Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
46801	2024-08-08 14:07	Dropper.exe 5341c5bb13ae2b2753b2fdadcf93aa51 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware PDB crashed					1.6	M	32	ZeroCERT

46802	2024-08-08 14:09	rat.exe 1db146fcedaecd4bc84186d1ad75e7ba Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself	1 Keyword trend analysis				2.0	M	63	ZeroCERT

46803	2024-08-08 14:09	latest.exe 664cebe18c30cc4c32a4dbf0715bf864 Generic Malware Downloader Malicious Library UPX ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check JPEG Format DllRegisterServer dll DLL VirusTotal Malware Code Injection Check memory Creates executable files AppData folder AntiVM_Disk VM Disk Size Check					4.2	M	26	ZeroCERT

46804	2024-08-08 14:11	www.exe 7cab3f98a04b09bc2673f84bbccd6a63 UPX PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself sandbox evasion Tofsee ComputerName DNS			2		5.2	M	43	ZeroCERT

46805	2024-08-08 14:23	sahost.exe e3b7b813fdaeba4ef1d1b17bc827df20 Formbook Generic Malware Malicious Library .NET framework(MSIL) UPX AntiDebug AntiVM PE File .NET EXE PE32 DLL Browser Info Stealer VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder suspicious TLD Browser DNS	13 Keyword trend analysis Info http://www.hourglasspoise.net/5gvb/?gkJb=/cc9D7vqfViixqGthiuMbdR5vErImywOC8ezpB4FmcTpRtjTbyPN8oLjmjUaYTUAZZsBqqPA4LzpXUrs3zKz1+bcJTGwBkjtMfI/kGKzlFznEvk/PsID24fmvZA2hoz8baldBw0=&EjQU=FuDkP7Tse-i7U - rule_id: 41514 http://www.theiconsummit.life/6fdz/ - rule_id: 41517 http://www.lontos.top/ukrf/ - rule_id: 41516 http://www.hourglasspoise.net/5gvb/ - rule_id: 41514 http://www.accelbusiness.net/sg0d/?gkJb=ZFII8SVAvGzgMmVXToVI4LwsaVgSRAPMY6hEAWMgzd/rbIPLPNZ+lpDrj56GxiOWRiizuXBqoJ7dds0AusnvIdaVAlrc/osgyVUIbfwB8yhx2m5WAGulmI8my104pwb/sqeANsY=&EjQU=FuDkP7Tse-i7U - rule_id: 41512 http://www.lontos.top/ukrf/?gkJb=F/tpX3aJNzQcZIorwbtn4XzXZf0a/CrYoWsqF027uxYn9zYWtTXD5RI4AWcWVnLyOuVjbatHjcymGXUCp/2iE/8I1+t1d0MzMQiJ/YLZDKzAaLFDJakAPmxPg9uDu26TEYHLTo4=&EjQU=FuDkP7Tse-i7U - rule_id: 41516 http://www.bosonserver.net/x10g/?gkJb=AtIpZIbrclbIO3wVV4nf5MkbKr3zgThFYZcx/yn27KMXet/sCHbTSg7iXdN1LprNnU90TGJjlk60YPXU/gV8xNKsA5d5wJ0kF02lQrh6bPl2Ka0ee+60c3gL6UuubkfRvx1R8AU=&EjQU=FuDkP7Tse-i7U - rule_id: 41513 http://www.asymtos.tech/34b9/?gkJb=W6RiSnxSk7sWUyAWvsuBUQf3TLDMvpVwUriP78iMWJLg9pjq2qbXoN6eJJBee+3TNvEAo0P2a/B9rNSGOSr+g5jIYLHfTFZsXGTqlaF0jUedL/CiwqWjEQX6GQUFudPhspdJ5Ls=&EjQU=FuDkP7Tse-i7U - rule_id: 41515 http://www.asymtos.tech/34b9/ - rule_id: 41515 http://www.sqlite.org/2021/sqlite-dll-win32-x86-3340000.zip http://www.bosonserver.net/x10g/ - rule_id: 41513 http://www.accelbusiness.net/sg0d/ - rule_id: 41512 http://www.sqlite.org/2017/sqlite-dll-win32-x86-3200000.zip	12 Info www.hourglasspoise.net(15.197.148.33) - mailcious www.theiconsummit.life(15.197.148.33) - mailcious www.lontos.top(203.161.42.162) - mailcious www.accelbusiness.net(15.197.148.33) - mailcious www.asymtos.tech(217.160.164.240) - mailcious www.bosonserver.net(195.200.3.58) - mailcious 195.200.3.58 - mailcious 3.33.130.190 - phishing 217.160.164.240 - mailcious 15.197.148.33 - mailcious 203.161.42.162 - mailcious 45.33.6.223	4	11 Info http://www.hourglasspoise.net/5gvb/ http://www.theiconsummit.life/6fdz/ http://www.lontos.top/ukrf/ http://www.hourglasspoise.net/5gvb/ http://www.accelbusiness.net/sg0d/ http://www.lontos.top/ukrf/ http://www.bosonserver.net/x10g/ http://www.asymtos.tech/34b9/ http://www.asymtos.tech/34b9/ http://www.bosonserver.net/x10g/ http://www.accelbusiness.net/sg0d/	10.4	M	46	ZeroCERT

