Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
45301	2024-06-14 09:27	onecommander.exe 55757364d854adc3fc1e5cb59532f1c3 Generic Malware Malicious Library Malicious Packer UPX PE64 DllRegisterServer dll PE File OS Processor Check DNS crashed		1			0.8	M		ZeroCERT

45302	2024-06-14 09:27	ransom.exe 425a94ea0db7c1fb84b3abeaed25784b Icarus Stealer Emotet Gen1 Generic Malware Malicious Library UPX Admin Tool (Sysinternals etc ...) Malicious Packer Anti_VM PE64 ftp PE File OS Processor Check DLL DllRegisterServer dll ZIP Format Malware Check memory Creates executable files Ransomware DNS		1			2.2			ZeroCERT

45303	2024-06-14 09:27	client.exe 866ad295aff7b5f29b44040b98c6994d Gen1 Generic Malware ASPack Malicious Library UPX Anti_VM PE64 ftp PE File OS Processor Check DLL ZIP Format Malware Check memory Creates executable files unpack itself Ransomware					2.6			ZeroCERT

45304	2024-06-14 09:28	steal.exe 1db2c9b7cd800917493a1439dcfa8eb6 Emotet Gen1 Generic Malware ASPack Malicious Library UPX Admin Tool (Sysinternals etc ...) Anti_VM PE64 ftp PE File OS Processor Check DLL DllRegisterServer dll ZIP Format VirusTotal Malware Check memory Creates executable files unpack itself crashed					2.4		23	ZeroCERT

45305	2024-06-14 09:28	setup%E4%B8%8B%E8%BD%BD%E5%90%... 2b2690881f0030510504113baf20831b Malicious Library PE64 PE File VirusTotal Malware DNS		1			3.2	M	47	ZeroCERT

45306	2024-06-14 09:41	setup%E4%B8%8B%E8%BD%BD%E5%90%... 8ece12bccc4c83c2ec683a7d5a7dc348 Malicious Library PE64 PE File VirusTotal Malware DNS	1 Keyword trend analysis	1			3.2		46	ZeroCERT

45307	2024-06-14 09:42	setup%E4%B8%8B%E8%BD%BD%E5%90%... 50c43ce25a63eb9f2c4b74e215be8135 Generic Malware Malicious Library PE64 PE File Malware download VirusTotal Malware Malicious Traffic Downloader	11 Keyword trend analysis Info http://cwgedu.cn/diangong/diangong/diangong/diangong/diangong/diangong/diangong/diangong/diangong/diangong/123.conf http://cwgedu.cn/diangong/diangong/diangong/diangong/diangong/123.conf http://cwgedu.cn/diangong/diangong/diangong/diangong/123.conf http://cwgedu.cn/diangong/diangong/diangong/diangong/diangong/diangong/diangong/diangong/123.conf http://cwgedu.cn/diangong/diangong/diangong/123.conf http://cwgedu.cn/diangong/diangong/diangong/diangong/diangong/diangong/123.conf http://cwgedu.cn/diangong/123.conf http://cwgedu.cn/diangong/diangong/diangong/diangong/diangong/diangong/diangong/123.conf http://cwgedu.cn/diangong/diangong/123.conf http://8.134.239.3/123.conf http://cwgedu.cn/diangong/diangong/diangong/diangong/diangong/diangong/diangong/diangong/diangong/123.conf	2	1		2.0		53	ZeroCERT

45308	2024-06-14 09:43	setup%E4%B8%8B%E8%BD%BD%E5%90%... e52c00bdc49c2e842a573532762c5f0b Generic Malware Malicious Library PE64 PE File Malware download VirusTotal Malware Malicious Traffic unpack itself DNS crashed Downloader	1 Keyword trend analysis	1	1		3.6	M	50	ZeroCERT

45309	2024-06-14 09:43	setup%E4%B8%8B%E8%BD%BD%E5%90%... 7ff7c6f0c4233bc3c77cdb833764af21 Generic Malware UPX PE64 PE File VirusTotal Malware Check memory DNS crashed		1			4.0	M	50	ZeroCERT

