Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
48871	2024-10-16 11:13	cs-daili.exe 4adcb0f7a3d272d2897488bc269a102b Admin Tool (Sysinternals etc ...) UPX PE File PE32 MSOffice File VirusTotal Malware RWX flags setting unpack itself crashed				2.0	M	12	ZeroCERT

48872	2024-10-16 11:13	madey.exe 689ff816fc3db38894e81abbdf63c02b Amadey Generic Malware Malicious Library Malicious Packer UPX Antivirus PE File PE32 OS Processor Check DLL PE64 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities suspicious process AppData folder sandbox evasion human activity check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	3 Keyword trend analysis	1	3	13.0	M	57	ZeroCERT

48873	2024-10-16 11:14	service.exe d44e2b02979b3331e0eb2fab9e96196e Generic Malware Malicious Library UPX Antivirus Socket ScreenShot Code injection AntiDebug AntiVM PE File PE64 OS Processor Check Lnk Format GIF Format Emotet VirusTotal Malware powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process Windows ComputerName DNS Cryptographic key		1		13.6	M	11	ZeroCERT

48874	2024-10-16 11:15	akt.exe d386565f65fd215007e08b79fad52eca Generic Malware Malicious Library UPX Antivirus PE File PE64 OS Processor Check PE32 VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process Windows ComputerName Cryptographic key				6.8	M	32	ZeroCERT

48875	2024-10-16 11:17	cabal.exe 39632518958d27b69b07f56c735d10a9 Generic Malware Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 PNG Format JPEG Format VirusTotal Malware Buffer PE PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Check virtual network interfaces AppData folder Interception Windows DNS Cryptographic key	6 Keyword trend analysis Info http://217.15.164.94/update//client/update.exe http://217.15.164.94/update//client/System.Windows.Interactivity.dll http://217.15.164.94/update//resources.xml http://217.15.164.94/update//web/kmnkNIANBDUIbudbnIA.php?t=2024-10-16%20??%206:26:14 http://217.15.164.94/update//client/SevenZipSharp.dll http://217.15.164.94/update//client/7z.dll	3	5	8.8	M	29	ZeroCERT

48876	2024-10-16 11:18	mnobinm.doc a62d9a9ddd98d34dd3702ff569c88cc8 MS_RTF_Obfuscation_Objects RTF File doc buffers extracted RWX flags setting exploit crash Exploit crashed				2.2	M		ZeroCERT

48877	2024-10-16 11:18	actives.exe 51514245009764a9f3e9455c23711df8 Generic Malware Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE File VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows ComputerName				11.0		63	ZeroCERT

48878	2024-10-16 11:20	9qP0xWlHdvhkbFG.doc 78568fd800506260234d52e54ea7c704 MS_RTF_Obfuscation_Objects RTF File doc buffers extracted RWX flags setting exploit crash Exploit crashed				2.2	M		ZeroCERT

48879	2024-10-16 11:20	putty.exe b15ed5517d17dc03b4391f34c81f9697 Emotet Gen1 Generic Malware PhysicalDrive NSIS NMap Malicious Library UPX Malicious Packer Downloader Admin Tool (Sysinternals etc ...) Antivirus .NET framework(MSIL) ASPack Anti_VM Javascript_Blob PE File PE32 MZP Format OS Processor Check DllRegisterSer Browser Info Stealer FTP Client Info Stealer VirusTotal Malware AutoRuns Check memory Checks debugger Creates executable files AppData folder installed browsers check Windows Browser Software				5.4	M	69	ZeroCERT

48880	2024-10-16 11:23	qualityrespondpro.exe 7d69353f011527611a119b38593b7b34 Emotet Gen1 Malicious Library UPX PE File PE64 CAB .NET EXE PE32 VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder Windows ComputerName Remote Code Execution DNS Cryptographic key crashed	1 Keyword trend analysis	1	1	8.6	M	51	ZeroCERT

48881	2024-10-16 11:23	center.exe ee2e125214ee4ebef8f570dd6f0d0cc4 Emotet Malicious Library UPX PE File CAB PE32 Lnk Format GIF Format Malware download Dridex VirusTotal Malware AutoRuns PDB Check memory Checks debugger Creates shortcut Creates executable files unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Remote Code Execution DNS	8 Keyword trend analysis Info http://www.seetrol.com/update3/STKeyHook.dll http://www.seetrol.com/update3/NetScan.exe http://www.seetrol.com/update3/Seetrol_Clt.exe http://www.seetrol.com/update3/SeetrolClient.exe http://www.seetrol.com/update3/SeetrolMyService.exe http://www.seetrol.com/update3/sthooks.dll http://www.seetrol.com/update3/STUpdate.exe http://www.seetrol.com/update3/sas.dll	3	2	5.8		2	ZeroCERT

48882	2024-10-16 11:24	Rnuwcr38IRNoHzK.doc 94a02a9670fa65136f06a940d46208d7 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself IP Check Windows Exploit DNS DDNS crashed keylogger	2 Keyword trend analysis	3	9 Info ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check ET DROP Spamhaus DROP Listed Traffic Inbound group 10 ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5.2	M	28	ZeroCERT

48883	2024-10-16 11:24	timeintegrate.exe d0437dce020ddb6c920a217e7b8e1c68 Hide_EXE Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself ComputerName				2.0	M	39	ZeroCERT

48884	2024-10-16 11:26	Document.pdf.url 4f26d833fbf311ce76485a8d7e15e078 Generic Malware Malicious Library UPX AntiDebug AntiVM PE File PE64 OS Processor Check MSOffice File Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	6 Info ET INFO Executable Download from dotted-quad Host ET HUNTING Possibly Suspicious Request for Putty.exe from Non-Standard Download Location ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure	5.8	M		ZeroCERT

48885	2024-10-16 11:26	mpomzxcv.doc c7cdddf35f7ba482ee3e39e0db1c6772 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Exploit crashed				2.6	M	28	ZeroCERT