Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
47341	2024-08-19 15:47	66bdd24d2ac1b_uninstaller.exe fdf999d19df6b5c6a03bdbe1990347b3 Generic Malware Malicious Library UPX PE File ftp PE32 OS Processor Check VirusTotal Malware Remote Code Execution					0.8	M	19	ZeroCERT

47342	2024-08-19 15:50	66c1d07f53497_doz.exe#mene 24d5b262745b653d468c1dfdbaa2c754 Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Malicious Library ASPack UPX Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check FTP Client Info Stealer VirusTotal Malware Telegram PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	2 Keyword trend analysis	5	3	1	16.0	M	16	ZeroCERT

47343	2024-08-19 15:51	66bdbedbc9eb9_ipfr.exe a14e062d5ddb947dd490cd3956c7de8a Generic Malware Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself					6.8	M	48	ZeroCERT

47344	2024-08-20 09:28	POS_C020.exe 404d481d35148c5a12e60cba83d6d034 Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File DllRegisterServer dll PE32 MZP Format VirusTotal Malware Check memory unpack itself					1.8		8	ZeroCERT

47345	2024-08-20 09:30	POS_C028.exe 8b2ae18d721ae95719598ca0369e94af Malicious Library UPX PE File DllRegisterServer dll PE32 MZP Format VirusTotal Malware unpack itself crashed					1.8		8	ZeroCERT

47346	2024-08-20 09:32	POS_C110.exe 86de5cffa568d6a2392d576fc6535b3b Malicious Library UPX PE File DllRegisterServer dll PE32 MZP Format VirusTotal Malware unpack itself crashed					2.0		10	ZeroCERT

47347	2024-08-20 09:39	66c313b18a645_xin.exe#xin 87842c44385a9c22e2d47b4fe85566dc Malicious Library UPX PE File .NET EXE PE32 VirusTotal Malware PDB Remote Code Execution					2.0	M	31	ZeroCERT

47348	2024-08-20 09:39	csrss.exe bf038a5d89d10a8c54f9173ae6f1218d Generic Malware Suspicious_Script_Bin Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware AutoRuns Checks debugger Creates executable files unpack itself AppData folder Windows					4.4		32	ZeroCERT

47349	2024-08-20 09:39	StyleControls%20VCL.exe d4fca59c99d8d70aca5744d147e37c03 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 DllRegisterServer dll OS Processor Check VirusTotal Malware crashed					1.2		17	ZeroCERT

47350	2024-08-20 09:40	66c1f0aa0deee_crypted.exe#1 52245c8ae7ec10fb61eeeb2b329e9a34 PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName					2.8	M	56	ZeroCERT

47351	2024-08-20 09:41	66c371f08cdcf_unins000.exe#gri... b698dfc0ab0130a4ba4c82ae0e972d9b Generic Malware Malicious Library UPX PE File PE32 MZP Format OS Processor Check VirusTotal Malware unpack itself					1.4		5	ZeroCERT

47352	2024-08-20 09:43	66bfee9fd7d9a_lumma.exe 9a9953dc06ef76dfb7ef3a308340f77b Antivirus PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName					2.6	M	38	ZeroCERT

47353	2024-08-20 09:44	File1.exe 93d6175fe1726d7f201a13e359e3c3f8 Generic Malware Malicious Library Malicious Packer Antivirus UPX Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File PE64 OS Processor Check PowerShell PE32 Browser Info Stealer Malware download VirusTotal Malware powershell AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs suspicious TLD WriteConsoleW anti-virtualization installed browsers check Tofsee CryptBot Windows Discord Browser ComputerName Remote Code Execution DNS Cryptographic key crashed	7 Keyword trend analysis Info http://58yongzhe.com/parts/setup1.exe - rule_id: 42034 http://tvezx20pn.top/v1/upload.php http://89.105.201.137/Files/Channel1.exe http://194.58.114.223/d/385104 - rule_id: 41929 https://pastebin.com/raw/E0rY26ni - rule_id: 37702 https://yip.su/RNWPd.exe - rule_id: 37623 https://cdn.discordapp.com/attachments/1274634716451967060/1275223801675907102/setup.exe?ex=66c51c36&is=66c3cab6&hm=a7afd60459653ce3668249ab779142f9304b37948e72ed701047f1fdaf8ce0ff&	12 Info 58yongzhe.com(62.133.62.93) - malware tvezx20pn.top(77.232.42.234) pastebin.com(104.20.3.235) - mailcious yip.su(172.67.169.89) - mailcious cdn.discordapp.com(162.159.130.233) - malware 162.159.133.233 - malware 77.232.42.234 104.21.79.77 - phishing 89.105.201.137 - mailcious 62.133.62.93 194.58.114.223 - mailcious 172.67.19.24 - mailcious	13 Info ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET HUNTING Redirect to Discord Attachment Download SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET INFO Observed Discord Domain (discordapp .com in TLS SNI) ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET DNS Query to a .top domain - Likely Hostile ET INFO HTTP Request to a .top domain ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	4	22.4	M	19	ZeroCERT

47354	2024-08-20 09:45	weneedtoknowbutterburnreallysw... 01ee2a10ee91efdcf290d48901cbc8d1 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	1		4.6	M	34	ZeroCERT

47355	2024-08-20 09:45	66c2d861a5b4d_google.exe 8447dbe44aa2ede5d56341e0dc22f319 PE File PE64 VirusTotal Cryptocurrency Miner Malware DNS CoinMiner		2	1		1.4	M	20	ZeroCERT