45310	2024-06-14 09:45	setup%E4%B8%8B%E8%BD%BD%E5%90%... 0a31329b6172776635649ab5005c4671 Generic Malware Malicious Library Antivirus UPX PE64 PE File OS Processor Check Emotet Malware download NetWireRC VirusTotal Malware Code Injection unpack itself sandbox evasion Anonymous RAT DNS		1	1		6.0	M	43	ZeroCERT

45311	2024-06-14 10:16	theporndude.exe 97b47da3b16adb27c0ad00f1d5f7e112 Generic Malware Malicious Library Malicious Packer UPX PE64 DllRegisterServer dll MSOffice File PE File OS Processor Check VirusTotal Malware crashed					1.4		47	ZeroCERT

45312	2024-06-14 10:18	zardsystemschange.exe 414d550d9c7fed5b71913ed7e4dd967b Generic Malware Malicious Library Malicious Packer UPX PE64 DllRegisterServer dll PE File OS Processor Check VirusTotal Malware crashed					1.4		44	ZeroCERT

45313	2024-06-14 10:46	file.rar c6479683dc4b3a056b853c2f66e20998 Escalate priviledges PWS KeyLogger AntiDebug AntiVM Malware download Cryptocurrency Miner Malware Telegram suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check Tofsee Windows Discord RisePro DNS CoinMiner	10 Keyword trend analysis Info http://5.42.66.10/download/th/space.php - rule_id: 39944 http://77.91.77.80/rome/kenzo.exe - rule_id: 40187 http://5.42.99.177/api/crazyfish.php - rule_id: 40006 http://apps.identrust.com/roots/dstrootcax3.p7c http://5.42.99.177/api/twofish.php - rule_id: 40008 http://88.218.93.76/d/385135 - rule_id: 40184 http://5.42.66.10/download/123p.exe - rule_id: 39935 https://lop.foxesjoy.com/ssl/crt.exe - rule_id: 40188 https://steamcommunity.com/profiles/76561199699680841 https://db-ip.com/demo/home.php?s=	36 Info db-ip.com(172.67.75.166) pool.hashvault.pro(131.153.76.130) - mailcious cdn-download.avgbrowser.com(104.100.168.115) api64.ipify.org(173.231.16.77) api.myip.com(104.26.9.59) steamcommunity.com(23.66.133.162) - mailcious lop.foxesjoy.com(104.21.66.124) - malware t.me(149.154.167.99) - mailcious iplogger.org(104.21.4.208) - mailcious ipinfo.io(34.117.186.192) bitbucket.org(104.192.141.1) - malware cdn.discordapp.com(162.159.133.233) - malware vk.com(93.186.225.194) - mailcious raw.githubusercontent.com(185.199.111.133) - malware 185.199.109.133 - mailcious 87.240.129.133 - mailcious 104.26.5.15 104.21.4.208 147.45.47.126 - mailcious 23.1.179.144 - mailcious 34.117.186.192 121.254.136.18 23.43.165.105 149.154.167.99 - mailcious 104.21.66.124 - malware 65.109.240.138 104.237.62.213 5.42.99.177 - mailcious 5.42.66.10 - malware 104.192.141.1 - mailcious 23.52.128.153 125.253.92.50 162.159.134.233 - malware 104.26.9.59 77.91.77.80 - malware 88.218.93.76 - mailcious	25 Info ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO Observed Discord Domain (discordapp .com in TLS SNI) SURICATA Applayer Mismatch protocol both directions ET INFO TLS Handshake Failure ET INFO Executable Download from dotted-quad Host ET DROP Spamhaus DROP Listed Traffic Inbound group 1 ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET INFO Packed Executable Download ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING Redirect to Discord Attachment Download ET INFO EXE - Served Attached HTTP ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET INFO Observed Telegram Domain (t .me in TLS SNI) ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) SURICATA Applayer Wrong direction first Data	7	4.2	M		ZeroCERT

45314	2024-06-14 10:55	RFQ#ORDER-SP-24-0217891-003.do... 527d1b34d5c5759d38b6496008e379b1 NSIS Malicious Library UPX PE32 PE File DLL JPEG Format VirusTotal Malware Check memory Creates executable files unpack itself AppData folder DNS		1			3.2		34	ZeroCERT

45315	2024-06-14 13:29	lummac2.exe 6e3d83935c7a0810f75dfa9badc3f199 Lumma Stealer PE File PE32 VirusTotal Malware					1.6	M	60	r0d