Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6181	2024-01-23 14:17	first.exe 8063f5bf899b386530ad3399f0c5f2a1 Generic Malware Malicious Library Antivirus UPX PE32 PE File .NET EXE OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself Windows ComputerName DNS Cryptographic key		1			4.6	M	43	ZeroCERT

6182	2024-01-23 14:15	PrivateCheat.exe 92d5541274a80650bf7fc9d40f2be865 Generic Malware Downloader Malicious Library UPX MPRESS Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE32 PE File OS Processor C VirusTotal Malware PDB Code Injection Creates executable files AppData folder suspicious TLD Tofsee ComputerName Remote Code Execution crashed		2	1		5.4	M	28	ZeroCERT

6183	2024-01-23 14:14	build.exe 225f0256ef50aab5c935499df55437ce Gen1 Generic Malware Malicious Library Malicious Packer UPX Antivirus Anti_VM PE File PE64 DLL OS Processor Check ftp wget VirusTotal Malware Check memory Creates executable files unpack itself					3.0	M	33	ZeroCERT

6184	2024-01-23 14:12	microsoftunderstandthepowerofn... 82997e653dabd2e665f2a25b35a02760 MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed	3 Keyword trend analysis Info http://www.randomgirlsai.com/de74/?hBZ=G3IsVFJ99ljdomQWxTpaweF7KMD/ZXy9GEvEnxjwlPNv7uTT17eHu9Yxk+2tzL5QkeJSM4MJ&or=3f5pdRAXd http://www.apkreal.net/de74/?hBZ=rjGIOJeuXQuFujpnQMEV1DsPSxOh46YUdJAF0YMvBCHG7R8Pr9i6MH6o+C2iQUj6ISartky+&or=3f5pdRAXd http://107.175.243.133/3804/conhost.exe	7	6 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE FormBook CnC Checkin (GET)		4.6	M	31	ZeroCERT

6185	2024-01-23 14:10	microsoftdesignednewthechnolog... c3edf3c7fa0702cfc2fdc855d1b30472 MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Windows Exploit DNS crashed	3 Keyword trend analysis Info http://www.mgplatinemlak.xyz/he09/?q48=H2yL0jOsTn68oh3cPez/xoWoV7OCTr05wR+Pmrsx9qPM06ZXiwJZoZaQ/uWx+S8/yDrIFJJZ&rTFDr=GB1hul2hXlAhMt http://www.8xb898.com/he09/?q48=nj631wJ8eKStkbAdSpbY0CVUfsZuCG4z4On3ILPNHxmyp7IfnS/A3N5Ab0AuSDDV/YcUavHV&rTFDr=GB1hul2hXlAhMt http://192.3.176.145/2355/conhost.exe	7	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE FormBook CnC Checkin (GET) ET HUNTING Request to .XYZ Domain with Minimal Headers		4.6	M	31	ZeroCERT

6186	2024-01-23 14:10	mm.txt.exe 471b2fe37c91bb020e7907897587099e Malicious Library PE32 PE File VirusTotal Malware Check memory RWX flags setting AntiVM_Disk sandbox evasion VM Disk Size Check Browser DNS		1			4.2	M	60	ZeroCERT

6187	2024-01-23 14:10	rem1.exe 8f70e913513b30a144165829ba3261bb Client SW User Data Stealer Backdoor RemcosRAT Browser Login Data Stealer browser info stealer Generic Malware Suspicious_Script_Bin Google Chrome User Data Downloader Malicious Library Malicious Packer UPX Create Service Socket ScreenShot Escalate privil Browser Info Stealer Remcos VirusTotal Malware AutoRuns Code Injection Malicious Traffic Check memory buffers extracted unpack itself suspicious process human activity check Windows Browser DNS keylogger	1 Keyword trend analysis	3	1		11.0		61	ZeroCERT

