Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
48841	2024-10-15 14:27	taskhostsw.exe b072f78321c660283d46e104ae677220 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	4	6 Info ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check	7.8	M		ZeroCERT

48842	2024-10-15 14:29	persistance.exe fb79af307b85682b1133f775dafcab83 Generic Malware UPX Antivirus PE File PE64 PowerShell VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	1	5	8.4	M	46	ZeroCERT

48843	2024-10-15 14:29	Wiye6UdJ0SnCj7z.exe b3168142957daedfca080063bbb4843b Generic Malware Malicious Library .NET framework(MSIL) UPX Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Telegram PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	6	9 Info ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET HUNTING Telegram API Domain in DNS Lookup ET INFO TLS Handshake Failure ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI	15.8	M	23	ZeroCERT

48844	2024-10-15 14:31	payload.exe 8bbc71bfca95de5ebb9679e32b501d90 UPX PE File PE64 VirusTotal Malware suspicious process WriteConsoleW				1.0	M	7	ZeroCERT

48845	2024-10-15 14:31	worker.exe 5f08961671234960517cefb9df7a8c41 Gen1 Generic Malware Malicious Library ASPack UPX Malicious Packer Anti_VM PE File PE64 OS Processor Check DLL ZIP Format VirusTotal Malware Check memory Checks debugger Creates executable files Ransomware				2.4	M	10	ZeroCERT

48846	2024-10-15 14:32	6f7d96fd3ac7fc14ea874d7fdfcda1... a71aaa9e10f9dc8701c208df3832a3b8 North Korea Generic Malware Malicious Library PE File .NET EXE PE32 VirusTotal Malware PDB MachineGuid Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName	1 Keyword trend analysis	2	1	4.8	M	45	ZeroCERT

48847	2024-10-15 14:33	update.exe 340efe524c957a5c254f567c30b14b7d Downloader Admin Tool (Sysinternals etc ...) UPX PE File PE32 MSOffice File VirusTotal Malware Check memory RWX flags setting unpack itself DNS		1		3.2	M	49	ZeroCERT

48848	2024-10-15 14:35	AsyncClient.exe 2b444e0ce937dc1c27c897ca76d67089 AsyncRAT Malicious Library Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware				1.2	M	63	ZeroCERT

48849	2024-10-15 14:36	l.exe b96c1cae8e90f64dd0941ee10b0db7ec Generic Malware Malicious Library UPX ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check VirusTotal Malware Code Injection buffers extracted unpack itself crashed				8.0	M	48	ZeroCERT

48850	2024-10-15 14:39	%E8%87%AA%E5%8A%A8%E5%8C%96%E6... 9eea123a411600efba20188546c1a085 Gen1 Generic Malware Malicious Library UPX Malicious Packer PE File PE32 DLL OS Processor Check DllRegisterServer dll VirusTotal Malware Checks debugger WMI Creates executable files unpack itself AppData folder Windows ComputerName Remote Code Execution DNS	1 Keyword trend analysis	2	1	7.2	M	42	ZeroCERT

48851	2024-10-15 14:39	Lock.exe 437abb359165e8698ef19bbaf6175011 .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself crashed				2.6	M	33	ZeroCERT

48852	2024-10-15 14:42	stories.exe b00c9bc606824dc90058f5ce00313ff6 Emotet Gen1 Generic Malware Malicious Library Confuser .NET UPX Admin Tool (Sysinternals etc ...) PE File PE32 MZP Format DLL DllRegisterServer dll OS Processor Check PE64 VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder ComputerName crashed				3.6	M	35	ZeroCERT

48853	2024-10-15 14:42	Payload.exe aa9e75e91b3ac6ad8868e9906beccf54 PhysicalDrive Malicious Packer PE File .NET EXE PE32 VirusTotal Malware DNS		1		3.4	M	51	ZeroCERT

48854	2024-10-15 15:09	d.exe b6a413057aff513253600024455b806d Malicious Library Malicious Packer PE File .NET EXE PE32 VirusTotal Malware Buffer PE suspicious privilege MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS		1		10.0	M	66	ZeroCERT

48855	2024-10-15 15:10	JavUmar1.exe 7105a2ba8c897b6c2072a6ab0bdecdf1 Generic Malware PE File PE32 Browser Info Stealer Malware download VirusTotal Malware Malicious Traffic Check memory buffers extracted Creates executable files RWX flags setting unpack itself Collect installed applications AppData folder suspicious TLD anti-virtualization installed browsers check CryptBot Browser ComputerName DNS	1 Keyword trend analysis	2	3	7.4	M	44	ZeroCERT