Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6376	2024-08-20 09:44	File1.exe 93d6175fe1726d7f201a13e359e3c3f8 Generic Malware Malicious Library Malicious Packer Antivirus UPX Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File PE64 OS Processor Check PowerShell PE32 Browser Info Stealer Malware download VirusTotal Malware powershell AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs suspicious TLD WriteConsoleW anti-virtualization installed browsers check Tofsee CryptBot Windows Discord Browser ComputerName RCE DNS Cryptographic key crashed	7 Keyword trend analysis Info http://58yongzhe.com/parts/setup1.exe - rule_id: 42034 http://tvezx20pn.top/v1/upload.php http://89.105.201.137/Files/Channel1.exe http://194.58.114.223/d/385104 - rule_id: 41929 https://pastebin.com/raw/E0rY26ni - rule_id: 37702 https://yip.su/RNWPd.exe - rule_id: 37623 https://cdn.discordapp.com/attachments/1274634716451967060/1275223801675907102/setup.exe?ex=66c51c36&is=66c3cab6&hm=a7afd60459653ce3668249ab779142f9304b37948e72ed701047f1fdaf8ce0ff&	12 Info 58yongzhe.com(62.133.62.93) - malware tvezx20pn.top(77.232.42.234) pastebin.com(104.20.3.235) - mailcious yip.su(172.67.169.89) - mailcious cdn.discordapp.com(162.159.130.233) - malware 162.159.133.233 - malware 77.232.42.234 104.21.79.77 - phishing 89.105.201.137 - mailcious 62.133.62.93 194.58.114.223 - mailcious 172.67.19.24 - mailcious	13 Info ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET HUNTING Redirect to Discord Attachment Download SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET INFO Observed Discord Domain (discordapp .com in TLS SNI) ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET DNS Query to a .top domain - Likely Hostile ET INFO HTTP Request to a .top domain ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	4	22.4	M	19	ZeroCERT

6377	2024-08-20 09:43	66bfee9fd7d9a_lumma.exe 9a9953dc06ef76dfb7ef3a308340f77b Antivirus PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName					2.6	M	38	ZeroCERT

6378	2024-08-20 09:41	66c371f08cdcf_unins000.exe#gri... b698dfc0ab0130a4ba4c82ae0e972d9b Generic Malware Malicious Library UPX PE File PE32 MZP Format OS Processor Check VirusTotal Malware unpack itself					1.4		5	ZeroCERT

6379	2024-08-20 09:40	66c1f0aa0deee_crypted.exe#1 52245c8ae7ec10fb61eeeb2b329e9a34 PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName					2.8	M	56	ZeroCERT

6380	2024-08-20 09:39	StyleControls%20VCL.exe d4fca59c99d8d70aca5744d147e37c03 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 DllRegisterServer dll OS Processor Check VirusTotal Malware crashed					1.2		17	ZeroCERT

6381	2024-08-20 09:39	csrss.exe bf038a5d89d10a8c54f9173ae6f1218d Generic Malware Suspicious_Script_Bin Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware AutoRuns Checks debugger Creates executable files unpack itself AppData folder Windows					4.4		32	ZeroCERT

6382	2024-08-20 09:39	66c313b18a645_xin.exe#xin 87842c44385a9c22e2d47b4fe85566dc Malicious Library UPX PE File .NET EXE PE32 VirusTotal Malware PDB RCE					2.0	M	31	ZeroCERT

6383	2024-08-20 09:32	POS_C110.exe 86de5cffa568d6a2392d576fc6535b3b Malicious Library UPX PE File DllRegisterServer dll PE32 MZP Format VirusTotal Malware unpack itself crashed					2.0		10	ZeroCERT

6384	2024-08-20 09:30	POS_C028.exe 8b2ae18d721ae95719598ca0369e94af Malicious Library UPX PE File DllRegisterServer dll PE32 MZP Format VirusTotal Malware unpack itself crashed					1.8		8	ZeroCERT

6385	2024-08-20 09:28	POS_C020.exe 404d481d35148c5a12e60cba83d6d034 Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File DllRegisterServer dll PE32 MZP Format VirusTotal Malware Check memory unpack itself					1.8		8	ZeroCERT

6386	2024-08-19 15:51	66bdbedbc9eb9_ipfr.exe a14e062d5ddb947dd490cd3956c7de8a Generic Malware Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself					6.8	M	48	ZeroCERT

6387	2024-08-19 15:50	66c1d07f53497_doz.exe#mene 24d5b262745b653d468c1dfdbaa2c754 Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Malicious Library ASPack UPX Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check FTP Client Info Stealer VirusTotal Malware Telegram PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	2 Keyword trend analysis	5	3	1	16.0	M	16	ZeroCERT

6388	2024-08-19 15:47	66bdd24d2ac1b_uninstaller.exe fdf999d19df6b5c6a03bdbe1990347b3 Generic Malware Malicious Library UPX PE File ftp PE32 OS Processor Check VirusTotal Malware RCE					0.8	M	19	ZeroCERT

6389	2024-08-19 15:45	POS_C091.exe 4542643b447f61d5b323ccb555eec06c Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File DllRegisterServer dll PE32 MZP Format VirusTotal Malware unpack itself crashed					1.8	M	9	ZeroCERT

6390	2024-08-19 15:44	66c1c5838f95f_file1808.exe#fil... 006edf0ac466164ddc9e0ac56474fe0a Suspicious_Script_Bin Malicious Library Socket DGA Http API ScreenShot PWS DNS Internet API AntiDebug AntiVM PE File PE32 Malware download VirusTotal Malware Microsoft AutoRuns Code Injection Checks debugger buffers extracted unpack itself malicious URLs Tofsee Windows ComputerName DNS	2 Keyword trend analysis	4	6 Info ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET MALWARE Win32/Filecoder.STOP Variant Public Key Download	1	9.8	M	26	ZeroCERT