Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
45286	2024-06-14 07:41	setup%E4%B8%8B%E8%BD%BD%E5%90%... 13f784b718e0d45057b628f504a11235 UPX PE64 PE File DNS	1 Keyword trend analysis	1			2.4			ZeroCERT

45287	2024-06-14 07:43	setup%E4%B8%8B%E8%BD%BD%E5%90%... fecba5d90715f5235477b67cc514855b Generic Malware Malicious Library PE64 PE File DNS	1 Keyword trend analysis	1			2.0			ZeroCERT

45288	2024-06-14 07:44	realtekaft.exe 20878a60ab358f3ce3f3f15245ff85ee Hide_EXE Malicious Library .NET framework(MSIL) Socket Http API HTTP DNS Internet API Anti_VM AntiDebug AntiVM .NET EXE PE32 PE File Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key crashed					8.2	M		ZeroCERT

45289	2024-06-14 07:45	luma22222.exe f4d57589a7db46677d1ced8f8123feda PE32 PE File					0.4	M		ZeroCERT

45290	2024-06-14 07:46	motruhjgmawes.exe 57a6a83482ce2897e8cdec17accbd662 Generic Malware Downloader Malicious Library UPX VMProtect Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE64 PE File OS Processo PDB Code Injection Creates executable files RWX flags setting unpack itself AppData folder Remote Code Execution					4.4	M		ZeroCERT

45291	2024-06-14 07:47	qgtplfgy2.exe 3d033b03106e5b46abde0df781c164d5 Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX Device_File_Check PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows Browser Email ComputerName Software crashed		2	2		7.4	M		ZeroCERT

45292	2024-06-14 07:49	setup%E4%B8%8B%E8%BD%BD%E5%90%... 4dc6a0aa29fc47b343521af82014af0f Malicious Library PE64 PE File DNS crashed	1 Keyword trend analysis	1			2.2	M		ZeroCERT

45293	2024-06-14 07:51	lummac2.exe 6e3d83935c7a0810f75dfa9badc3f199 PE32 PE File					0.4	M		ZeroCERT

45294	2024-06-14 09:17	setup%E7%9B%AE%E5%BD%95%E8%A1%... 7fbc6a95fc41c5bb0fecdd659d641ae9 Malicious Library PE64 PE File VirusTotal Malware DNS	1 Keyword trend analysis	1			2.4		6	ZeroCERT

45295	2024-06-14 09:20	setup%E7%9B%AE%E5%BD%95%E8%A1%... b8cc81e57efd30cab09d0256f79f7098 Malicious Library PE64 PE File VirusTotal Malware DNS	1 Keyword trend analysis	1			2.6		16	ZeroCERT

