Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6496	2023-12-22 08:08	rest.exe 7e267bec235e3a97a82cbc14780e5af1 Themida Packer Malicious Library Admin Tool (Sysinternals etc ...) UPX Anti_VM AntiDebug AntiVM PE32 PE File .NET EXE OS Processor Check PNG Format ZIP Format MSOffice File DLL JPEG Format Lnk Format GIF Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces suspicious process AppData folder VMware anti-virtualization IP Check installed browsers check Tofsee Ransomware Windows Exploit Browser RisePro Email ComputerName Firmware DNS Cryptographic key Software crashed	2 Keyword trend analysis	6	7 Info ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE Suspected RisePro TCP Heartbeat Packet ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration)		20.0		54	ZeroCERT

6497	2023-12-22 08:08	setup294.exe 036f715ce0e23c5993a9fbb138eaeffb Malicious Library AntiDebug AntiVM PE32 PE File DLL Code Injection Check memory Checks debugger Creates executable files unpack itself AppData folder DNS		1			4.2			ZeroCERT

6498	2023-12-21 17:09	file.rar 6b0f8a62bc4fec439739c021445942f5 Stealc Escalate priviledges PWS KeyLogger AntiDebug AntiVM RedLine Malware download Open Directory Malware c&c Microsoft suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check PrivateLoader Tofsee Stealc Stealer Windows Discord Exploit RisePro DNS	52 Keyword trend analysis Info http://5.42.64.41/40d570f44e84a454.php - rule_id: 38591 http://45.15.156.229/api/bing_release.php http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=XvW4AHeGTk9BJBAfrMTJoSzL.exe&platform=0009&osver=5&isServer=0 http://77.105.147.130/api/bing_release.php http://45.15.156.229/api/flash.php http://109.107.182.3/hugo/rest.exe http://195.20.16.45/api/tracemap.php - rule_id: 38695 http://185.172.128.19/latestbuild.exe http://zen.topteamlife.com/order/adobe.exe - rule_id: 38815 http://apps.identrust.com/roots/dstrootcax3.p7c http://zexeq.com/test2/get.php?pid=CD20CF071BA7C05D5F5E6CAF42496E78&first=true - rule_id: 27911 http://5.42.64.35/timeSync.exe - rule_id: 38593 http://77.105.147.130/api/flash.php https://vk.com/doc418490229_669821688?hash=we6BBhNerpmPCN87ImRmGXGmmNbiwaqIUE7eoga2Rxz&dl=LWFkeguGbB1zYgia1ntLjueUZO6Xo4LDzp1kwruth9L&api=1&no_preview=1#xin https://www.youtube.com/favicon.ico https://vk.com/doc418490229_669837378?hash=MnOFxJ6eziq0VhVwK1AJSav5Kza1nVE2q1ZBBZcGWRL&dl=9KbYwSMouDRxKm0lIB9Xdq82AMZkYdJZEamMlGg5LMk&api=1&no_preview=1#rise https://sun6-20.userapi.com/c909518/u418490229/docs/d22/f9bc9c314f2c/tmvwr.bmp?extra=sd0_DwktE5ym3xM-aWd3PZcQQNFY6bp3WQ5VsGllmzEMFAtmw-OyqM1eVt928NFsxWs8QHb0HsGHash_oEI6n1gh9vXdV5kFD25RzEbF90zM7p_djCfq8EJQwnCi2W-JCJQnyO9B9LG4J3GX6Q https://db-ip.com/demo/home.php?s=175.208.134.152 https://ipinfo.io/widget/demo/175.208.134.152 