Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
46216	2024-07-22 17:52	Botkiller.exe a668cb93c16026b6ee15b96dbd13d64f njRAT backdoor Malicious Library PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Checks debugger WMI Creates shortcut Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS		1			8.2	M	55	ZeroCERT

46217	2024-07-22 17:54	File.exe e299e50bda0214f3f8c8bc4931300be4 Emotet Hide_EXE Malicious Library Anti_VM PE File PE64 VirusTotal Malware Check memory Checks debugger unpack itself WriteConsoleW					2.2	M	28	ZeroCERT

46218	2024-07-23 07:38	215.exe 5824dfdc189116156a9619a5af980de4 Emotet Generic Malware Malicious Library Malicious Packer UPX PE File ftp PE32 OS Processor Check PNG Format Malware PDB Malicious Traffic Check memory unpack itself Tofsee ComputerName Remote Code Execution DNS	1 Keyword trend analysis	3	1		4.4			ZeroCERT

46219	2024-07-23 07:40	223.exe ef60acf75c0376b0b966fa79c0eb3b7b Generic Malware Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE File suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName					6.0			ZeroCERT

46220	2024-07-23 07:42	file200h.exe 5cc9482bfa632c0f5bdc71c9e3d9e123 Generic Malware Malicious Library Malicious Packer Antivirus UPX AntiDebug AntiVM PE File PE64 OS Processor Check PE32 Malware download Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs suspicious TLD Tofsee Windows ComputerName Remote Code Execution Trojan DNS Cryptographic key	4 Keyword trend analysis	8	7 Info ET DNS Query for .su TLD (Soviet Union) Often Malware Related SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Single char EXE direct download likely trojan (multiple families) ET INFO Executable Served From /tmp/ Directory - Malware Hosting Behaviour ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	2	11.4	M		ZeroCERT

46221	2024-07-23 07:46	Set-up.exe 5e5cfcf7fc4abf0b0b887d2e6784f4d3 Generic Malware Admin Tool (Sysinternals etc ...) UPX PE File PE32 Browser Info Stealer Malware download Malware Malicious Traffic Check memory buffers extracted Collect installed applications suspicious TLD anti-virtualization installed browsers check CryptBot Browser ComputerName DNS	1 Keyword trend analysis	2	3		5.0			ZeroCERT

46222	2024-07-23 09:03	21513740a2701f9a5d664c807b9fbf... 2a9a5dad56900d368eb68b4b10281d12 ZIP Format								ZeroCERT

46223	2024-07-23 09:05	mscorsvc.dll eb29329de4937b34f218665da57bcef4 Browser Login Data Stealer Generic Malware Malicious Library UPX PE File ftp DLL PE64 OS Processor Check VirusTotal Malware PDB Check memory unpack itself					1.6		10	ZeroCERT

46224	2024-07-23 09:05	New_Recovery_Tool_to_help_with... dd2100dfa067caae416b885637adc4ef VBA_macro Generic Malware Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM Word 2007 file format(docx) ZIP Fo VirusTotal Malware Code Injection Check memory Checks debugger unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName crashed	1 Keyword trend analysis				7.8		33	ZeroCERT

46225	2024-07-23 09:10	Hkr1RNIlYyM4nwwskttpcl5yFUnv3m... af526914b1724469467f85ae09e90f3e crashed					0.2			guest

46226	2024-07-23 09:45	EditPro_Installer-release-.exe 259e8e6a1ebcd7659996e4490be5d72e Emotet Generic Malware Malicious Library UPX PE File PE32 MZP Format OS Processor Check DLL PE64 VirusTotal Malware Checks debugger Creates executable files unpack itself AppData folder ComputerName crashed					3.0		3	ZeroCERT

46227	2024-07-23 09:47	installer1.2.25-release-.exe 9025c7822ccaadddb5fa97a444f98e05 Emotet Generic Malware Malicious Library UPX PE File PE32 MZP Format OS Processor Check DLL PE64 VirusTotal Malware Checks debugger Creates executable files unpack itself AppData folder ComputerName crashed					3.0		3	ZeroCERT

46228	2024-07-23 10:10	inject.txt.exe 03bed904291f531fc5381307e361b70f Malicious Packer PE File DLL PE64 VirusTotal Malware unpack itself DNS		1	1		2.2	M	55	r0d

46229	2024-07-23 10:20	jquery.touchSwipe.min.js 922564a780ae76ce4e5ca418901797d6 crashed					0.2			ZeroCERT

46230	2024-07-23 11:37	Update.js 015f9a818b239f52fff35740eb74cb80 VBScript wscript.exe payload download Tofsee Dropper	1 Keyword trend analysis	2	2		10.0			guest