Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
46366	2024-07-28 10:53	random.exe 8c0430ee2841a6554d709869a81a375b RedLine stealer RedlineStealer SystemBC Gen1 Themida Packer Generic Malware Downloader UPX Malicious Library .NET framework(MSIL) Malicious Packer Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audi Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Malware Microsoft AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare AppData folder VMware anti-virtualization installed browsers check Tofsee Ransomware Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	8 Keyword trend analysis Info http://185.215.113.16/Jo89Ku7d/index.php http://185.215.113.16/inc/build.exe http://185.215.113.16/inc/crypted.exe http://185.215.113.16/inc/5447jsX.exe http://185.215.113.16/inc/crypteda.exe http://185.215.113.16/inc/25072023.exe http://185.215.113.16/inc/pered.exe http://185.215.113.16/inc/2020.exe	9	16 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET HUNTING Download Request Containing Suspicious Filename - Crypted ET MALWARE Amadey Bot Activity (POST) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		17.8	M	47	ZeroCERT

46367	2024-07-28 14:18	Bin_HookShark64_2011-12-31_19.... 4f19a7e5f8225992821041d0109ffc8c AntiDebug AntiVM VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					4.2		1	guest

46368	2024-07-28 14:48	Bin_HookShark64_2011-12-31_19.... 4f19a7e5f8225992821041d0109ffc8c AntiDebug AntiVM VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.8		1	guest

46369	2024-07-29 13:22	winiti.exe e8b4997fd647c6236e8d6a5460724cee Formbook North Korea Generic Malware Malicious Library .NET framework(MSIL) Antivirus UPX PWS AntiDebug AntiVM PE File .NET EXE PE32 DLL Browser Info Stealer VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder suspicious TLD WriteConsoleW Windows Browser ComputerName DNS Cryptographic key	13 Keyword trend analysis Info http://www.sqlite.org/2017/sqlite-dll-win32-x86-3160000.zip http://www.noghteyab.com/f97t/?UX8=hkoMjg324npAs1ZBeZ8TzD/yod4wthTGeTvgOqr4Vk4zrcx6pPdRyFEwEDn18B/c37XIJfunev42iw6n9kOhHfgC7TNK8DtkFlqbOeckPp33fVEaTkv/0VMweSZvG65qVo/UWng=&_e=jxcPGi4BG http://www.zocalo-fuk.com/iczo/ http://www.zocalo-fuk.com/iczo/?UX8=JY7jtaSJ5x5vzidnjWySlw1C0GfgB4v3ywH460gVL7Ewt7sZ57bbwI6mxyJFGNyl5vwWXeVDvThdvQiyRvynE/Zjj7HkpiyOTqmD4v0kKDcwzqr276eGi6TkYHYmx5vmFqXXwms=&_e=jxcPGi4BG http://www.loangoatworld.com/8y3s/?UX8=m+e1HwtEOOeM4G5NTLK68Gp6Kwp+MY7uBR7SzEsfX5sQt5Y/60pxYxuDgYg2mwpPnMRTzCuNJ1kKNM0TTa/Wnuj7pyZLvslRvIdrySy2NFkwbRUK0Niqet6rEb5EadRpffeEIOc=&_e=jxcPGi4BG http://www.miquwawa.com/tqql/ - rule_id: 41186 http://www.loangoatworld.com/8y3s/ http://www.exporationgenius.sbs/x06k/?UX8=T/qtMR3LKa4LTbjxJENTE1gbHfbcMoDNkQwOkzuXYGM8AEnHwE1BoCD8ihzw/kVeeFO4GyYqoWqmFjylDbVKWJ6wgOd2jmN6i9pg74XS81AjK7oOmIcxjkpvsNU18Pzzy/zqp1g=&_e=jxcPGi4BG - rule_id: 41185 http://www.exporationgenius.sbs/x06k/ - rule_id: 41185 http://www.tcfreal.top/sg27/ http://www.tcfreal.top/sg27/?UX8=cpYt0YSQq6qumPKkPw6QLfXM1KObFctjUwEln5zritMpGV/+kM1tCQF1oqocoz5p4KbVgOmLQvtuRCfM7FFF+QE7cX+gmvJNP2ErFAfMZUG54lXQ6wu+5V3NDlvvWDRsBB/6vdY=&_e=jxcPGi4BG http://www.miquwawa.com/tqql/?UX8=u0XZF227Y/r9f3hnjIOG+jjSMjDg7zLaE5MpTM9c21roNqnsj5Giqo9JdiKVg3NN2RVqT0KrdJuiKB8prP8iYWfx9j8cghYBBFjwmC7Tnk8aYBcBXjkKDK2u4+7cSJR9pJqJ93M=&_e=jxcPGi4BG - rule_id: 41186 http://www.noghteyab.com/f97t/	13 Info www.noghteyab.com(46.105.190.248) www.miquwawa.com(95.169.27.235) - mailcious www.loangoatworld.com(3.33.130.190) www.exporationgenius.sbs(104.21.57.28) - mailcious www.zocalo-fuk.com(157.7.107.37) www.tcfreal.top(203.161.50.128) 104.21.57.28 - mailcious 95.169.27.235 - mailcious 3.33.130.190 - phishing 203.161.50.128 157.7.107.37 45.33.6.223 51.89.93.193	2	4	13.4	M	55	ZeroCERT