45296	2024-06-14 09:20	bin2.doc 118072abaca518e6ece93908a9fee1f4 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash suspicious TLD Tofsee Exploit DNS crashed	17 Keyword trend analysis Info http://www.carolinappttery.com/q380/ http://www.ybw73.top/zfmd/?gSDpSqhg=Wy9Xy0arXTA/u2vvBYrKIOUBpzUpOEWJyNtxnnOaFAzOmZ+G/QUaP7IPedalQRfZTnOTlfhQhpBKLAk/X9K39OImH5VRArdmcUQpro/j/mKcwsNXkqPqNRMPQWcketlQaFqDwMQ=&zd=lHTo3CucwT http://www.aritum.top/f2qc/?gSDpSqhg=+PlbwI8tNruUpga2nartzvIoOczIwOvbU1ANxXfMuvMQEzSRrWQM3cmspk1IFvcCMV40t1yig50Ax37YShWjrdIjOvIEgJJROzqkte3OBXYcjah0B7lnBY2SKVXOZr2cpq5/qwU=&zd=lHTo3CucwT http://www.aritum.top/f2qc/ http://www.sqlite.org/2016/sqlite-dll-win32-x86-3140000.zip http://www.ybw73.top/zfmd/ http://www.carolinappttery.com/q380/?gSDpSqhg=ehUrFCKl0QR4T29AJZh5dRT/ZDPm9qTvUW59H2BhLEsiO0kIW28uNcfa56DEKhzH0iD+lYFdD8RRxblUIft60LyxhWLZTQGF9CEZTcwXHMEEzcDS8bPwZbiqnYj5NbIEEA54k2w=&zd=lHTo3CucwT http://www.sjzsls.com/9ypd/ http://www.winnscce.com/xk70/?gSDpSqhg=E9dNAQXSau8gxD7ycO4dLfQfH5YRjq6/aXbIhWqdNKhuK+zum8oLAEgkUh6j+ec/Dsz5NNoJPY83q7uKVhR+kQSzALNmdhL2cm95N3pKuY1dSsInVS8QGD1t6OErSJExWBCOe4E=&zd=lHTo3CucwT http://www.w90dm.top/8ms4/ http://www.ay62m.top/orwn/ http://www.sjzsls.com/9ypd/?gSDpSqhg=Fp4YMLPzXpbUfY9ET0WH3a72p3fXf7YhU2uVF/1Su8SRdO97GHvogqvz+96x72oMEQq3eHyW0zw8RVfXjuFBE/DSpz5ZNszOE2hxgYcLkAt/YsxuqXlLrzOhs3BZhOu+6KXTzoA=&zd=lHTo3CucwT http://www.ay62m.top/orwn/?gSDpSqhg=3cBNLJTm2SpTWV5+FkCnTYkROdg55TQjKQDEk1HDa97easJD35wZE2GMsxRselnzvm7j4PFdEanRmF1YrarFthUoWpYtpzXpGMx8vyWuQ49fEDOcUJzL6xCqo7J2o8DZINEYFF8=&zd=lHTo3CucwT http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip http://www.w90dm.top/8ms4/?gSDpSqhg=udGRhKSFzWywOShfg4LrArlkOSU57jdgfHHoAEODJUB2/fB/f7uvWahs0ChcgR3p3uHY1bC8mP+rUPbsneCLatPp1qyYsRzD0wOOKHTt4GdecEtntAcROmt09OnVjaXmhkctiwE=&zd=lHTo3CucwT http://www.winnscce.com/xk70/ https://dukeenergyltd.top/bin2.scr	16 Info www.aritum.top(203.161.55.102) dukeenergyltd.top(172.67.134.136) - malware www.sjzsls.com(154.212.44.122) - mailcious www.carolinappttery.com(123.58.214.101) www.winnscce.com(123.58.214.101) www.ay62m.top(38.47.207.132) www.ybw73.top(38.47.232.233) www.w90dm.top(38.47.232.178) 38.47.232.178 203.161.55.102 38.47.232.233 154.212.44.122 - mailcious 38.47.207.132 45.33.6.223 172.67.134.136 - malware 123.58.214.101	3		4.4	M	33	ZeroCERT

45297	2024-06-14 09:22	bin1.doc ab6398c625d0ae23c0582ad07d044581 MS_RTF_Obfuscation_Objects RTF File doc Cobalt Strike Cobalt VirusTotal Malware c&c RWX flags setting exploit crash Tofsee Exploit DNS crashed		19 Info dukeenergyltd.top(104.21.25.202) - malware www.ekvassf.store() www.baldjourney.com(35.212.60.56) www.themirrorproject.org() www.planningexcellence.org(104.21.68.117) www.heolty.xyz(162.0.238.43) www.5597043.com(172.66.47.183) www.mildhicky.com(149.88.71.203) www.usebanq.com(198.54.117.242) www.vt0lcffi5.sbs(47.239.13.172) 47.239.13.172 35.212.60.56 172.66.44.73 198.54.117.242 - mailcious 45.33.6.223 172.67.134.136 - malware 149.88.71.203 162.0.238.43 104.21.68.117	4		3.2	M	32	ZeroCERT

