Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
46141	2024-07-20 20:06	butterburnverysweetgirleated.g... 612b79418bc9dee5e9bf503df55a245c Generic Malware Antivirus PowerShell VirusTotal Malware VBScript powershell suspicious privilege Check memory Checks debugger wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key Dropper	2 Keyword trend analysis	4	3	1	10.0	M	5	ZeroCERT

46142	2024-07-20 20:08	hc.hc.hc.hc.hchchchch.doc e677d8183d89a410a3ce59db5a2722d3 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	5	3	1	4.8	M	41	ZeroCERT

46143	2024-07-20 20:08	winiti.exe 9a5faf2d13c1fb4ac9aa52154c3a6dc5 AgentTesla Malicious Library .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed	2 Keyword trend analysis	4	5 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Lookup ip-api.com ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com)		14.4	M	55	ZeroCERT

46144	2024-07-20 20:08	ZHHR.txt.exe fa702e456caa471e2b07df76d37de539 Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check Malware download Remcos VirusTotal Malware Malicious Traffic Check memory Windows keylogger	1 Keyword trend analysis	4	2		3.4		58	ZeroCERT

46145	2024-07-20 20:10	g245x.exe 72cd0c2edee91a3d8e2b8a0b149ded12 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself WriteConsoleW crashed					2.4	M	49	ZeroCERT

46146	2024-07-20 20:11	34v3vz.exe 61547b701d759958b78b75aeca77279c Generic Malware Malicious Library UPX Malicious Packer Anti_VM PE File PE32 OS Processor Check PE64 Malware download VirusTotal Email Client Info Stealer Malware AutoRuns Malicious Traffic WMI Creates executable files Windows utilities Checks Bios suspicious process WriteConsoleW anti-virtualization Windows Email ComputerName DNS	3 Keyword trend analysis Info http://185.196.10.57/ev643v4/api.php?id=5BCCD56859158D5509DEF6EE93BD1D99E583188F0C221CF3349EDF15382DB8F4&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=1898C939111C http://185.196.10.57/ev643v4/api.php?id=5BCCD56859158D5509DEF6EE93BD1D99E583188F0C221CF3349EDF15382DB8F4&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=1898C939111C&tsk=5D9A http://185.216.214.218/Population.exe	2	4		8.6	M	61	ZeroCERT

46147	2024-07-20 20:11	uzopuzbkrpcziwca.txt.vbs 8850ab6fc8518f854ee3d29da8640d0f Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key		1			6.0	M	17	ZeroCERT

46148	2024-07-20 20:12	Population.exe 18bbc3fb86e902afb59c06811a5b01f4 Generic Malware Malicious Library Malicious Packer UPX Anti_VM PE File PE64 OS Processor Check VirusTotal Malware PDB DNS		1			2.6	M	41	ZeroCERT

46149	2024-07-20 20:12	winiti.exe deed9f1fa07445c4e7529c820d42800c AgentTesla .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	2	3		14.2	M	53	ZeroCERT

46150	2024-07-20 20:14	mimilove.exe c67f3497c310c01018f599b3eebae99e Malicious Packer PE File PE32 VirusTotal Malware WriteConsoleW					1.4	M	60	ZeroCERT

46151	2024-07-20 20:15	2.exe cd385c52e6ad2dd6a304839159534b7e Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself					2.0	M	31	ZeroCERT

46152	2024-07-20 20:16	3.0.exe eabbb27aa0d2776fc832a6cca0cef3e3 RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		6.2	M	61	ZeroCERT

46153	2024-07-20 20:16	winiti.exe f077adcb2d6ea5208dc2b37f94d21fc8 AgentTesla .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed	2 Keyword trend analysis	4	5 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Lookup ip-api.com		13.6	M	54	ZeroCERT

46154	2024-07-20 20:19	hn.gn.gn.gngn.gn.gn.gn.doc 5dc44b9ca9e7ce8958b2b6f36cc06ebd MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself IP Check Tofsee Windows Exploit DNS crashed	3 Keyword trend analysis	5	10 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET POLICY External IP Lookup ip-api.com		5.0	M	33	ZeroCERT

46155	2024-07-20 20:19	anony.exe 350292ff12ebe29fc711a05b2b38dc4a RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		6.2	M	60	ZeroCERT