Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6211	2024-01-22 12:26	Oscrcelw.exe 302ac1d64dabebfeb1ecb1ddbd1f46b0 PE File PE64 VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	22	ZeroCERT

6212	2024-01-20 18:19	zonak.exe d1d8db81157f989532108d62c64cbc33 Amadey Malicious Packer UPX Malicious Library Anti_VM AntiDebug AntiVM PE32 PE File .NET EXE MSOffice File OS Processor Check DLL ZIP Format Browser Info Stealer Malware download Amadey FTP Client Info Stealer Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check Tofsee Ransomware Windows Update Exploit Browser RisePro Email ComputerName DNS Software crashed Downloader	21 Keyword trend analysis Info http://185.215.113.68/theme/Plugins/clip64.dll - rule_id: 38951 http://109.107.182.3/cost/vimu.exe - rule_id: 39038 http://185.215.113.68/theme/Plugins/cred64.dll - rule_id: 38948 http://109.107.182.3/cost/nika.exe - rule_id: 39037 http://185.215.113.68/mine/livak.exe http://www.maxmind.com/geoip/v2.1/city/me http://109.107.182.3/cost/go.exe - rule_id: 39025 http://185.215.113.68/mine/amer.exe - rule_id: 39024 http://185.215.113.68/theme/index.php - rule_id: 38935 https://www.google.com/favicon.ico https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png https://db-ip.com/demo/home.php?s=175.208.134.152 https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp0MB1Kt9JRng3yyk_pct8ZP3zuC3fBqZFRXuexVmEhTR_dTxy42kBpfUijZBBTyoL_snfrEWg&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S487216895%3A1705742046920610 https://accounts.google.com/generate_204?vBMMBg https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ASKXGp3-cnxAB265cMjA870JRwXCWmEackG0gZBWgg8enHGTomo63RZ5p2GNDc8fgTCQ6vFgzSFjkw https://lizotel.pt/temp/322321.exe https://lizotel.pt/temp/crypted.exe https://lizotel.pt/temp/legnew.exe	17 Info db-ip.com(172.67.75.166) lizotel.pt(185.240.248.84) www.google.com(142.250.76.132) ssl.gstatic.com(142.250.76.131) ipinfo.io(34.117.186.192) accounts.google.com(64.233.188.84) www.maxmind.com(104.18.145.235) 108.177.125.84 142.250.207.67 104.18.146.235 104.26.4.15 185.215.113.68 - malware 172.217.25.4 - suspicious 34.117.186.192 185.240.248.84 193.233.132.62 - mailcious 109.107.182.3 - mailcious	18 Info ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE Suspected RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET DROP Spamhaus DROP Listed Traffic Inbound group 21 ET INFO Packed Executable Download ET INFO TLS Handshake Failure ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Dotted Quad Host DLL Request ET MALWARE Amadey Bot Activity (POST)	7	19.6	M		ZeroCERT

6213	2024-01-20 18:17	sl2_29.exe bbe98cc2bf5ce0c0bb4fb74370e2af68 PE File PE64 VirusTotal Malware DNS crashed		2	1		2.0	M	30	ZeroCERT

6214	2024-01-20 18:13	univ.exe a0a061a95699987d3bdb7d212c8cbdd6 Malicious Library PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution					2.0	M	23	ZeroCERT

6215	2024-01-20 18:11	inte.exe 68c58efa330393b980149c75b9f2b388 Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware suspicious privilege Malicious Traffic WMI Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS	1 Keyword trend analysis	1		1	5.4	M	48	ZeroCERT

6216	2024-01-20 18:11	sl2_29.exe bbe98cc2bf5ce0c0bb4fb74370e2af68 PE File PE64 VirusTotal Malware crashed					1.4	M	30	ZeroCERT

6217	2024-01-20 18:11	build.exe 71a607a13b3a32bb32e8ec2ea9b43fd9 Gen1 Generic Malware Malicious Library ASPack Malicious Packer UPX Antivirus Anti_VM PE File PE64 DLL OS Processor Check ftp wget VirusTotal Malware Check memory Creates executable files unpack itself					3.0	M	31	ZeroCERT

6218	2024-01-20 18:10	univ.exe 39d19848d11f105b8271760bcabfd79f Emotet Generic Malware Malicious Library UPX PE32 PE File OS Processor Check CAB Creates executable files AppData folder Windows	1 Keyword trend analysis	2	2		1.6	M		ZeroCERT

6219	2024-01-20 18:07	SetupPowerGREPDemo.exe a29a203a471bcfaf00f00386bc60aee6 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 wget DllRegisterServer dll OS Processor Check VirusTotal Malware crashed					1.2	M	17	ZeroCERT

6220	2024-01-20 18:06	bin.exe cb200521eb0a2795343b74dc489bceb6 Malicious Library PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution					2.4	M	52	ZeroCERT

6221	2024-01-20 18:05	sma.exe 2c8d9825ebb93a1fb86a3adeacdf0627 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 DllRegisterServer dll OS Processor Check VirusTotal Malware crashed					1.0		20	ZeroCERT

6222	2024-01-20 18:04	Sjupttbqke.exe afabc3587df98b14b379e68b532c40d2 Hide_EXE PE File PE64 VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	27	ZeroCERT

6223	2024-01-20 18:03	conhost.exe 591dac333aff7739bf01a4c9d3e838a5 Formbook .NET framework(MSIL) AntiDebug AntiVM PE32 PE File .NET EXE FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself suspicious TLD DNS	3 Keyword trend analysis Info http://www.jpedwardscoaching.com/he09/?GFNL6=J0rZNCGgqBuOcPi6jo5klUavYHikY0sXv/Xz2k6X4AbHrcSx6bhwqQyERI1ftla2AmT/C8vw&mlvx=fZU8pNxPWXppdj http://www.nahanttowing.top/he09/?GFNL6=tTem8GlEomBe/gQIXYajZ4LmI38bmbiSHuSIbs3stVgT3O0rYBhk8L/2KHhJryPrlQiCHLKY&mlvx=fZU8pNxPWXppdj http://www.360bedroom.com/he09/?GFNL6=ivXZRRAkpCxCXaiKqhV0zhZAF3LEhZuFftcbp4Y9/P+ipI+dv9O/d2RZN4bxL5M4jaU3FwSE&mlvx=fZU8pNxPWXppdj	7	4		9.0	M	41	ZeroCERT

6224	2024-01-20 18:02	Ylcqwdizkq.exe 3e48ec4a687a12d4da0fbcde8fe923da Hide_EXE UPX PE File PE64 VirusTotal Malware Check memory Checks debugger unpack itself					2.4	M	50	ZeroCERT

6225	2024-01-19 18:19	vimu.exe 520050ab79ad5b13e6de5d3d7941d4d2 Malicious Packer UPX Anti_VM PE32 PE File Malware download Malware AutoRuns MachineGuid buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW IP Check Tofsee Windows RisePro ComputerName DNS crashed	1 Keyword trend analysis	5	5		7.0			ZeroCERT