45298	2024-06-14 09:24	sharo.scr 3935f15dafdd5edfca70895940dce681 Formbook Generic Malware Malicious Library .NET framework(MSIL) UPX AntiDebug AntiVM .NET EXE PE32 PE File DLL Browser Info Stealer VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself AppData folder malicious URLs Browser		15 Info www.primeplay88.org(91.195.240.19) - mailcious www.mrart.co.kr(183.111.183.31) - mailcious www.99b6q.xyz() - mailcious www.besthomeincome24.com() - mailcious www.xn--matfrmn-jxa4m.se(194.9.94.85) - mailcious www.terelprime.com(66.96.161.166) - mailcious www.kinkynerdspro.blog(94.23.162.163) - mailcious www.aceautocorp.com(198.12.241.35) - mailcious 91.195.240.19 - mailcious 66.96.161.166 - mailcious 54.38.220.85 - mailcious 194.9.94.86 - mailcious 45.33.6.223 183.111.183.31 - mailcious 198.12.241.35 - mailcious	1	12 Info http://www.kinkynerdspro.blog/ufuh/ http://www.kinkynerdspro.blog/ufuh/ http://www.aceautocorp.com/ufuh/ http://www.xn--matfrmn-jxa4m.se/ufuh/ http://www.terelprime.com/ufuh/ http://www.terelprime.com/ufuh/ http://www.aceautocorp.com/ufuh/ http://www.xn--matfrmn-jxa4m.se/ufuh/ http://www.mrart.co.kr/ufuh/ http://www.primeplay88.org/ufuh/ http://www.primeplay88.org/ufuh/ http://www.mrart.co.kr/ufuh/	12.6	M	42	ZeroCERT

45299	2024-06-14 09:24	sharo.doc 8b049d5e850fc75c1cef5edb8fc68feb Formbook MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash unpack itself suspicious TLD Tofsee Exploit DNS crashed		21 Info www.primeplay88.org(91.195.240.19) - mailcious covid19help.top(172.67.175.222) - mailcious www.kinkynerdspro.blog(94.23.162.163) - mailcious www.touchclean.top(67.223.117.189) www.99b6q.xyz() - mailcious www.mrart.co.kr(183.111.183.31) - mailcious www.besthomeincome24.com() - mailcious www.ibistradingco.com(191.101.228.74) www.terelprime.com(66.96.161.166) - mailcious www.xn--matfrmn-jxa4m.se(194.9.94.86) - mailcious www.aceautocorp.com(198.12.241.35) - mailcious 91.195.240.19 - mailcious 67.223.117.189 54.38.220.85 - mailcious 93.127.196.69 66.96.161.166 - mailcious 172.67.175.222 - mailcious 45.33.6.223 194.9.94.85 - mailcious 183.111.183.31 - mailcious 198.12.241.35 - mailcious	7 Info ET DNS Query to a .top domain - Likely Hostile ET HUNTING Suspicious Domain Request for Possible COVID-19 Domain M1 ET INFO HTTP Request to a .top domain ET HUNTING Suspicious TLS SNI Request for Possible COVID-19 Domain M1 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA HTTP Request abnormal Content-Encoding header ET HUNTING Possible COVID-19 Domain in SSL Certificate M2	12 Info http://www.kinkynerdspro.blog/ufuh/ http://www.terelprime.com/ufuh/ http://www.aceautocorp.com/ufuh/ http://www.aceautocorp.com/ufuh/ http://www.xn--matfrmn-jxa4m.se/ufuh/ http://www.mrart.co.kr/ufuh/ http://www.primeplay88.org/ufuh/ http://www.terelprime.com/ufuh/ http://www.xn--matfrmn-jxa4m.se/ufuh/ http://www.primeplay88.org/ufuh/ http://www.mrart.co.kr/ufuh/ http://www.kinkynerdspro.blog/ufuh/	3.6	M	33	ZeroCERT

45300	2024-06-14 09:25	OfferedBuilt.exe 00614852dbe5c98d84c4501702d04e93 NSIS Generic Malware Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows ComputerName					6.4	M		ZeroCERT