Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6061	2024-01-28 10:08	dsdasda.exe 5e88980bb982663f2d687fd72bacd880 RedLine Infostealer UltraVNC Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows Cryptographic key crashed					2.8	M	31	ZeroCERT

6062	2024-01-28 10:06	ExifWork.exe b6c715763e1eef89c0600361384e1d45 RedLine Infostealer UltraVNC Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows Cryptographic key crashed					2.6	M	29	ZeroCERT

6063	2024-01-28 10:06	niks.exe da61486db14f62d0b7d37846e508e6f1 PE32 PE File .NET EXE VirusTotal Malware PDB suspicious privilege Check memory Checks debugger unpack itself Disables Windows Security Windows Update					4.6	M	32	ZeroCERT

6064	2024-01-28 10:06	tuc5.exe f8c952577f0c090e0719e9167624aa37 Emotet Gen1 Malicious Library UPX Confuser .NET Malicious Packer VMProtect PE32 PE File MZP Format DLL PE64 OS Processor Check DllRegisterServer dll VirusTotal Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName crashed					5.2	M	17	ZeroCERT

6065	2024-01-28 10:05	360TS_Setup_Mini_WW.Ginmobi.CP... 3016285c9eb979ba1703d25012457567 HermeticWiper PhysicalDrive Generic Malware Malicious Library Malicious Packer Downloader UPX Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges PWS Internet API AntiDebug AntiVM PE32 PE File CAB OS Processor Check DLL DllRegiste VirusTotal Malware PDB Check memory Creates executable files ICMP traffic unpack itself AppData folder malicious URLs AntiVM_Disk China anti-virtualization VM Disk Size Check Tofsee Windows Remote Code Execution DNS keylogger	8 Keyword trend analysis Info http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fa7bb520099706f4d9615c3663eacc55&mod=360Installer.exe&ph=5AB68050645C22B305C3DDFD067536BA&p2p=1&t_id=360TS_Setup.exe&tads=16865916&tdl=101195496&tds=17031830&terr=0&tes=Status\|1,ErrorCode\|0,DnCount\|23,HttpNum\|18,DnFailCount\|22,FStatus\|1,P2SS\|101195496,P2PS\|0,PDMode\|3&tfl=101195496&tp=t&tst=1&ttdl=101195496&ttm=6063&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=WW.Ginmobi.CPI202401&os=6.1&mid=fa7bb520099706f4d9615c3663eacc55&state=9 http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1073.exe http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fa7bb520099706f4d9615c3663eacc55&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=655&tdl=655&tds=655&terr=0&tes=Status\|1,ErrorCode\|0,DnCount\|6,HttpNum\|1,DnFailCount\|6,FStatus\|1,P2SS\|655,P2PS\|0,PDMode\|2&tfl=655&tp=t&tst=1&ttdl=655&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=WW.Ginmobi.CPI202401&os=6.1&mid=fa7bb520099706f4d9615c3663eacc55&state=153 http://sd.p.360safe.com/6F79A56EEE9CC4E090829186AED7661C24328656.trt https://orion.ts.360.com/installapp?c=&ch=WW.Ginmobi.CPI202401&sch=0&ver=11.0.0.1073&lan=en&os=6.1-x64&mid=fa7bb520099706f4d9615c3663eacc55&time=1706411816&checksum=6FC809A9E95941BB8F2BC53F	22 Info sd.p.360safe.com(54.230.169.15) tr.p.360safe.com(54.76.174.118) int.down.360safe.com(99.86.207.61) orion.ts.360.com(82.145.215.156) iup.360safe.com(54.230.61.39) st.p.360safe.com(54.77.42.29) s.360safe.com(54.255.136.181) 54.230.61.65 54.255.136.181 99.86.207.15 54.254.196.234 99.86.207.68 54.230.169.15 54.77.42.29 82.145.215.152 54.76.174.118 54.230.61.95 54.230.61.39 54.230.61.34 99.86.207.16 99.86.207.61 125.253.92.50	5 Info ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false) ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true change port flag false) ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag true) ET POLICY PE EXE or DLL Windows file download HTTP SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		8.6		3	ZeroCERT