46370	2024-07-29 13:23	cp.exe aed4c0c1a8eddddad6e556442795f474 Malicious Library Antivirus UPX PE File .NET EXE PE32 OS Processor Check Lnk Format GIF Format VirusTotal Malware Telegram AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself Check virtual network interfaces AppData folder AntiVM_Disk VM Disk Size Check Tofsee Windows ComputerName DNS keylogger		2	4		6.6		51	ZeroCERT

46371	2024-07-29 13:29	ef.exe 94b423329b05b002507c36396870bb25 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware DNS		2			2.2	M	64	ZeroCERT

46372	2024-07-29 13:32	cred.dll d696e4ee5dac5d3e4b5073359224fcdc Generic Malware Malicious Library UPX Antivirus PE File DLL PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency powershell suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process sandbox evasion installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	3	1		10.0	M	54	ZeroCERT

46373	2024-07-29 13:34	win10.exe 7fa42ffc17069589fd85c3ea2b46a57c Generic Malware Malicious Library Malicious Packer UPX DllRegisterServer dll PE File PE32 MZP Format OS Processor Check DLL JPEG Format VirusTotal Malware AutoRuns Check memory Creates executable files unpack itself AppData folder Tofsee Windows Advertising Google ComputerName DNS DDNS crashed keylogger	3 Keyword trend analysis Info http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download	10 Info drive.usercontent.google.com(142.250.206.193) - mailcious docs.google.com(142.250.76.142) - mailcious www.dropbox.com(162.125.80.18) - mailcious freedns.afraid.org(69.42.215.252) xred.mooo.com() - mailcious 162.125.80.18 - mailcious 38.147.172.248 - mailcious 69.42.215.252 172.217.31.14 142.251.222.193	2		9.2	M	68	ZeroCERT

46374	2024-07-29 13:36	beyondtransfer.exe 99f875d6395b7697228e9cbc8533fdc7 .NET framework(MSIL) PE File .NET EXE PE32 Malware download VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows ComputerName DNS	1 Keyword trend analysis	1	4		5.6	M	58	ZeroCERT

46375	2024-07-29 13:38	3-1.exe 3482f7d0b7c1a3eeca3874bc9a1397ce Generic Malware Malicious Library ASPack UPX Malicious Packer Socket ScreenShot Escalate priviledges PWS SMTP SSL DNS Dynamic Dns Internet API persistence KeyLogger AntiDebug AntiVM DllRegisterServer dll PE File PE32 MZP Format OS Processor Check JPEG For VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities AppData folder malicious URLs sandbox evasion Tofsee Windows Browser Advertising Google ComputerName DNS DDNS crashed keylogger	3 Keyword trend analysis Info http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download	13 Info www.dropbox.com(162.125.80.18) - mailcious drive.usercontent.google.com(142.250.206.193) - mailcious freedns.afraid.org(69.42.215.252) docs.google.com(172.217.25.174) - mailcious xred.mooo.com() - mailcious smtp.163.com(103.129.252.45) 103.129.252.45 162.125.80.18 - mailcious 142.250.71.129 142.250.196.238 38.147.172.248 - mailcious 45.33.6.223 69.42.215.252	3		16.6	M	69	ZeroCERT

46376	2024-07-29 13:38	sa.exe b78d38577f3a1ba9178e7fab5e5bddf6 Antivirus UPX PE File .NET EXE PE32 OS Processor Check Lnk Format GIF Format VirusTotal Malware AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Windows ComputerName DNS keylogger		2			6.8	M	59	ZeroCERT

46377	2024-07-29 13:39	wd.exe d65f5982c1f1f2967fdd91b7f21a5696 Generic Malware Malicious Library Malicious Packer ASPack UPX DllRegisterServer dll PE File PE32 MZP Format OS Processor Check DLL JPEG Format VirusTotal Malware AutoRuns suspicious privilege Creates executable files unpack itself AppData folder sandbox evasion Tofsee Windows Advertising Google ComputerName DNS DDNS crashed keylogger	3 Keyword trend analysis Info http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download	9	2		8.2	M	70	ZeroCERT

46378	2024-07-29 13:42	random.exe a45cd34dab56ce2f61232c79a750374d RedLine stealer Generic Malware EnigmaProtector UPX Malicious Library Code injection Anti_VM AntiDebug AntiVM PE File PE32 OS Processor Check Malware download Amadey VirusTotal Malware AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Checks Bios Detects VMWare AppData folder malicious URLs VMware anti-virtualization human activity check installed browsers check Tofsee Ransomware Windows Exploit Browser ComputerName DNS crashed	3 Keyword trend analysis	4	8 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Packed Executable Download SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		18.6	M	40	ZeroCERT

46379	2024-07-29 13:42	clip64.dll 7d257e3bb8441810561e09092162df73 Amadey Generic Malware Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware Malicious Traffic Checks debugger unpack itself DNS	1 Keyword trend analysis	1	1		3.6	M	57	ZeroCERT

46380	2024-07-29 13:45	main.exe e3e1f7fa42dd68f410bb885f0aefe5e3 Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	64	ZeroCERT