Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
45331	2024-06-15 08:12	Appendix.jpg.lnk b8be125e6f496b0d5856fd4c2b59d778 Generic Malware AntiDebug AntiVM GIF Format Lnk Format Code Injection Check memory buffers extracted Creates shortcut RWX flags setting unpack itself Check virtual network interfaces suspicious process Tofsee Interception	3 Keyword trend analysis	4	1	1	4.6			ZeroCERT

45332	2024-06-15 08:12	Bio Data Form.jpg.lnk e10c8df203a7a195a44ee629fcf0c756 Generic Malware AntiDebug AntiVM GIF Format Lnk Format Code Injection Check memory buffers extracted Creates shortcut RWX flags setting unpack itself Check virtual network interfaces suspicious process Tofsee Interception	3 Keyword trend analysis	4	1	1	5.2			ZeroCERT

45333	2024-06-15 08:13	Dispatch of the APC HMLTV tech... 73a0170ea882989f6ffc3b4726a3ee56 Generic Malware AntiDebug AntiVM GIF Format Lnk Format Code Injection Check memory buffers extracted Creates shortcut RWX flags setting Check virtual network interfaces suspicious process Tofsee Interception	3 Keyword trend analysis	4	1	1	4.8			ZeroCERT

45334	2024-06-15 08:19	test.exe 71687e0babe1e0575c7471b0e696e9d3 UPX PE64 PE File Traffic Potential Scan suspicious privilege Windows utilities WriteConsoleW Windows Exploit DNS		1	3		4.6			ZeroCERT

45335	2024-06-15 08:21	4.exe 24981658666a4f40f07f37bfb48d1372 Malicious Library UPX PE File PE32 OS Processor Check AutoRuns Windows DNS		2	1		3.4	M		ZeroCERT

45336	2024-06-15 08:21	%E5%8C%97%E7%AC%99%E5%87%BA%E8... 596e9b32324853cc471332f6289689bd Generic Malware Malicious Packer Malicious Library ASPack VMProtect UPX DllRegisterServer dll PE File PE32 OS Processor Check DLL Check memory Creates executable files unpack itself AppData folder Remote Code Execution DNS		1			3.2	M		ZeroCERT

45337	2024-06-15 08:22	help.scr 5315d928cff19507f66d59b174280e8a Emotet Generic Malware Malicious Packer Malicious Library UPX Antivirus PE File PE32 OS Processor Check DLL PE64 ftp Cryptocurrency Miner Malware Cryptocurrency Traffic Potential Scan AutoRuns suspicious privilege Malicious Traffic Check memory buffers extracted WMI Creates executable files unpack itself Windows utilities Auto service suspicious process WriteConsoleW Windows Exploit ComputerName Remote Code Execution	2 Keyword trend analysis	3	4		8.6	M		ZeroCERT

45338	2024-06-15 08:26	installer2.exe 5aece647826a6f39a8bb8b17cd4186d6 PE64 PE File DNS		4	1		2.2			ZeroCERT

45339	2024-06-15 08:30	amadka.exe 5a12fd39ea2482c5ef29e1ca1fe5c083 Amadey Gen1 RedLine stealer RedlineStealer Lumma Stealer Generic Malware Themida Packer Malicious Library UPX Downloader Malicious Packer Antivirus .NET framework(MSIL) ScreenShot Http API PWS Code injection Anti_VM AntiDebug AntiVM PE File PE32 P Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Cryptocurrency Miner Malware powershell Microsoft AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Detects VMWare powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs suspicious TLD WriteConsoleW VMware anti-virtualization IP Check human activity check installed browsers check Tofsee Stealer Windows Exploit Browser RisePro ComputerName DNS Cryptographic key Software crashed Downloader CoinMiner	12 Keyword trend analysis Info http://185.172.128.19/b2c2c1.exe http://185.172.128.19/NewKindR.exe http://185.172.128.19/ghsdh39s/index.php - rule_id: 38300 http://77.91.77.81/Kiru9gu/index.php - rule_id: 40037 http://147.45.47.155/ku4Nor9/index.php http://185.172.128.19/FirstZ.exe - rule_id: 39930 http://apps.identrust.com/roots/dstrootcax3.p7c http://77.91.77.81/lend/setup222.exe http://x1.i.lencr.org/ http://77.91.77.81/lend/servoces64.exe https://d1i94yju6i4l9g.cloudfront.net/setup.exe https://db-ip.com/demo/home.php?s=175.208.134.152	24 Info xmr-eu1.nanopool.org(146.59.154.106) - mailcious db-ip.com(104.26.4.15) kmsandallapp.ru(31.31.198.35) - mailcious d1i94yju6i4l9g.cloudfront.net(18.244.65.58) ipinfo.io(34.117.186.192) x1.i.lencr.org(23.52.33.11) pastebin.com(104.20.3.235) - mailcious boredombusters.online(104.21.44.95) zeph-eu2.nanopool.org(163.172.171.111) - mailcious 182.162.106.33 - malware 51.15.89.13 147.45.47.126 - mailcious 163.172.154.142 - mailcious 18.244.65.161 185.172.128.19 - mailcious 23.41.113.9 172.67.198.131 34.117.186.192 147.45.47.155 - malware 77.91.77.81 - mailcious 31.31.198.35 - mailcious 104.26.5.15 172.67.19.24 - mailcious 185.215.113.67 - mailcious	22 Info ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner)	3	28.4	M		ZeroCERT

45340	2024-06-16 09:55	999999.exe 2b6bdd0a18e76a5df3a867a49f951125 Backdoor Farfli Hide_EXE Generic Malware Malicious Library UPX PE File PE32 DLL OS Processor Check VirusTotal Malware AutoRuns Check memory Creates executable files Windows utilities suspicious process AppData folder sandbox evasion WriteConsoleW Windows DNS		1			7.2	M	69	ZeroCERT

45341	2024-06-16 09:56	8989.exe 7d8056785948284e8f6b89004886c936 Backdoor Farfli Hide_EXE Generic Malware Malicious Library UPX PE File PE32 DLL OS Processor Check VirusTotal Malware AutoRuns Check memory Creates executable files Windows utilities suspicious process AppData folder sandbox evasion WriteConsoleW Windows DNS		1			7.8	M	66	ZeroCERT

45342	2024-06-16 09:58	sc.exe 1c7ce77089b1bc88099485ff0c30a928 Malicious Packer Malicious Library UPX PE64 PE File					0.6	M		ZeroCERT

45343	2024-06-16 09:59	%E5%A4%A7JJ.exe d436dc7faa63db35b10524ac82ab7631 Generic Malware Malicious Library Downloader ASPack UPX Malicious Packer Anti_VM DllRegisterServer dll PE File PE32 OS Processor Check VirusTotal Malware Creates executable files ICMP traffic unpack itself Windows utilities AppData folder WriteConsoleW installed browsers check Windows Browser Remote Code Execution		4	1		6.8	M	68	ZeroCERT

45344	2024-06-16 10:00	x86_0923_1.exe 95996d628e7f15ed7290902c879aa81b Generic Malware Malicious Packer Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware AutoRuns PDB suspicious privilege sandbox evasion WriteConsoleW Windows Advertising Remote Code Execution Firmware DNS crashed		1			7.4	M	26	ZeroCERT

45345	2024-06-16 10:02	appst.exe f05da219bf720502ed4a9d17c7bbcb65 Generic Malware Malicious Library UPX PE64 PE File VirusTotal Malware Check memory unpack itself					1.0		5	ZeroCERT