6066	2024-01-28 10:04	Flyuaken.exe e4b306658c26422c3734e38fe35f3901 Hide_EXE .NET framework(MSIL) PE32 PE File .NET EXE Check memory Checks debugger unpack itself ComputerName					1.4	M		ZeroCERT

6067	2024-01-28 10:03	z73.exe 9539ab89d01b301836b1d22e71dd55ed Generic Malware Malicious Packer .NET framework(MSIL) UPX Malicious Library PE32 PE File .NET EXE OS Processor Check PE64 VirusTotal Cryptocurrency Miner Malware Cryptocurrency PDB suspicious privilege Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder WriteConsoleW DNS		13	2		6.4	M	44	ZeroCERT

6068	2024-01-28 10:02	neweraroc.exe 796f63c42ca69a07ce61a45fcbed1c8d Generic Malware NSIS Malicious Library UPX Antivirus Admin Tool (Sysinternals etc ...) Malicious Packer Anti_VM PE32 PE File .NET EXE PNG Format OS Processor Check PE64 ZIP Format MZP Format JPEG Format BMP Format ftp CHM Format DLL icon CAB MSOffice Fi VirusTotal Cryptocurrency Miner Malware AutoRuns Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Ransomware Windows ComputerName DNS CoinMiner	2 Keyword trend analysis	7	7 Info ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla)) ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	2	11.6	M	51	ZeroCERT

6069	2024-01-28 10:01	ORDEN_EMBARGO.js 7874b7e03b57bb11f63f6a0904f51296 Generic Malware Antivirus ActiveXObject VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	2 Keyword trend analysis	2	1		7.0		9	ZeroCERT

6070	2024-01-28 10:00	redline1234.exe 5dec9f02f7067194f9928e37ed05c8f6 PE File PE64 VirusTotal Cryptocurrency Miner Malware Cryptocurrency DNS CoinMiner		3	2		1.8	M	36	ZeroCERT

6071	2024-01-28 10:00	ko.exe f7942f50665070dee333d0df2bebc4c6 Generic Malware Malicious Library UPX Code injection AntiDebug AntiVM PE32 PE File OS Processor Check MSOffice File Browser Info Stealer VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities malicious URLs installed browsers check Tofsee Ransomware Windows Exploit Browser DNS crashed	8 Keyword trend analysis Info https://www.google.com/favicon.ico https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ASKXGp2nVIT-_JIwIi3-MDUsz3bxxTyczYU2E_0mxE6Z7OGpr1sV2Sb-w7rPHn7z745xx-jF96pazw https://accounts.google.com/generate_204?gYg_LA https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp3cH1IHBBxj7z9KBB591Z5_GSdD_Lq-mVf0ijv_RhuU12_w1wh_c3NPmMNlOMTEqt9p65VQ1A&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-587006607%3A1706403341784438 https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png	6	1		10.4		16	ZeroCERT

6072	2024-01-28 09:58	build6_unencrypted.exe 3b5926b1dca859fa1a51a103ab0fd068 Generic Malware Malicious Library Antivirus UPX PE32 PE File .NET EXE OS Processor Check VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process AntiVM_Disk VM Disk Size Check Windows ComputerName DNS Cryptographic key		1			6.8	M	39	ZeroCERT

6073	2024-01-27 16:20	rdxx1.exe 810da00c69d55e89dca3bfe9a6f6a420 RedLine Infostealer UltraVNC Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows Cryptographic key crashed					2.8	M	34	ZeroCERT

6074	2024-01-27 16:19	12026.exe daa0de1a869a8aec7fffbf84305d28ef Generic Malware Malicious Library UPX Malicious Packer PE32 PE File OS Processor Check DLL Lnk Format GIF Format VirusTotal Malware Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself AppData folder ComputerName Firmware					4.2	M	20	ZeroCERT

6075	2024-01-27 16:16	updater.exe 443cbfda3ae06a42d3d0aaf221321db1 Gen1 RedLine stealer NSIS Downloader Generic Malware Malicious Library UPX Malicious Packer Javascript_Blob Anti_VM PE32 PE File ftp DLL OS Processor Check PE64 MSOffice File VirusTotal Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself AppData folder Ransomware					3.2	M	4	ZeroCERT