Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6046	2024-01-30 07:57	conhost.exe 63b53532b4267aacb2fab99033d2ea60 .NET framework(MSIL) PE File PE64 .NET EXE Check memory Checks debugger unpack itself					1.2			ZeroCERT

6047	2024-01-30 07:54	ToDelegation.exe 0088c0508f8aa299bea991f6dd9cc946 Gen1 Generic Malware Suspicious_Script_Bin Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P Malware Telegram Buffer PE suspicious privilege MachineGuid Code Injection Malicious Traffic Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check Tofsee Windows ComputerName DNS crashed	2 Keyword trend analysis	6	3		10.8	M		ZeroCERT

6048	2024-01-30 07:53	1233213123213.exe b69036a695b48549380a64c8df3a00f1 Malicious Library UPX PE File PE64 OS Processor Check Check memory					0.8	M		ZeroCERT

6049	2024-01-29 15:31	am.exe 3eedb7ab4ab81081e6fe25b117d4698c Emotet Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware AutoRuns PDB unpack itself Windows Remote Code Execution					2.2		6	ZeroCERT

6050	2024-01-29 08:11	aoiido.exe 34e24e68ad58de1a5cbb7ddd21c8f993 RedLine Infostealer UltraVNC Malicious Library UPX PE32 PE File OS Processor Check PDB Check memory Checks debugger unpack itself Windows Cryptographic key crashed					1.8	M		ZeroCERT

6051	2024-01-29 08:09	lada.exe 68536fff9f64f007745e2fc88467856e Anti_VM PE32 PE File Malware download Malware AutoRuns MachineGuid Checks debugger unpack itself Windows utilities Checks Bios Detects VirtualBox Detects VMWare suspicious process WriteConsoleW VMware anti-virtualization IP Check Tofsee Windows RisePro ComputerName DNS crashed	2 Keyword trend analysis	7	4		9.8	M		ZeroCERT

6052	2024-01-29 08:06	PrivateCheatFortnite.exe bf0106f2a7756ab75de4993ad4db40cd Malicious Library UPX PE32 PE File Check memory Checks debugger unpack itself DNS crashed		3			1.8	M		ZeroCERT

6053	2024-01-29 08:06	kololl.exe 656e40709f4a60b1bc6b831334253919 Gen1 Browser Login Data Stealer Generic Malware Malicious Library Malicious Packer UPX Antivirus Anti_VM PE File PE64 DLL OS Processor Check ftp wget Check memory Creates executable files					1.6	M		ZeroCERT

6054	2024-01-29 08:05	latestroc.exe 0fb0767520be820c0c3f415fb1bad41d Malicious Library UPX PE32 PE File .NET EXE PE64 Cryptocurrency Miner MachineGuid Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder Tofsee DNS CoinMiner	1 Keyword trend analysis	8	3		3.4	M		ZeroCERT