46806	2024-08-08 14:24	sincesheiseverbuildnewthingent... f4b49bfacf066b76dd2f64aa5667e927 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic ICMP traffic exploit crash unpack itself Exploit DNS DDNS crashed	1 Keyword trend analysis	4			6.8		35	ZeroCERT

46807	2024-08-08 14:26	hmay.txt.exe edfad175f97fe91185a1ed5beed5f468 PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself ComputerName DNS DDNS		2	2		5.4		52	ZeroCERT

46808	2024-08-08 14:26	picturegreatforeveryonetokissh... ab5e63bdc212cfe4832dcfaa5bcd47dd Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut ICMP traffic unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key DDNS	1 Keyword trend analysis	2			8.4		3	ZeroCERT

46809	2024-08-08 14:26	like.exe f40919d4beadd501ea89202a719ab940 Malicious Library PE File PE64 Malware download Cobalt Strike Cobalt VirusTotal Malware RWX flags setting unpack itself ComputerName DNS	2 Keyword trend analysis	2	2		3.8		61	ZeroCERT

46810	2024-08-08 14:28	mygirlistotalchangeswithentire... c29dda8b224f54eeade764fdb7c6bb23 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic ICMP traffic exploit crash unpack itself Exploit DNS DDNS crashed	1 Keyword trend analysis	3			6.8		35	ZeroCERT

46811	2024-08-08 14:28	hvilkes-receipt.vbs be57d52692dc2ef67f7c35290b424149 Generic Malware Antivirus powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key		2	1		7.0			ZeroCERT

46812	2024-08-08 14:37	wecreatednewentertainmenttound... 0016aef348632b4114588b23be613073 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	1		4.6	M	32	ZeroCERT

46813	2024-08-08 14:37	106.hta 3c35707d9cacb409481600e0b5eed83a Generic Malware Antivirus Downloader PE File DLL PE32 .NET DLL Malware download VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		10.6	M	21	ZeroCERT

46814	2024-08-08 14:39	70.hta d25adfb8a78f72868ee40f379c1d9fe2 Generic Malware Downloader Antivirus AntiDebug AntiVM PowerShell MSOffice File PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	1	5		11.6	M	18	ZeroCERT

46815	2024-08-08 14:40	66b1c36969eae_main.exe 3d04dfed5185e2f62819f0951249e391 Client SW User Data Stealer LokiBot RedLine stealer ftp Client info stealer Malicious Library Antivirus .NET framework(MSIL) ASPack UPX Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check FTP Client Info Stealer VirusTotal Malware Telegram PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	2 Keyword trend analysis	5	3		18.2	M	48	ZeroCERT