Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6421	2024-01-06 10:39	lodir.exe 5f8b84b8a2e43b3f3c20fad2c71bef4e SmokeLoader PE32 PE File VirusTotal Malware					2.2	M	58	ZeroCERT

6422	2024-01-06 10:37	HWID%20Evasion%20Resou%E2%80%A... 787b4125660d64a6865c5b5ffef6e192 PE32 PE File .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.2	M	45	ZeroCERT

6423	2024-01-06 10:35	bakhtiar.exe fabf8dca1b11532b560d638e85d67110 Admin Tool (Sysinternals etc ...) .NET framework(MSIL) Malicious Library UPX ScreenShot AntiDebug AntiVM PE32 PE File .NET EXE DLL OS Processor Check VirusTotal Malware Buffer PE PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder Windows Cryptographic key					9.0		46	ZeroCERT

6424	2024-01-06 10:35	flesh.exe fd8a4f2b56f11fff594f526267468645 RedLine stealer .NET framework(MSIL) UPX PE32 PE File .NET EXE OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft AutoRuns suspicious privilege Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	3		9.0	M	44	ZeroCERT

6425	2024-01-06 10:32	golden.exe 6563774617de1b4229cd69bdb823a4f2 RedLine stealer ScreenShot PWS AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Family Activity (Response)		12.6	M	30	ZeroCERT

6426	2024-01-06 10:32	test2.exe 037949445f001bdf36221ac7706d6c08 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware crashed					1.4		23	ZeroCERT

6427	2024-01-05 07:58	bongo.exe 98e589da2cf91986d1e703189919dec1 RedLine stealer Emotet Gen1 Amadey RedlineStealer NSIS Generic Malware Malicious Library UPX .NET framework(MSIL) Malicious Packer Admin Tool (Sysinternals etc ...) Antivirus ScreenShot PWS Anti_VM AntiDebug AntiVM PE32 PE File CAB .NET EXE OS Processor Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Microsoft Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security Collect installed applications Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW IP Check VM Disk Size Check installed browsers check Kelihos Tofsee Ransomware Stealer Windows Exploit Browser RisePro Email ComputerName Remote Code Execution DNS Cryptographic key Software crashed	29 Keyword trend analysis Info http://77.91.68.21/lend/YT.exe http://77.91.68.21/lend/MRK.exe http://77.91.68.21/lend/golden.exe http://77.91.68.21/lend/macheri.exe http://77.91.68.21/lend/flesh.exe http://77.91.68.21/lend/bakhtiar.exe http://185.215.113.68/theme/Plugins/cred64.dll http://77.91.68.21/mine/nocry.exe http://api.ipify.org/?format=ewf http://91.92.254.7/scripts/plus.php?ip=175.208.134.152&substr=seven&s=ab - rule_id: 38706 http://apps.identrust.com/roots/dstrootcax3.p7c http://5.42.66.0/newrock.exe http://185.215.113.68/theme/Plugins/clip64.dll http://77.91.68.21/lend/pixelguy.exe http://185.215.113.68/theme/index.php https://www.youtube.com/img/desktop/supported_browsers/firefox.png https://fonts.gstatic.com/s/youtubesans/v23/Qw3hZQNGEDjaO2m6tqIqX5E-AVS5_rSejo46_PCTRspJ0OosolrBEJL3HMXfxQASluL2m_dANVawBpSF.woff https://www.youtube.com/favicon.ico https://ipinfo.io/widget/demo/175.208.134.152 https://www.youtube.com/img/desktop/supported_browsers/edgium.png https://www.youtube.com/ https://www.youtube.com/img/desktop/supported_browsers/yt_logo_rgb_light.png https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxM.woff https://www.youtube.com/img/desktop/supported_browsers/dinosaur.png https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2F https://fonts.googleapis.com/css?family=YouTube+Sans:500 https://www.youtube.com/img/desktop/supported_browsers/chrome.png https://www.youtube.com/img/desktop/supported_browsers/opera.png https://fonts.googleapis.com/css?family=Roboto:400,500	23 Info www.youtube.com(172.217.175.14) - mailcious fonts.googleapis.com(172.217.25.170) api.ipify.org(173.231.16.77) ipinfo.io(34.117.186.192) iplogger.com(104.21.76.57) - mailcious fonts.gstatic.com(172.217.25.163) 20.79.30.95 173.231.16.77 195.20.16.103 185.215.113.68 193.233.132.62 104.21.76.57 5.42.66.0 - malware 216.58.220.138 - mailcious 5.42.65.31 216.58.203.78 77.91.68.21 - malware 23.32.56.80 185.172.128.53 - malware 91.92.254.7 - mailcious 172.217.24.227 121.254.136.9 34.117.186.192	27 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DROP Spamhaus DROP Listed Traffic Inbound group 21 ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE Suspected RisePro TCP Heartbeat Packet ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET INFO Microsoft net.tcp Connection Initialization Activity ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request ET MALWARE Redline Stealer Family Activity (Response) ET MALWARE Possible Kelihos.F EXE Download Common Structure ET INFO Packed Executable Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET POLICY External IP Lookup (ipify .org) ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla)) ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	1	26.6	M	38	ZeroCERT

6428	2024-01-05 07:56	t3AUf24I92jhZl.exe 31d5145cefb9c5db9066e5088b0bedd1 Malicious Library Malicious Packer Antivirus UPX PE File PE64 OS Processor Check VirusTotal Malware					0.8	M	18	ZeroCERT

6429	2024-01-05 07:54	newbuild.exe 51d74fa113ee4efae8e73626e9277dff Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check Malware download Amadey VirusTotal Malware AutoRuns Malicious Traffic Check memory Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName DNS	3 Keyword trend analysis	9	3		8.6		55	ZeroCERT

6430	2024-01-05 07:51	yhjjs.exe bbdaaf92e5a05790eadb9563e54148ff PE32 PE File VirusTotal Malware unpack itself Remote Code Execution crashed					3.4		50	ZeroCERT

6431	2024-01-04 10:50	loader.exe 099181592db185c539594ecf3053f52d Themida Packer Malicious Packer PE File PE64 VirusTotal Malware					1.4	M	29	ZeroCERT

6432	2024-01-03 07:43	ioot.exe 85215c82405b536a3b55105bb3fe361a UPX PE32 PE File VirusTotal Malware Remote Code Execution crashed					2.8	M	51	ZeroCERT

6433	2024-01-03 07:41	Wordcreator.exe 7e042555efbb31b00c5e2aa99200a1e7 ScreenShot AntiDebug AntiVM PE32 PE File .NET EXE VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself DNS		2			8.8	M	17	ZeroCERT

6434	2024-01-03 07:41	Saint-Menace.exe 9b8a05314c09db5ef6ae5410b40e109a UPX PE File PE64 OS Processor Check VirusTotal Malware PDB					1.4	M	47	ZeroCERT

6435	2024-01-02 07:52	kkm_2337.exe d176d5132b461760213c52d026b04e08 Malicious Library UPX .NET framework(MSIL) Anti_VM PE32 PE File DLL .NET DLL OS Processor Check PNG Format ftp .NET EXE Lnk Format GIF Format AutoRuns Check memory Creates shortcut Creates executable files unpack itself AppData folder Windows ComputerName					2.8	M		ZeroCERT