Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
48331	2024-09-24 10:58	npa.vbs 3c73583026ced53866f66ebdd2b21a6e Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key		2	1		7.2		15	guest

48332	2024-09-24 10:59	ndfdsof.exe 39af78c7dafc5b1b5b42268fd412b6fd Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger RWX flags setting unpack itself Check virtual network interfaces					3.0	M	25	ZeroCERT

48333	2024-09-24 11:00	vfdgfd15.exe a5d8786e0b524918c35e579be77304b9 Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	1 Keyword trend analysis	5	3	1	14.8	M		ZeroCERT

48334	2024-09-24 11:00	to.txt.vbs b0433a56ab3994393665adf0e584be2d Generic Malware Antivirus PowerShell VirusTotal Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	2	3		10.6		14	ZeroCERT

48335	2024-09-24 11:01	66f19a8fe6780_coreUniver_consa... d14bafa4b530db720f420d77145a1c95 Malicious Library UPX PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Check memory Checks debugger unpack itself ComputerName Remote Code Execution					3.2	M	25	ZeroCERT

48336	2024-09-24 11:02	66f148e50e8e1_goodJob.exe 00aaa8c805c07e482998dd38aa13494e Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Malicious Library UPX Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check FTP Client Info Stealer VirusTotal Malware Telegram Buffer PE PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Remote Code Execution DNS Software	1 Keyword trend analysis	5	3	1	16.0	M	23	ZeroCERT

48337	2024-09-24 11:02	invoicesss.lnk f5a8227c071b79abce0748f0a65de2f8 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process WriteConsoleW Interception Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1			10.0		23	ZeroCERT

48338	2024-09-24 11:02	asegurar.vbs 4a31a1de3d99c80d908ddda051e2f761 Generic Malware Antivirus Hide_URL VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key		2	1		7.6	M	4	ZeroCERT

48339	2024-09-24 11:04	66f1b3d23ffe5_lyla1.exe 34e07317817ca03f5eb4566851fe0cf3 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					1.8	M	29	ZeroCERT

48340	2024-09-24 11:05	66f19da1b85de_cryotr.exe#kisot... 8f13e73a3c7d22ee7c1730cf8821f7ac Generic Malware Malicious Library UPX PE File PE32 ftp OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName					6.6	M	22	ZeroCERT

48341	2024-09-24 11:07	key.exe 4cdc368d9d4685c5800293f68703c3d0 Malicious Library UPX PE File ftp PE32 OS Processor Check PDB crashed					0.8	M		ZeroCERT

48342	2024-09-24 11:08	66f18e5598f87_kaloa.exe 712d466cf9f8e982f18eb3355131e5c0 Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware PDB suspicious privilege Check memory Checks debugger unpack itself ComputerName					3.0	M	24	ZeroCERT

48343	2024-09-24 11:08	wsd.exe f1a4608262276d12a77a5db012189fa6 Gen1 Generic Malware Malicious Library ASPack UPX Anti_VM PE File PE64 OS Processor Check DLL ZIP Format VirusTotal Malware Check memory Checks debugger Creates executable files					2.0	M	23	ZeroCERT

48344	2024-09-24 11:09	66f1aed72de87_crypted.exe#1 ca91eecc39a0e55259001edf9a6f52fd ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself					7.0	M	29	ZeroCERT

48345	2024-09-24 11:15	66f18a5501651_ww_a.exe 221942540e2630630887a7b59a855ec2 Gen1 Generic Malware Malicious Library .NET framework(MSIL) UPX Malicious Packer PWS Anti_VM AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check DLL PE64 ftp DllRegisterServer dll ZIP Format Browser Info Stealer Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself malicious URLs IP Check Tofsee Ransomware Windows Browser ComputerName Remote Code Execution DNS crashed Downloader	6 Keyword trend analysis	13	13 Info ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO URL Shortener Service Domain in DNS Lookup (iplog .co) ET INFO Observed URL Shortener Service Domain (iplog .co in TLS SNI)		15.6	M	19	ZeroCERT