Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
5251	2024-02-18 13:19	a300b665543b8909c.exe 642bbf552dc8a71fc044ecee09db0847 Generic Malware Malicious Library UPX PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName Software crashed					5.0	M	53	ZeroCERT

5252	2024-02-18 13:17	virus.exe d7963dc144158429102bda49bc79e89b Malicious Library Malicious Packer Antivirus .NET framework(MSIL) UPX PE32 PE File .NET EXE OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself					2.0		56	ZeroCERT

5253	2024-02-18 13:17	7c364f41396994a4a.exe 7f70eec56d05cf2eb2f88b765bb3f01c Generic Malware Malicious Library UPX PE32 PE File OS Processor Check Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName crashed					4.4		49	ZeroCERT

5254	2024-02-18 10:58	reals.exe ff6be3e826728411d90a58ffe4834ca3 Client SW User Data Stealer browser info stealer Generic Malware EnigmaProtector Google Chrome User Data Downloader Obsidium protector UPX Malicious Library Malicious Packer Code injection Http API PWS Create Service Socket DGA ScreenShot Escalate pr Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Update Exploit Browser RisePro Email ComputerName DNS Software crashed Downloader	14 Keyword trend analysis Info http://185.215.113.46/cost/fu.exe - rule_id: 39367 http://185.215.113.46/cost/ladas.exe - rule_id: 39368 http://185.215.113.46/mine/plaza.exe - rule_id: 39369 http://185.215.113.46/mine/amert.exe - rule_id: 39370 http://185.215.113.46/cost/niks.exe - rule_id: 39371 https://www.google.com/favicon.ico https://db-ip.com/demo/home.php?s=175.208.134.152 https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ATuJsjwZDFIam6L22WTWI-kQASX9bbFhlY8Qfpn45PMVfMK-s8Kyidgcfo81UwYYYE3hoi8cxOYr https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ATuJsjwFn3TVCNRzJMcCHLiAbyOatgCfg9GZ0yxkBGaodHQIa13Oi7C4nekCckwkC7E_8TSu1Gl5&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-2029714484%3A1708220637104788 https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png https://accounts.google.com/generate_204?9CAOBw	12	13 Info ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DROP Spamhaus DROP Listed Traffic Inbound group 22 ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET INFO Packed Executable Download	5	28.0	M	26	ZeroCERT

5255	2024-02-18 10:54	Hero.RANK.exe 1e4069ed0d620ba12e648697f21e43f0 Gen1 Emotet Generic Malware Malicious Library UPX Malicious Packer PE File PE64 OS Processor Check DLL ZIP Format DllRegisterServer dll VirusTotal Malware Check memory Creates executable files Ransomware					2.2	M	28	ZeroCERT

5256	2024-02-18 10:48	dromicrotechnologytodevelopnew... 77951d0b6350cdc0cc163b6348fa6db8 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware VBScript Malicious Traffic RWX flags setting exploit crash IP Check Tofsee Exploit DNS crashed	5 Keyword trend analysis	11 Info ftp.elquijotebanquetes.com(143.95.79.226) - mailcious ip-api.com(208.95.112.1) pastebin.com(172.67.34.170) - mailcious uploaddeimagens.com.br(172.67.215.45) - malware 172.67.215.45 - malware 143.95.79.226 - mailcious 172.245.214.91 - mailcious 45.74.19.84 - malware 208.95.112.1 23.50.121.137 172.67.34.170 - mailcious	7 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Dotted Quad Host VBS Request ET MALWARE Base64 Encoded MZ In Image ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 1 M1 SURICATA Applayer Detect protocol only one direction ET MALWARE Malicious Base64 Encoded Payload In Image ET POLICY External IP Lookup ip-api.com	1	4.6	M	34	ZeroCERT

5257	2024-02-18 10:48	Factory.exe 73f514cfa76c8488e1535442e683e5d4 Malicious Library Malicious Packer UPX PE File PE64 DllRegisterServer dll OS Processor Check VirusTotal Malware					1.2		21	ZeroCERT

5258	2024-02-18 10:46	build1702_2024-02-17_20-28.exe 03e350c52d08a9664b18bd53cf99d65a Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB unpack itself Remote Code Execution					2.2		37	ZeroCERT

5259	2024-02-18 10:44	onemicrosoftdecentballonupdati... 0821ae7fe90717804b8923fac2008d6b MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware VBScript Malicious Traffic buffers extracted exploit crash unpack itself IP Check Tofsee Exploit DNS crashed	5 Keyword trend analysis	10	6 Info ET INFO Dotted Quad Host VBS Request SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Base64 Encoded MZ In Image ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 1 M1 ET POLICY External IP Lookup ip-api.com ET MALWARE Malicious Base64 Encoded Payload In Image	1	5.0	M	33	ZeroCERT

5260	2024-02-18 10:43	1.exe 534f62da9cdc06f201a960ccf9bd7724 Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB unpack itself Remote Code Execution					2.2		32	ZeroCERT

5261	2024-02-16 16:41	reader_update.exe a74ae422391a22b5469135ae7f0cbf7d Malicious Library UPX PE File PE64 OS Processor Check Malware download VirusTotal Malware Malicious Traffic Checks debugger Creates executable files unpack itself Windows Update DNS	2 Keyword trend analysis	1	4		3.4	M	16	ZeroCERT

5262	2024-02-16 09:53	msword.com 4ceeda451c97ab9a9f299cbd8d60cb0f Generic Malware Downloader task schedule Malicious Packer UPX Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP SMTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE Fil powershell AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName Cryptographic key keylogger					9.8		17	ZeroCERT

5263	2024-02-16 09:49	baitedupdate.exe 5502b4463a62be41ece9a4557453fd4d .NET framework(MSIL) UPX PE File PE64 .NET EXE VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself					2.2		52	ZeroCERT

5264	2024-02-16 09:39	W2.pdf c2fa5bce418008580cffa180fb8448ef PDF VirusTotal Malware					0.6		11	ZeroCERT

5265	2024-02-16 09:35	VNCViewer.exe e9425a265fd265e6abbea5ae82cff5b3 Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware MachineGuid Checks debugger Creates shortcut unpack itself Tofsee Advertising ComputerName Remote Code Execution		2	2		4.0		35	ZeroCERT