Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6226	2024-01-19 18:18	nika.exe 32f08c7702a91d3f6b24aecc143bf90c PE32 PE File .NET EXE PDB suspicious privilege Check memory Checks debugger unpack itself Disables Windows Security Windows Update					3.6			ZeroCERT

6227	2024-01-19 15:00	Adobe_acrobat_installer.exe e2cb17fc7f799e6c39fdbe4aa2c8c06e AgentTesla Generic Malware .NET framework(MSIL) Antivirus PWS KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Telegram PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger		4	6 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING Telegram API Domain in DNS Lookup ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)		14.2		32	guest

6228	2024-01-19 09:39	124eb3b6.exe c7a82687ac39dcf7ac94f0ec5f23802c Malicious Library UPX PE32 PE File OS Processor Check unpack itself					0.8	M		ZeroCERT

6229	2024-01-19 09:17	United Congress HD Quote.pdf 32f22f06e586a7aff7ee3c47e161bda1 PDF								guest

6230	2024-01-19 08:09	Setup.exe d0071e1888f6078a4c57a89265b54d88 Malicious Library PE32 PE File Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	3		6.2	M		ZeroCERT

6231	2024-01-19 08:07	conhost.exe db2097a73708c43f88d3fd6d7a017b13 Generic Malware .NET framework(MSIL) Antivirus PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer AutoRuns suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed		3	4		9.8	M		ZeroCERT

6232	2024-01-19 08:05	conhost.exe 9c477f0a3dc97e81cd2a76e339b38c7c AgentTesla UPX PWS SMTP KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed keylogger		2	4		11.0	M		ZeroCERT

6233	2024-01-19 08:04	room.exe b716baea0866421f013912e77e5db815 EnigmaProtector Malicious Library UPX Malicious Packer Code injection Socket ScreenShot Steal credential DNS AntiDebug AntiVM PE32 PE File .NET EXE MSOffice File OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Update Exploit Browser RisePro Email ComputerName DNS Software crashed Downloader	13 Keyword trend analysis Info http://185.215.113.68/mine/amer.exe - rule_id: 39024 http://109.107.182.3/cost/go.exe - rule_id: 39025 http://109.107.182.3/cost/nika.exe http://109.107.182.3/cost/vimu.exe https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp0MrYoqgbP9QAW3euB1trnjW3nzVsSX4zXyxia8fKwg7xPv0o6RkXvohF4lTm5X6bsfBNbeyg&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-939002500%3A1705618756630130 https://db-ip.com/demo/home.php?s=175.208.134.152 https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ASKXGp1e75G1gW0DiCO0dOvUf1sNyw_eYkTsegr2M0TGYOboAyXMt2zZ3wpHZodY7fybxG3b4LbZ2w https://accounts.google.com/ https://accounts.google.com/_/bscframe https://accounts.google.com/generate_204?biSL3A https://www.google.com/favicon.ico https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png	14 Info ipinfo.io(34.117.186.192) ssl.gstatic.com(142.250.76.131) db-ip.com(104.26.5.15) accounts.google.com(64.233.187.84) www.google.com(142.250.76.132) 193.233.132.62 - mailcious 104.26.4.15 185.215.113.68 - malware 142.251.222.3 34.117.186.192 142.250.199.100 142.251.8.84 154.92.15.189 - mailcious 109.107.182.3 - mailcious	12 Info ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP (Token) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Suspected RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET DROP Spamhaus DROP Listed Traffic Inbound group 21 ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	2	23.8	M		ZeroCERT

6234	2024-01-19 08:01	Zumyefllhkv.exe b3c9e1e36ec66ac0c73f24f81f231526 Hide_EXE PE File PE64 suspicious privilege MachineGuid Code Injection Check memory Checks debugger unpack itself Windows Cryptographic key					4.2			ZeroCERT

6235	2024-01-19 07:59	rty45.exe bfa0a2b457d28d8805a0658b7498c639 Malicious Library UPX PE File PE64 VirusTotal Malware PDB MachineGuid unpack itself Check virtual network interfaces Tofsee Remote Code Execution	2 Keyword trend analysis	3	1		3.4	M	30	ZeroCERT

6236	2024-01-18 18:59	clip64.dll 19f0bed8cb532428c6c015b07e1f5522 Amadey Malicious Library UPX PE32 PE File DLL OS Processor Check VirusTotal Malware Malicious Traffic Checks debugger unpack itself DNS	1 Keyword trend analysis	1			3.6	M	46	ZeroCERT

6237	2024-01-18 18:56	microbiolagicalthingshappenein... adf6b4115caf260b8f57c1fd9bb618ec MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	9 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		5.0	M	34	ZeroCERT

6238	2024-01-18 18:54	microbiolagicalthingshappenein... 6a0bc469af442ab4df602ad5af219b02 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself IP Check Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	9 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		5.0	M	35	ZeroCERT

6239	2024-01-18 18:54	amer.exe 0a170e4d6254a773ffddeebf23e33e63 EnigmaProtector PE32 PE File VirusTotal Malware unpack itself crashed					2.4	M	42	ZeroCERT

6240	2024-01-18 18:52	JAN-17-2024-765FYDX.url 0a5062edfd1d56c273a2fa19c695a6a8 AntiDebug AntiVM URL Format MSOffice File VirusTotal Malware Code Injection Malicious Traffic RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	3 Keyword trend analysis	1	2		4.6		5	ZeroCERT