Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
5851	2024-02-06 08:12	RetailerRise.exe 3355e8cdfa1a9dbe0b51468287da4ca2 Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check ZIP Format PNG Format Browser Info Stealer Malware download FTP Client Info Stealer Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Malicious Traffic Check memory buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed	2 Keyword trend analysis	6	11 Info ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET INFO Executable Download from dotted-quad Host ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Get_settings) ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound)	15.0			ZeroCERT

5852	2024-02-05 17:11	soft.exe 0151e006443174af2f2ea167eb3317fe Antivirus .NET framework(MSIL) PE32 PE File .NET EXE VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself				2.4	M	36	ZeroCERT

5853	2024-02-05 16:41	main.exe 847a21513809ca25f688d6a34b3d3599 Gen1 Malicious Library UPX Anti_VM PE File PE64 OS Processor Check DLL ZIP Format VirusTotal Malware Check memory Creates executable files				1.8	M	13	ZeroCERT

5854	2024-02-05 16:41	IP.exe 1af97bb3b7d31c81534bc48a84021f32 Malicious Library PE32 PE File VirusTotal Malware AutoRuns suspicious privilege unpack itself Windows DNS		1		4.6	M	65	ZeroCERT

5855	2024-02-05 16:39	hncc.exe c227e22771466226949f8c53af85465c .NET framework(MSIL) PE32 PE File .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself ComputerName				2.6	M	46	ZeroCERT

5856	2024-02-05 09:53	fu.exe 271cd22262cd08a27b71bdde7e56a102 Client SW User Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library UPX Http API PWS Code injection Create Service Socket DGA ScreenShot Escalate priviledges Steal credential Sniff Audio HTTP DNS BitCoin I Browser Info Stealer MachineGuid Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities malicious URLs installed browsers check Tofsee Ransomware Windows Exploit Browser DNS crashed	8 Keyword trend analysis Info https://accounts.google.com/generate_204?XFQDRw https://www.google.com/favicon.ico https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ASKXGp1pSg1SytcUXlCvRfnGS2MhnzYPTh0lGMlr8CFFswSgI4EqllBOEfkNRR9xY2H6zYS0qwVgQQ https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp3KwGUsAR-DcSqWNUmXjv3hJ3dPzA40W4zrbKGtqCBS-aHnytHfTJAmPiy3RtrAYxr3Bw3B-Q&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-2130546933%3A1707092765407593 https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png	6	1	9.8			ZeroCERT

5857	2024-02-05 09:49	stale.exe f6baf4f5ae815623e3fd82593aee17c1 PE32 PE File VirusTotal Malware RWX flags setting unpack itself Tofsee DNS crashed	2 Keyword trend analysis	5	2	3.0	M	24	ZeroCERT

5858	2024-02-05 09:48	US.file.exe 613fdc04ffdcb927ce9d48dec7c59538 Malicious Library UPX Socket ScreenShot Steal credential DNS Code injection AntiDebug AntiVM PE File PE64 OS Processor Check PE32 ZIP Format PNG Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency MachineGuid Code Injection Check memory buffers extracted WMI unpack itself Collect installed applications malicious URLs AntiVM_Disk sandbox evasion anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Browser RisePro Email ComputerName Remote Code Execution DNS Software	2 Keyword trend analysis	7	9 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE RisePro TCP Heartbeat Packet ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE RisePro CnC Activity (Outbound)	14.8	M	20	guest

5859	2024-02-05 09:47	TWO.file.exe f328a95046e3a2514c36347eaec911c0 PE32 PE File .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself				2.0	M	31	guest

5860	2024-02-05 09:44	2pdf.hta 07fa373b66fc5c661bdc2e3b51b65126 AntiDebug AntiVM Code Injection RWX flags setting unpack itself Windows utilities Windows				2.2			guest

5861	2024-02-05 09:43	1pdf.hta a46eae4ae4dc08311640997b66b5fe37 AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2	3.8		3	guest

5862	2024-02-05 09:43	amert.exe f987b80aea9acc4c263782f6621a77ac EnigmaProtector PE32 PE File VirusTotal Malware AutoRuns unpack itself AppData folder Windows ComputerName crashed				3.2	M	24	ZeroCERT

5863	2024-02-05 09:40	msgbox1.file.exe ac6132e51eeb91f7d294c448fc2605a0 Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware Check memory unpack itself crashed				1.6	M	21	guest

5864	2024-02-05 09:40	mx2.jpg.ps1 01c1a8f805b40266d71d22d666c81427 Generic Malware Antivirus VirusTotal Malware Check memory unpack itself WriteConsoleW Windows Cryptographic key				1.4	M	5	guest

5865	2024-02-05 09:39	loader.exe eb84bd84a313cf1d5fabb31294817a6d UPX PE File PE64 VirusTotal Malware				0.6	M	11	ZeroCERT