Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
46351	2024-07-27 14:57	pi.exe 1e8a2ed2e3f35620fb6b8c2a782a57f3 Generic Malware Downloader Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX PE File PE32 Malware download VirusTotal Malware AutoRuns Malicious Traffic Checks debugger ICMP traffic Disables Windows Security Windows DNS	5 Keyword trend analysis	23 Info www.update.microsoft.com(20.72.235.82) 109.74.69.43 146.70.157.241 189.189.144.10 139.228.82.249 185.215.113.66 - malware 189.155.227.203 188.253.78.49 94.26.222.31 37.255.117.80 46.161.246.13 91.218.161.58 85.174.56.227 178.155.39.80 188.211.107.239 82.194.10.4 151.233.235.104 178.88.82.240 146.70.80.37 178.89.227.41 20.109.209.108 95.181.135.151 46.100.58.92	2	5	9.2	M	65	ZeroCERT

46352	2024-07-27 14:59	creamthingstohappenedgetmeback... e03f3290788de4d7a103f16b780b3cce MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Exploit DNS crashed		1			5.2	M	37	ZeroCERT

46353	2024-07-27 14:59	createdgoodthingstogetmebackth... 9f63ee5ef179cfcf56619e1c9d44447a MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed	1 Keyword trend analysis	1			4.6	M	38	ZeroCERT

46354	2024-07-27 15:02	funtogetbacktomeforgetbacktoge... f179217f7e89dea23f1a01c29fc61659 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed	1 Keyword trend analysis	1			4.6	M	38	ZeroCERT

46355	2024-07-27 15:02	iamtotalnewpersontogetmebackwi... 25a6c39dbc117a7596c857dbec4e5d93 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed	1 Keyword trend analysis	1			4.8	M	40	ZeroCERT

46356	2024-07-27 15:03	HNBC.txt.exe 2b985c758a227407855e1d8e14f8863d Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Remcos VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check Windows Browser Email ComputerName DNS DDNS keylogger	1 Keyword trend analysis	4	3		11.4		59	ZeroCERT

46357	2024-07-27 15:07	LMTS.txt.exe 3ad8cb387874a15488508bf269fd2520 Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX Antivirus ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Malware download Remcos VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check installed browsers check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS keylogger	1 Keyword trend analysis	8	7 Info ET INFO DYNAMIC_DNS Query to a .duckdns .org Domain ET INFO DYNAMIC_DNS Query to .duckdns. Domain SURICATA TLS invalid record type SURICATA TLS invalid record/traffic SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Remcos 3.x Unencrypted Checkin ET MALWARE Remcos 3.x Unencrypted Server Response		18.4		59	ZeroCERT

46358	2024-07-27 20:30	YesTraderRun.exe 0c95469e9ee3bc62c0678d7ae0bed71c Themida Packer Generic Malware Anti_VM PE File PE32 VirusTotal Malware					1.4		2	guest

46359	2024-07-28 10:34	DecryptJohn.exe c1853d1c36dc461668c9af843d07cc58 Generic Malware Malicious Library Malicious Packer UPX PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder crashed					3.4	M	50	ZeroCERT

46360	2024-07-28 10:34	dccrypt.exe 55398a65a9d1abb512e943a0d8901cb0 Generic Malware Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check .NET EXE VirusTotal Malware PDB Code Injection Check memory Checks debugger Creates executable files unpack itself WriteConsoleW Remote Code Execution crashed					6.4	M	57	ZeroCERT

46361	2024-07-28 10:36	build_2024-07-25_20-56.exe bea49eab907af8ad2cbea9bfb807aae2 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					1.8	M	53	ZeroCERT

46362	2024-07-28 10:36	Display1.exe 88696cf17417a2339b63f9452404c839 Generic Malware task schedule Malicious Library WinRAR UPX AntiDebug AntiVM PE File PE32 OS Processor Check .NET EXE VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder WriteConsoleW ComputerName Remote Code Execution crashed					8.6	M	28	ZeroCERT

