Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
48751	2024-10-12 09:32	0a839761915d.exe da1302fbc2573f8bfda7691a95babfaa Generic Malware Malicious Library UPX ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check Code Injection buffers extracted unpack itself crashed					6.8			ZeroCERT

48752	2024-10-12 09:32	67065a0933c9e_UUESUpdater.exe 0e926b28fc49f6259a70c032ae83cd14 Malicious Library PE File .NET EXE PE32 Lnk Format GIF Format VirusTotal Malware AutoRuns suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself AppData folder Windows ComputerName					6.6	M	51	ZeroCERT

48753	2024-10-12 09:35	aeGTitPRCz9BKKQ.exe 0d1ae777c0410769dae40033758321b9 Generic Malware Malicious Library .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Telegram suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	6	9 Info ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI ET HUNTING Telegram API Domain in DNS Lookup		16.0	M	41	ZeroCERT

48754	2024-10-12 09:36	tIelklVKfumqUfa.exe 75893771b8664b9e896e38274c6a052d Generic Malware Malicious Library .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Telegram suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	6	9 Info ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET HUNTING Telegram API Domain in DNS Lookup ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check		14.6	M	27	ZeroCERT

48755	2024-10-12 09:39	1654365431.exe 31d649663149dabd99c51b71e60a4a91 Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File PE64 MZP Format OS Processor Check VirusTotal Malware suspicious privilege unpack itself DNS		1			2.6	M	12	ZeroCERT

48756	2024-10-12 09:41	amd64.exe 35b5a66be6e3bcfbf109f19ceac7cbb1 Malicious Library Malicious Packer UPX PE File PE64 VirusTotal Malware DNS		1			1.8	M	34	ZeroCERT

48757	2024-10-12 11:29	Um9L61WgOApLFKJ.exe 3f6058dbb64084df7f3da0a1cb23a872 Generic Malware Malicious Library .NET framework(MSIL) Antivirus DNS AntiDebug AntiVM PE File .NET EXE PE32 Malware download Nanocore Cobalt Strike NetWireRC VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows RAT ComputerName DNS Cryptographic key DDNS		2	5		13.4	M	24	ZeroCERT

48758	2024-10-12 11:30	Smmestinget143.vbs 0fc9528df599123c95ea5ae0a043f662 Generic Malware Suspicious_Script_Bin Antivirus AntiDebug AntiVM Malware download NetWireRC VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows RAT ComputerName DNS Cryptographic key	3 Keyword trend analysis	6	4		11.6		1	ZeroCERT

48759	2024-10-12 18:43	67065b4c84713_Javiles.exe 8be8e5e57fc2a177c12ac52d6f71157c Gen1 Generic Malware Malicious Library UPX Malicious Packer PE File .NET EXE PE32 OS Processor Check MZP Format DLL PE64 VirusTotal Malware AutoRuns PDB suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files Windows utilities AppData folder WriteConsoleW Firewall state off IP Check Windows ComputerName DNS	2 Keyword trend analysis	3	7 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET POLICY External IP Lookup api.ipify.org	1	9.6	M	52	ZeroCERT

48760	2024-10-12 18:44	67081de6be937_ParticlerOps.exe dc724c3aafa18b464c83bd5910407805 Gen1 Generic Malware Malicious Library UPX Malicious Packer ASPack PE File PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files AntiVM_Disk VM Disk Size Check					2.4	M	19	ZeroCERT

48761	2024-10-12 18:45	67065227a0640_rrrrrrrr.exe 356279b22763084935165ad080b0ae9a ROMCOM RAT PE File PE64 VirusTotal Cryptocurrency Miner Malware DNS CoinMiner		2	1		1.8	M	40	ZeroCERT

48762	2024-10-12 18:46	DetahNote_J.jpg.exe 422f46bde8df2dc15a939bdd87d48778 Generic Malware Malicious Library Malicious Packer UPX PE File DLL PE32 .NET DLL OS Processor Check VirusTotal Malware PDB					1.4		49	ZeroCERT

48763	2024-10-12 18:46	333343MPDW-constraints.vbs aaa69be437a05f43d51f62c7aca0210f Generic Malware Antivirus Hide_URL VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1		7.6	M	5	ZeroCERT

48764	2024-10-12 18:47	tdrp.exe 21b61b3680c5e66f9f7b1f3026327757 UPX PE File PE32 Malware download VirusTotal Malware Malicious Traffic Creates executable files Windows DNS	1 Keyword trend analysis	2	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	1	3.4	M	50	ZeroCERT

48765	2024-10-12 18:48	nighttttMPDW-constraints.vbs ba21082c47f33b42f6243198bea92684 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1		7.6	M	5	ZeroCERT