6055	2024-01-29 08:04	donat.exe caa5e1a8cdd188b8a32628fa809e3e7b RedLine Infostealer RedlineStealer RedLine stealer Amadey UltraVNC Generic Malware Malicious Packer UPX Malicious Library .NET framework(MSIL) Code injection Http API PWS Anti_VM AntiDebug AntiVM PE32 PE File PE64 OS Processor Check .NET EXE DLL ZI Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Email Client Info Stealer Cryptocurrency Miner Malware Cryptocurrency wallets Cryptocurrency Microsoft AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Detects VirtualBox Detects VMWare Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Stealer Windows Update Exploit Browser RisePro Email ComputerName Trojan Banking DNS Cryptographic key Software crashed keylogger Downloader CoinMiner	21 Keyword trend analysis Info http://185.215.113.68/mine/plata.exe http://109.107.182.3/lego/alex.exe - rule_id: 39110 http://109.107.182.3/lego/moto.exe - rule_id: 39111 http://109.107.182.3/cost/lada.exe http://185.215.113.68/theme/Plugins/cred64.dll - rule_id: 38948 http://185.172.128.19/latestroc.exe http://109.107.182.3/lego/crypted.exe - rule_id: 39115 http://185.215.113.68/theme/Plugins/clip64.dll - rule_id: 38951 http://apps.identrust.com/roots/dstrootcax3.p7c http://www.maxmind.com/geoip/v2.1/city/me http://109.107.182.3/lego/2024.exe - rule_id: 39120 http://185.215.113.68/theme/index.php - rule_id: 38935 https://www.google.com/favicon.ico https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp08ITWJUqsMpaLXtZ8Vao9NOdjBb1CJ2-DcCQtg1CsZRAnDooYsQ14Pvh2aA0dVfq84q9AxJQ&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-1526455473%3A1706482517436359 https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ASKXGp3d6QSePlmuhZdxCmFqD2IdYY3VL1P6FRaevEj2T_ysbQDXlxlWx2OKmdmLhnOKRq_Qthy_mw https://db-ip.com/demo/home.php?s=175.208.134.152 https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png https://accounts.google.com/generate_204?SzOxuw	27 Info db-ip.com(104.26.4.15) pool.hashvault.pro(125.253.92.50) - mailcious www.google.com(142.250.76.132) ssl.gstatic.com(142.250.76.131) api.ipify.org(173.231.16.75) ipinfo.io(34.117.186.192) i.alie3ksgaa.com(154.92.15.189) - mailcious accounts.google.com(64.233.188.84) www.maxmind.com(104.18.145.235) 94.156.67.230 172.67.75.166 142.251.220.99 195.20.16.103 - mailcious 104.18.146.235 104.18.145.235 185.172.128.19 - mailcious 173.194.174.84 34.117.186.192 89.208.103.177 185.215.113.68 - malware 172.217.24.100 64.185.227.156 193.233.132.62 - mailcious 154.92.15.189 - mailcious 23.50.121.137 109.107.182.3 - mailcious 125.253.92.50	26 Info ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE Suspected RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET DROP Spamhaus DROP Listed Traffic Inbound group 21 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO Dotted Quad Host DLL Request ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI ET INFO TLS Handshake Failure ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) ET POLICY Cryptocurrency Miner Checkin ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Family Activity (Response) ET HUNTING Download Request Containing Suspicious Filename - Crypted	7	36.0	M		ZeroCERT

6056	2024-01-29 08:02	plata.exe 7c36240fbc9b608d4847cbaedf7f031a Malicious Packer UPX PE32 PE File Malware download Malware AutoRuns MachineGuid unpack itself Windows utilities suspicious process WriteConsoleW IP Check Tofsee Windows RisePro ComputerName DNS crashed	2 Keyword trend analysis	7	4		6.2			ZeroCERT

6057	2024-01-29 08:02	btcgood.exe 52457d397f4d5abc4d9de5dc74fd42c5 Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check Browser Info Stealer Malware download Email Client Info Stealer Malware Check memory buffers extracted Creates shortcut unpack itself Collect installed applications IP Check installed browsers check Tofsee Browser Email ComputerName Trojan Banking DNS		3	6 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt SURICATA Applayer Protocol detection skipped		9.8	M		ZeroCERT

6058	2024-01-29 08:00	vinu.exe b999d160106e9c1cc130e81cb65cb6c1 Malicious Packer Anti_VM PE32 PE File Malware download Malware AutoRuns MachineGuid unpack itself Windows utilities suspicious process WriteConsoleW IP Check Tofsee Windows RisePro ComputerName DNS crashed	2 Keyword trend analysis	12	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 21 ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE Suspected RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Activity)		5.6	M		ZeroCERT

6059	2024-01-29 07:59	conhost.exe d930d695d2832dcddfe4de6d917ddb25 Malicious Packer UPX PE32 PE File .NET EXE Malware PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger WMI unpack itself Check virtual network interfaces IP Check Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1		6.0			ZeroCERT

6060	2024-01-29 07:57	reo.exe 9a5ab5436636d809711978aad14df6cd Malicious Library UPX PE32 PE File OS Processor Check DNS		1			2.4	M		ZeroCERT