jV/ECx7FuzXOI+6CNaISj98UIEn47HyCIVaqWvGMMqpfz0YC5wNp/pxM1zEFNKv4nPeGfT8/lZrDaJmccs4488pD+gaHK32CxgTEs5a2vdBlM4hQBa8nlaMF5vesFSU19kJNk=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39857 http://www.kasegitai.tokyo/fo8o/?-g=0LNqIGaAWMhMIMLOr1FzuAu+QFTp+Isr9lFre+yu3/9GvRNYi1uHghhDsQ/pqDAQ+wkUrFUIurr7TLyDqzId9vCn3h40hICDSYZjejM1bTxHHnFMxARLyMCZMUhSp6GMEGHL0HI=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39853 http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip http://www.elettrosistemista.zip/fo8o/?-g=bO1UBvtoHFNUmlWB73HniX/lRhcpQxU1qF418M7UHpKKa2cgLZsmK6mwaSCrivds7LXL3uoK+MTOMGhYNdwtdjBMQu6yx1bfgOYvdpbzJPd/eSD2kHjCkD+QxgbYBRdZBXmxn1k=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39860 http://www.goldenjade-travel.com/fo8o/?-g=LFKqyrcu7g1NCa8bIVnmntQ0zrEKrQSprIMLtaWgKJ9bBKQr4dsn0J7ZoYUgIJ+R6Sel8OhXEcHhC7LyM9bkgjIIu2U6i6kbe5asCJcEX28JEcHJIWfCjODnuc7OiogdzaMrHf8=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39854	20 Info www.elettrosistemista.zip(195.110.124.133) - mailcious www.liangyuen528.com() - mailcious www.magmadokum.com(85.159.66.93) - mailcious www.techchains.info(66.29.149.46) - mailcious www.donnavariedades.com(23.227.38.74) - mailcious www.kasegitai.tokyo(202.172.28.202) - mailcious www.3xfootball.com(154.215.72.110) - mailcious www.goldenjade-travel.com(116.50.37.244) - mailcious www.antonio-vivaldi.mobi(46.30.213.191) - mailcious www.rssnewscast.com(91.195.240.94) - mailcious 202.172.28.202 - mailcious 85.159.66.93 - mailcious 116.50.37.244 - mailcious 195.110.124.133 - mailcious 46.30.213.191 - mailcious 66.29.149.46 - mailcious 45.33.6.223 23.227.38.74 - mailcious 91.195.240.94 - phishing 154.215.72.110 - mailcious	3	18 Info http://www.antonio-vivaldi.mobi/fo8o/ http://www.magmadokum.com/fo8o/ http://www.magmadokum.com/fo8o/ http://www.3xfootball.com/fo8o/ http://www.donnavariedades.com/fo8o/ http://www.donnavariedades.com/fo8o/ http://www.3xfootball.com/fo8o/ http://www.rssnewscast.com/fo8o/ http://www.techchains.info/fo8o/ http://www.techchains.info/fo8o/ http://www.elettrosistemista.zip/fo8o/ http://www.goldenjade-travel.com/fo8o/ http://www.kasegitai.tokyo/fo8o/ http://www.antonio-vivaldi.mobi/fo8o/ http://www.rssnewscast.com/fo8o/ http://www.kasegitai.tokyo/fo8o/ http://www.elettrosistemista.zip/fo8o/ http://www.goldenjade-travel.com/fo8o/	7.0	M	45	ZeroCERT

45218	2024-06-09 15:57	8910.unp.exe f8d212919820b46438d8b921fd6e0857 UPX PE File PE32 OS Processor Check					0.2			guest

45219	2024-06-10 10:01	update.exe 5d0fb9d3fcf1a559a5a346ce92cab568 Themida Packer PE64 PE File VirusTotal Malware unpack itself Windows crashed					3.0	M	60	ZeroCERT

45220	2024-06-10 10:01	putty.exe 744f16da7768ed9f66393cb57f760746 PE64 PE File VirusTotal Cryptocurrency Miner Malware Cryptocurrency		2	1		1.4	M	55	ZeroCERT

45221	2024-06-10 10:02	sapsan.exe 53099afa75043ea832b64db81231caff Generic Malware Malicious Library UPX PE64 PE File OS Processor Check VirusTotal Malware Check memory crashed					2.2	M	42	ZeroCERT

45222	2024-06-10 10:04	loki.exe 94af29468388f69f7cb8332883e5e88e Generic Malware Malicious Packer PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory AntiVM_Disk suspicious TLD VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	3	6 Info ET DNS Query to a .top domain - Likely Hostile ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP Request to a .top domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1		8.6	M	66	ZeroCERT

45223	2024-06-10 10:05	timeSync.exe 8f709d3db81945c2261c46827a83d33b Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					2.2	M	48	ZeroCERT

45224	2024-06-10 10:06	Ucxnbz.exe 9399f672f1d34d17a26a1a6336cfdf6a .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows		2	1		3.4	M	34	ZeroCERT

45225	2024-06-10 10:08	Nngraprczwe.exe 9e57a1210d8f8c3be8e109e888eb1cc4 .NET framework(MSIL) PE File .NET EXE PE32 Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows		2	1		3.4	M		ZeroCERT