Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
46186	2024-07-22 07:49	Build.exe 17db34e555e545ce20f804526a31ed48 Generic Malware Malicious Library .NET framework(MSIL) UPX Antivirus PE File .NET EXE PE32 OS Processor Check Malware powershell suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	5 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 13 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		7.4	M		ZeroCERT

46187	2024-07-22 09:10	svhosts.exe d39a20fd19892439847037745f81a036 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Telegram AutoRuns Tofsee Windows ComputerName DNS		2	4		2.6		38	ZeroCERT

46188	2024-07-22 09:30	567jn7x.exe e8a1d35e54a6982c175c4351f3ce0dcd Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself crashed					2.8		49	ZeroCERT

46189	2024-07-22 10:14	get.exe a507dfa5bc805e574236ee0b0c61a5db Generic Malware PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege MachineGuid Check memory Checks debugger unpack itself					2.2	M	17	r0d

46190	2024-07-22 11:11	ou.ou.ou.ou.ou.doc 034e661a8a618c2a1596205d982f769d MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	3 Keyword trend analysis	4	5 Info ET INFO Pastebin-like Service Domain in DNS Lookup (pastecode .dev) ET INFO Observed Pastebin-like Service Domain (pastecode .dev) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Base64 Encoded MZ In Image ET MALWARE Malicious Base64 Encoded Payload In Image	2	4.6	M	37	ZeroCERT

46191	2024-07-22 11:12	6699582c986e9_appdrivevideo.ex... ba45cf8e20d509ee5785cc22413570cd North Korea Malicious Library .NET framework(MSIL) UPX Socket Http API PWS HTTP DNS Internet API AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key					9.0		53	ZeroCERT

46192	2024-07-22 11:13	Oxdmnmj-OLD-2.pif 414dc5eb0c47614a9992cb197e7c2629 Generic Malware Malicious Library Antivirus PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process AppData folder Windows ComputerName Cryptographic key					5.4	M	62	ZeroCERT

46193	2024-07-22 11:14	setup.exe 37a7d7b85bfa476e27f2c32666072fc5 Malicious Library PE File PE32 VirusTotal Malware Checks debugger WMI Creates executable files RWX flags setting unpack itself Checks Bios anti-virtualization ComputerName					4.6	M	37	ZeroCERT

46194	2024-07-22 11:15	Mfceum-4.pif 2ca5492f9dbcdaab3facf1768cae5c6d PE File PE64 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself					2.6	M	49	ZeroCERT

46195	2024-07-22 11:16	CyptpaSPOOFER-2.exe e60b4a9e303e2defab24d4566a58dddb Generic Malware Malicious Library Antivirus PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process AppData folder Windows ComputerName Cryptographic key					4.8	M	62	ZeroCERT

46196	2024-07-22 11:18	CyptpaSPOOFER-3.exe 568785aab4859695ba4937361569b23e Generic Malware Malicious Library Antivirus PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process AppData folder Windows ComputerName Cryptographic key					5.4		57	ZeroCERT

46197	2024-07-22 11:18	Nyexjpw-TORRENTOLD.pif f309fc0fa9fe3fa240901a71700ae650 Generic Malware Antivirus PE File .NET EXE PE32 VirusTotal Malware Buffer PE PDB suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process AppData folder Windows ComputerName Cryptographic key					6.0	M	57	ZeroCERT

46198	2024-07-22 11:20	arch.ps1 0427dd4115ad876e9f188d808022d190 Generic Malware Antivirus PE File DLL PE32 .NET DLL VirusTotal Malware powershell Buffer PE AutoRuns suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName Cryptographic key					9.8	M	3	ZeroCERT

46199	2024-07-22 11:20	Systray.ps1 628dd8d3aef4624a70735ca05cd4d2ed Generic Malware Antivirus PE File DLL PE32 .NET DLL VirusTotal Malware Buffer PE Check memory buffers extracted Creates executable files unpack itself Windows utilities AppData folder WriteConsoleW Windows Cryptographic key					5.0	M	12	ZeroCERT

46200	2024-07-22 11:22	cred.dll 765ad3b71d73ed1ae9e4fb004876837e Amadey Generic Malware Malicious Library UPX Antivirus PE File DLL PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency powershell suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process sandbox evasion installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	1		1	10.0	M	56	ZeroCERT