Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
48721	2024-10-10 09:33	nicesweetnessgivenmenicepictur... 56a6c0261a72db745ea0f21a3c55c675 MS_RTF_Obfuscation_Objects RTF File doc				0.4	M		ZeroCERT

48722	2024-10-10 09:33	devmgmt.dll 1eddb5c776110bc135bb46145e2a5790 UPX PE File DLL PE32 VirusTotal Malware				1.8	M	35	ZeroCERT

48723	2024-10-10 09:33	nggeejan22.exe 40a93e64a968a16b5139e7a5e4836353 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware				1.0	M	34	ZeroCERT

48724	2024-10-10 09:33	ngown.exe 1ea3b00d00461c1ee3c576e21dcda173 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware				1.0	M	35	ZeroCERT

48725	2024-10-10 09:33	getlab.exe 95ae9bdf69e84f774782ff6a33879571 Emotet Malicious Library Confuser .NET UPX PE File PE32 MZP Format				0.2	M		ZeroCERT

48726	2024-10-10 09:34	fWAcz73TNXEbaJ2.exe 40827ea8c44fb26aa68e3662325066ef Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware PDB				1.6	M	30	ZeroCERT

48727	2024-10-10 09:36	asegurar.vbs 13e3606089a4013c781e6c6222cf8237 VirusTotal Malware				0.4		5	ZeroCERT

48728	2024-10-10 09:42	naturegustgoodgreatthingstobew... f31ba8351265a427efdf3b2d24ec6fab MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	1	4.6	M	36	ZeroCERT

48729	2024-10-10 09:42	asegurar.vbs 13e3606089a4013c781e6c6222cf8237 Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1	7.6		5	ZeroCERT

48730	2024-10-10 09:44	ngown.exe 1ea3b00d00461c1ee3c576e21dcda173 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName Software crashed				4.8	M	35	ZeroCERT

48731	2024-10-10 09:45	fWAcz73TNXEbaJ2.exe 40827ea8c44fb26aa68e3662325066ef Generic Malware Malicious Library .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Telegram PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	6	9 Info ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET HUNTING Telegram API Domain in DNS Lookup ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET INFO TLS Handshake Failure ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check	15.0	M	30	ZeroCERT

48732	2024-10-10 09:46	nicesweetnessgivenmenicepictur... 56a6c0261a72db745ea0f21a3c55c675 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	1	5.0	M	37	ZeroCERT

48733	2024-10-10 10:55	6705347f535f8_install.exe 481d8373fa209bd6184cff3953aa5f12 UPX PE File PE64 VirusTotal Malware				1.6	M	27	ZeroCERT

48734	2024-10-10 10:56	360_.exe 5d026af9171c4bcec7b38ff42b1fb266 Downloader Malicious Library UPX ScreenShot Create Service Socket DGA Http API Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer VirusTotal Malware AutoRuns PDB MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process AppData folder sandbox evasion WriteConsoleW Windows Browser ComputerName DNS		1		14.0	M	63	ZeroCERT

48735	2024-10-10 10:57	Installer.exe 456f6c49f089b47c546a8bde8e8c4eec Generic Malware UPX Malicious Library Malicious Packer Antivirus PE File PE64 DllRegisterServer dll MZP Format OS Processor Check VirusTotal Malware Check memory Creates executable files unpack itself suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check				5.6	M	51	ZeroCERT