6188	2024-01-23 08:04	face.exe b367a4da8177d0be7638599aad1caa9b Amadey Generic Malware NSIS Malicious Packer Malicious Library UPX Antivirus Admin Tool (Sysinternals etc ...) Anti_VM AntiDebug AntiVM PE32 PE File PNG Format OS Processor Check DLL .NET EXE ZIP Format MZP Format JPEG Format BMP Format CHM Format Browser Info Stealer Malware download Amadey FTP Client Info Stealer Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security Collect installed applications Check virtual network interfaces suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Update Exploit Browser RisePro Email ComputerName DNS Software crashed Downloader	19 Keyword trend analysis Info http://185.215.113.68/theme/Plugins/clip64.dll - rule_id: 38951 http://109.107.182.3/cost/vimu.exe - rule_id: 39038 http://185.215.113.68/theme/Plugins/cred64.dll - rule_id: 38948 http://109.107.182.3/cost/nika.exe - rule_id: 39037 http://apps.identrust.com/roots/dstrootcax3.p7c http://185.172.128.90/cpa/ping.php?substr=seven&s=ab - rule_id: 38981 http://109.107.182.3/cost/go.exe - rule_id: 39025 http://185.215.113.68/mine/amer.exe - rule_id: 39024 http://185.215.113.68/theme/index.php - rule_id: 38935 https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp19ppAsRv2o6lyozUloXtl2vtHTQ_Z5hQtp6-dWz_Yb_d5Sog8ygYecStquNLy1xgWdXfMz&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-955853393%3A1705964159222861 https://www.google.com/favicon.ico https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png https://db-ip.com/demo/home.php?s=175.208.134.152 https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://accounts.google.com/generate_204?dNjB8g https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ASKXGp0prvDtaojbUs_fFiN9b9CD7hkEJ1nHDhTfd9vIUqM3YxyI4uMpGixUZhaFGRKzHsJvSPCU https://i.alie3ksgaa.com/sta/imagd.jpg	23 Info db-ip.com(104.26.4.15) www.google.com(142.250.76.132) ssl.gstatic.com(142.250.207.99) www.fleefight.it(94.177.48.37) - malware ipinfo.io(34.117.186.192) i.alie3ksgaa.com(154.92.15.189) - mailcious accounts.google.com(64.233.188.84) 193.233.132.62 - mailcious 216.58.200.227 94.177.48.37 - malware 87.251.77.166 - mailcious 104.26.4.15 173.194.174.84 185.215.113.68 - malware 185.172.128.19 - mailcious 185.172.128.90 - mailcious 34.117.186.192 142.251.220.68 61.111.58.35 - malware 185.172.128.53 - malware 154.92.15.189 - mailcious 185.172.128.109 - malware 109.107.182.3 - mailcious	19 Info ET MALWARE [ANY.RUN] RisePro TCP (Token) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET MALWARE Suspected RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET DROP Spamhaus DROP Listed Traffic Inbound group 21 ET INFO Packed Executable Download ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Dotted Quad Host DLL Request ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET MALWARE Amadey Bot Activity (POST) ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))	8 Info http://185.215.113.68/theme/Plugins/clip64.dll http://109.107.182.3/cost/vimu.exe http://185.215.113.68/theme/Plugins/cred64.dll http://109.107.182.3/cost/nika.exe http://185.172.128.90/cpa/ping.php http://109.107.182.3/cost/go.exe http://185.215.113.68/mine/amer.exe http://185.215.113.68/theme/index.php	25.8	M		ZeroCERT

6189	2024-01-23 08:00	7ec9f8f6-24a9-402a-86a4-d42c74... c49490eda6028f4169eba29b9e3ad3bc Malicious Library PE32 PE File .NET EXE MachineGuid Check memory Checks debugger unpack itself					1.6			ZeroCERT

6190	2024-01-23 07:59	Launcher.exe 6dbf943c1313d219a7356cf45babe562 Malicious Packer Downloader UPX PE File PE64 ftp OS Processor Check PDB					0.6	M		ZeroCERT

6191	2024-01-23 07:56	conhost.exe e882b8df405f9651962b3e983ed78274 .NET framework(MSIL) PE32 PE File .NET EXE PDB Check memory Checks debugger unpack itself					1.4	M		ZeroCERT

6192	2024-01-23 07:54	conhost.exe 6ec1aed2634c28a25d17be93a71150a2 Formbook .NET framework(MSIL) AntiDebug AntiVM PE32 PE File .NET EXE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself					6.6			ZeroCERT

6193	2024-01-23 07:52	5777786423.exe ebd6f7a6cb7aa2c1f16389618828dd18 Malicious Library PE32 PE File VirusTotal Malware unpack itself DNS		1			2.0		27	ZeroCERT

6194	2024-01-22 15:02	Windows.exe 9af0b7ca55fe8970d0259163c88b92ae Malicious Packer .NET framework(MSIL) UPX PE32 PE File .NET EXE VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Check virtual network interfaces Windows ComputerName Cryptographic key					3.0	M	41	ZeroCERT

6195	2024-01-22 15:00	AquaPhobia.exe 0662fbb81cfbbb132abf4a5976e4ec2c Gen1 RedLine stealer NSIS Generic Malware Suspicious_Script Downloader Malicious Library UPX Antivirus Malicious Packer Javascript_Blob Anti_VM PE32 PE File DLL PE64 OS Processor Check ftp wget MSOffice File VirusTotal Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself AppData folder Ransomware					3.2	M	3	ZeroCERT