46363	2024-07-28 10:40	recreatednewthingswithentriene... 0a9c028203a8416be8db7371550d0fb5 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself suspicious TLD Windows Exploit DNS crashed	14 Keyword trend analysis Info http://104.219.239.104/80/winiti.exe http://www.sqlite.org/2016/sqlite-dll-win32-x86-3110000.zip http://www.hourglasspoise.net/5gvb/ http://www.asymtos.tech/34b9/?_aRhhan=W6RiSnxSk7sWUyAWvsuBUQf3TLDMvpVwUriP78iMWJLg9pjq2qbXoN6eJJBee+3TNvEAo0P2a/B9rNSGOSr+g5jIYLHfTFZsXGTqlaF0jUedL/CiwqWjEQX6GQUFudPhspdJ5Ls=&my_=BkIk6xdg http://www.accelbusiness.net/sg0d/?_aRhhan=ZFII8SVAvGzgMmVXToVI4LwsaVgSRAPMY6hEAWMgzd/rbIPLPNZ+lpDrj56GxiOWRiizuXBqoJ7dds0AusnvIdaVAlrc/osgyVUIbfwB8yhx2m5WAGulmI8my104pwb/sqeANsY=&my_=BkIk6xdg http://www.lontos.top/ukrf/?_aRhhan=F/tpX3aJNzQcZIorwbtn4XzXZf0a/CrYoWsqF027uxYn9zYWtTXD5RI4AWcWVnLyOuVjbatHjcymGXUCp/2iE/8I1+t1d0MzMQiJ/YLZDKzAaLFDJakAPmxPg9uDu26TEYHLTo4=&my_=BkIk6xdg http://www.asymtos.tech/34b9/ http://www.bosonserver.net/x10g/?_aRhhan=AtIpZIbrclbIO3wVV4nf5MkbKr3zgThFYZcx/yn27KMXet/sCHbTSg7iXdN1LprNnU90TGJjlk60YPXU/gV8xNKsA5d5wJ0kF02lQrh6bPl2Ka0ee+60c3gL6UuubkfRvx1R8AU=&my_=BkIk6xdg http://www.theiconsummit.life/6fdz/?_aRhhan=Oie1FXKEyOqxuNWWyjoIb9DaNOxncG0Z1Eay2KtVdEC34I4dz//PFxK656i6sULSR99flzaSlbWC6MMpR37rak2rbcKEmCHEFn0mJCNpP5WZ+he/mmH/AJ6z3o1TiNYnnRR6Wlk=&my_=BkIk6xdg http://www.bosonserver.net/x10g/ http://www.hourglasspoise.net/5gvb/?_aRhhan=/cc9D7vqfViixqGthiuMbdR5vErImywOC8ezpB4FmcTpRtjTbyPN8oLjmjUaYTUAZZsBqqPA4LzpXUrs3zKz1+bcJTGwBkjtMfI/kGKzlFznEvk/PsID24fmvZA2hoz8baldBw0=&my_=BkIk6xdg http://www.accelbusiness.net/sg0d/ http://www.lontos.top/ukrf/ http://www.theiconsummit.life/6fdz/	13 Info www.hourglasspoise.net(15.197.148.33) www.theiconsummit.life(15.197.148.33) www.lontos.top(203.161.42.162) www.accelbusiness.net(3.33.130.190) www.asymtos.tech(217.160.164.240) www.bosonserver.net(195.200.3.58) 15.197.148.33 - mailcious 3.33.130.190 - phishing 104.219.239.104 - mailcious 217.160.164.240 195.200.3.58 203.161.42.162 45.33.6.223	9 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO HTTP Request to a .top domain ET INFO Observed DNS Query to .life TLD ET INFO HTTP Request to Suspicious .life Domain ET DNS Query to a *.top domain - Likely Hostile		5.4	M	39	ZeroCERT

46364	2024-07-28 10:40	random.exe 7e43d787c0813212855c05d5cc4b1752 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself					2.0	M	38	ZeroCERT

46365	2024-07-28 10:42	winiti.exe 1f5c95d40c06c01300f0a6592945a72d Generic Malware Malicious Library UPX PWS AntiDebug AntiVM PE File .NET EXE PE32 DLL Browser Info Stealer VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder Browser DNS	12 Keyword trend analysis Info http://www.accelbusiness.net/sg0d/?LDcoL=ZFII8SVAvGzgMmVXToVI4LwsaVgSRAPMY6hEAWMgzd/rbIPLPNZ+lpDrj56GxiOWRiizuXBqoJ7dds0AusnvIdaVAlrc/osgyVUIbfwB8yhx2m5WAGulmI8my104pwb/sqeANsY=&tzW0=VCPfEuN http://www.hourglasspoise.net/5gvb/?LDcoL=/cc9D7vqfViixqGthiuMbdR5vErImywOC8ezpB4FmcTpRtjTbyPN8oLjmjUaYTUAZZsBqqPA4LzpXUrs3zKz1+bcJTGwBkjtMfI/kGKzlFznEvk/PsID24fmvZA2hoz8baldBw0=&tzW0=VCPfEuN http://www.lontos.top/ukrf/ http://www.sqlite.org/2016/sqlite-dll-win32-x86-3100000.zip http://www.bosonserver.net/x10g/?LDcoL=AtIpZIbrclbIO3wVV4nf5MkbKr3zgThFYZcx/yn27KMXet/sCHbTSg7iXdN1LprNnU90TGJjlk60YPXU/gV8xNKsA5d5wJ0kF02lQrh6bPl2Ka0ee+60c3gL6UuubkfRvx1R8AU=&tzW0=VCPfEuN http://www.asymtos.tech/34b9/ http://www.lontos.top/ukrf/?LDcoL=F/tpX3aJNzQcZIorwbtn4XzXZf0a/CrYoWsqF027uxYn9zYWtTXD5RI4AWcWVnLyOuVjbatHjcymGXUCp/2iE/8I1+t1d0MzMQiJ/YLZDKzAaLFDJakAPmxPg9uDu26TEYHLTo4=&tzW0=VCPfEuN http://www.bosonserver.net/x10g/ http://www.accelbusiness.net/sg0d/ http://www.asymtos.tech/34b9/?LDcoL=W6RiSnxSk7sWUyAWvsuBUQf3TLDMvpVwUriP78iMWJLg9pjq2qbXoN6eJJBee+3TNvEAo0P2a/B9rNSGOSr+g5jIYLHfTFZsXGTqlaF0jUedL/CiwqWjEQX6GQUFudPhspdJ5Ls=&tzW0=VCPfEuN http://www.theiconsummit.life/6fdz/ http://www.hourglasspoise.net/5gvb/	12 Info www.hourglasspoise.net(3.33.130.190) www.theiconsummit.life(3.33.130.190) www.lontos.top(203.161.42.162) www.accelbusiness.net(3.33.130.190) www.asymtos.tech(217.160.164.240) www.bosonserver.net(195.200.3.58) 195.200.3.58 3.33.130.190 - phishing 217.160.164.240 15.197.148.33 - mailcious 203.161.42.162 45.33.6.223	4		10.0	M	53	ZeroCERT