Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
48886	2024-10-16 11:28	iA8CGls28DqWbrP.exe 107f22fe14c9e5026c251c0b502c0ad9 Generic Malware Malicious Library .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Telegram PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	6	9 Info ET HUNTING Telegram API Domain in DNS Lookup ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET POLICY External IP Lookup - checkip.dyndns.org ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET INFO 404/Snake/Matiex Keylogger Style External IP Check ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)	15.8	M	44	ZeroCERT

48887	2024-10-16 11:28	Wiye6UdJ0SnCj7z.doc e8074b57eed527b7b5f160f323710a76 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware buffers extracted RWX flags setting exploit crash Exploit crashed				3.2	M	39	ZeroCERT

48888	2024-10-16 11:30	LedgerUpdater.exe a6a0e9efccb47bff03a3b203736a150d Malicious Library PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key				2.8	M	34	ZeroCERT

48889	2024-10-16 11:31	taskhostw.exe 3e2f27edd3deacd8f08f6ed1133b2040 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	4	6 Info ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org)	9.0	M	46	ZeroCERT

48890	2024-10-16 11:32	Invoke-Petitpotam.ps1 79f4fb681368185834f5ccf8d4812aec Vidar Hide_EXE Generic Malware Antivirus OS Processor Check VirusTotal Malware Check memory unpack itself				1.6	M	34	ZeroCERT

48891	2024-10-16 11:34	iupdate.exe 8f2382e57ef226bcbf3f549280a59085 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX PE File PE32 MZP Format OS Processor Check URL Format VirusTotal Malware unpack itself				2.6	M	28	ZeroCERT

48892	2024-10-16 11:34	loader.bin 079caee72a8dac67029b96992050be5b Generic Malware Malicious Library Malicious Packer UPX PE File DLL PE64 OS Processor Check VirusTotal Malware DNS		1		1.8	M	48	ZeroCERT

48893	2024-10-16 13:40	keygen.exe 3bd08acd4079d75290eb1fb0c34ff700 Malicious Packer UPX PE File PE32 VirusTotal Malware Check memory unpack itself				2.6	M	33	r0d

48894	2024-10-16 14:22	javad.hta 80d63e57cf21fda8b8c90e474eb46a4a Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process Windows ComputerName DNS Cryptographic key		1		8.0		39	ZeroCERT

48895	2024-10-16 14:24	2_xnfile.exe 0b4ad3d05337dd790a3ff9d0e01b3bb8 Generic Malware Malicious Library UPX Antivirus PE File PE64 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key				3.6		39	ZeroCERT

48896	2024-10-16 14:25	63e909b3647d.exe 90a219fcf54c78330dc492ff89e7064d Generic Malware Malicious Library UPX ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check VirusTotal Malware Code Injection buffers extracted unpack itself crashed				6.8	M	26	ZeroCERT

48897	2024-10-16 14:26	333.bin 98961233cbdc119f8e7bf379db993c23 CobaltStrike Generic Malware Malicious Library Malicious Packer UPX PE File DLL PE64 OS Processor Check VirusTotal Malware Checks debugger unpack itself crashed				2.0	M	58	ZeroCERT

48898	2024-10-16 14:26	svchost.exe 254dd83941729a0ee8f38777fc77889c Generic Malware Antivirus PE File .NET EXE PE32 Malware download AsyncRAT NetWireRC VirusTotal Malware Cryptocurrency wallets Cryptocurrency powershell AutoRuns suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process AppData folder WriteConsoleW Ransomware Windows ComputerName DNS Cryptographic key		1	4	10.6	M	56	ZeroCERT

48899	2024-10-16 14:28	Rage.dll 862fd491faeed9ed0196e544cc3483c5 Malicious Packer UPX PE File DLL PE32 OS Processor Check VirusTotal Malware PDB Checks debugger unpack itself crashed				2.6	M	45	ZeroCERT

48900	2024-10-16 14:30	1174180.exe 110a014684ddaaf25e6b81d798d7ae8f Gen1 Generic Malware Malicious Library Malicious Packer UPX Admin Tool (Sysinternals etc ...) Anti_VM PE File PE64 OS Processor Check DLL ZIP Format VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself DNS		1		5.0	M	41	ZeroCERT