Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
5791	2024-02-09 04:07	merlin.js 36f47633918675a107df6c1d1b0cc672 task schedule Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM unpack itself malicious URLs crashed					1.4			guest

5792	2024-02-09 04:07	merlin.min.js 2941b51484f9f83a0e3dfe592fd16957 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM malicious URLs crashed					1.0			guest

5793	2024-02-08 18:10	putty.bat f46a83e052ee544c9696654fb450d00a Generic Malware Downloader Antivirus UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE32 PE File suspicious privilege Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName Cryptographic key					6.0			ZeroCERT

5794	2024-02-08 18:06	ballonservicefrommicrosfotisgr... 28e198167f8b55c4e5ba832afa4a2b60 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed	3 Keyword trend analysis	3	3	1	4.6	M	32	ZeroCERT

5795	2024-02-08 18:04	wedfreshairgetfrommicrosfotbal... 3740b9bffc150fd3f4c211caaa4bb385 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed	3 Keyword trend analysis	3	3	1	4.6	M	33	ZeroCERT

5796	2024-02-08 18:02	lumma123142124.exe cad41f50c144c92747eee506f5c69a05 PE32 PE File .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.6	M	50	ZeroCERT

5797	2024-02-08 18:00	Goldprime.exe 7e9e39a623a04307eb499ff6617b9746 PE32 PE File .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.6	M	44	ZeroCERT

5798	2024-02-08 17:59	Update.exe db25dde66c6101eb5c357a1fecb34925 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check MachineGuid Check virtual network interfaces WriteConsoleW Tofsee	2 Keyword trend analysis	3	1		1.8	M		ZeroCERT

5799	2024-02-08 17:58	wednewsmangero.vbs 3183b42ec0106c38fc5f9fb28cc5e789 VirusTotal Malware wscript.exe payload download Tofsee DNS	2 Keyword trend analysis	3	2		2.6	M	7	ZeroCERT

5800	2024-02-08 17:56	LM.exe 196921b3788eac48b29d5ce802ff8e27 Admin Tool (Sysinternals etc ...) PE32 PE File VirusTotal Malware unpack itself crashed					2.0	M	30	ZeroCERT

5801	2024-02-08 17:56	loveandlover.vbs 6507643094054c35167c2eb65b8b3051 VirusTotal Malware wscript.exe payload download Tofsee	2 Keyword trend analysis	2	2		2.0	M	7	ZeroCERT

5802	2024-02-08 17:55	plaza.exe 0aeac9446941d8e6a6cb29f6b55a6dc8 Themida Packer Malicious Packer UPX Malicious Library Anti_VM AntiDebug AntiVM PE32 PE File OS Processor Check MSOffice File Lnk Format GIF Format .NET EXE ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Detects VMWare suspicious process AppData folder AntiVM_Disk WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Update Exploit Browser RisePro Email ComputerName DNS Software crashed Downloader	18 Keyword trend analysis Info http://193.233.132.167/mine/plaza.exe - rule_id: 39347 http://193.233.132.167/cost/ladas.exe - rule_id: 39348 http://193.233.132.167/cost/fu.exe - rule_id: 39344 http://193.233.132.167/mine/amert.exe - rule_id: 39345 http://193.233.132.167/cost/niks.exe - rule_id: 39346 https://go-case.com/ea88eabe96f6e1d298bdbefcd87f3c2b89da8f81a109/37c8058f29e4cafa320a6bce6e2003846a12d0ac4e05.css https://go-case.com/main/__API_PATH__ https://go-case.com/ea88eabe96f6e1d298bdbefcd87f3c2b89da8f81a109/8c04721601d4b0869688793cfdededac05f9e1b6527b.css https://go-case.com/main/case https://db-ip.com/demo/home.php?s=175.208.134.152 https://go-case.com/ea88eabe96f6e1d298bdbefcd87f3c2b89da8f81a109/6047737420655b305e8fcedbf6265131bd00500e096f.css https://go-case.com/ea88eabe96f6e1d298bdbefcd87f3c2b89da8f81a109/47b3bb7687444f066efeaf7acf1fe209d1838913b526.css https://go-case.com/ea88eabe96f6e1d298bdbefcd87f3c2b89da8f81a109/61cd0aa212eab546eed8d3a173521dd7e459f60a7786.css https://cdnjs.cloudflare.com/ajax/libs/vue/2.6.11/vue.min.js https://go-case.com/ea88eabe96f6e1d298bdbefcd87f3c2b89da8f81a109/b2c695698d09c07c061cb077414b1281d9d9222ba576.css https://go-case.com/a35da298f2efef2b88faf0d96c576c2cd104dd05b22a/859642ba6002479054942d3fb64df2698fda97138bb9.js https://go-case.com/66-l/script.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js	14 Info db-ip.com(104.26.4.15) ipinfo.io(34.117.186.192) media.discordapp.net(162.159.134.232) go-case.com(172.67.176.216) code.jquery.com(151.101.194.137) cdnjs.cloudflare.com(104.17.25.14) - mailcious 104.17.25.14 104.26.4.15 162.159.130.232 34.117.186.192 104.21.17.146 193.233.132.62 - mailcious 151.101.194.137 193.233.132.167 - malware	13 Info ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET INFO Packed Executable Download	5	23.0	M	39	ZeroCERT

5803	2024-02-08 17:54	for.exe 8c281571c5fdaf40aa847d90e5a81075 PE32 PE File .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.6	M	46	ZeroCERT

5804	2024-02-08 17:53	photosensi.cur f1d2fa9c23646b2e3718fb7e9f48e7a9 Suspicious_Script_Bin						M		ZeroCERT

5805	2024-02-08 14:01	키위파이낸셜_S.apk c8df2c033cd82239668f2477adde9b2e ZIP Format VirusTotal Malware					0.4		7	guest