https://www.youtube.com/img/desktop/supported_browsers/edgium.png https://vk.com/doc418490229_669809323?hash=kP50PMPFZEp4LI0jKiDZoizq5f0DkvKaUhxGOocg9Dc&dl=ef8AbWt2wxR8jCnafScstynLK9c6NAExi1czT8Aj7RP&api=1&no_preview=1 https://sun6-22.userapi.com/c909618/u418490229/docs/d43/4b059ba24311/jhiu.bmp?extra=l0kdKyMk_DE9orYnqcSfbjthykugKl64jxq49hWPbhbXCcBf17Opbad2ORHF8yf8kRcMyLmMAybNcazH2et0SNJTgFMvZStMaLIbhHdbSId_FkJfmDNSVrAo-6Kc03ssHd6raxj3iG2283Flmg https://iplis.ru/1cC8u7.mp3 https://sun6-21.userapi.com/c909218/u418490229/docs/d10/086e039362d4/PL_p.bmp?extra=8F7qp6YQkCH8wV9nhVMbtZ1UkuuPcor_TcnOSrWG7itioGOoY6UpVTsjlY1C5ovb0TjNeuPFvln5OAEgHQIcB_9HA0EVPtSQVuaz_uQw3lZoDp8_oj9TWMoGkawFPDu_w_CVdmKaxp-_bS1jNA https://fonts.googleapis.com/css?family=Roboto:400,500 https://sun6-23.userapi.com/c909328/u418490229/docs/d37/be767eccf01d/file191223.bmp?extra=8RxI2JAEk2k-tJfACQF-UAFNz5Ph76gpPikca1Ji9eC1di9N5P2da5-yC6h9er6-4brijf2n62vHQGnXQhxdtuJjS74PHA77wi2uQuN6d9lvY8lqxtaYsbdzd0Z2rYvaf2_icqKb3Hg2vVXsAA https://DCFSDFDS2FDHFGJ.SBS/setup294.exe https://vk.com/doc418490229_669810929?hash=moVJunUKZjhyRMc0xySkXZHSaBAL88Cc1tupiMvEEwT&dl=b94zGjzpuQj7BaXz8O1vo6cCAGPlVcVsAKcnHpZ2xlP&api=1&no_preview=1#1 https://sun6-21.userapi.com/c909628/u418490229/docs/d52/f159185b6992/BotClients.bmp?extra=slFJ7cnAm4zJ31a8gA__JV7O6Upb3oLdzWCe_2xEmcxJ-iI-vPMhq7NnhDvLjuBsukj5w8rFgXcq3blNonFLqp_PbuM_tRhTHH7rkMm_ZTCxE4XHG6L6mcES_3a2bym1Cd_D5PjIOHzO9wRCnA https://vk.com/doc418490229_669807321?hash=VxBEaHVIT9bEVMzjUs6ZDaUDkTBi1A9bgCEvJPTLeKs&dl=ccjZxaprGX6O639lCOjRrkV8Wz9PFe6NB5IDGXdR71o&api=1&no_preview=1 https://vk.com/doc418490229_669653354?hash=l8DHCu4lEp9Sb8CTCk5eithtVIhhbBkli1pjUtPjJNP&dl=7vSjZ36UYD1hlgYVc9MzZLLGmShUHLSQatIOzo7OZBg&api=1&no_preview=1#logger_statistics https://www.youtube.com/ https://vk.com/doc418490229_669783554?hash=BH6rDsCdPWk2J9y1TmstXOZKSIMojhaG8Fw9a8GF3Ps&dl=gYknZQrp3U8V5VDWqeRDZZgAOIRQPc5uWYpO07u16QT&api=1&no_preview=1#test22 https://vk.com/doc418490229_669674726?hash=zO6JQAo6iYaXqKxkZ7OtAgZUB0nnLHef5V5H7iZ0Erg&dl=V9sXR6aIOgK4znoIV3QEJiCPc0YxrQNplxazvg1DdAs&api=1&no_preview=1 https://psv4.userapi.com/c237031/u418490229/docs/d30/a2f18a7159cd/Sp.bmp?extra=8t27aDbP5wFBo5a9WsZ_kZ9kOVIEvgcSoR-WyoDH3eR_35CbiWZxGMvLR7K0fHTHPfVpDxBlvQzJxA4aHNSnlH4K-qnSVn4EF_Si-AlL60A3sA0eBI9gwZZPhtvDYp-tVEsJM6NhsfEJQQ0iiQ https://sun6-21.userapi.com/c909618/u418490229/docs/d7/3c13fccecb0d/xincz.bmp?extra=ZSt5xRYqy92_IEekhgFvB1qr9i_FtOiNT51g2xpchVZfODaKJSE90n8UupLNci2RG6gzFjeSyxq0Oqb_34_93iJFW1PdnjomJAvx6CNDXguTjcnMryul_TTRv5tXoPVSIcjoOAUrYTtDfWP7TQ https://fonts.googleapis.com/css?family=YouTube+Sans:500 https://www.youtube.com/img/desktop/supported_browsers/chrome.png https://vk.com/doc418490229_669753909?hash=WT7APgrulCXZFZTSEvdEhpp2wKrYTIZVouZnBZXB72g&dl=7ei7VkBuvhBOPmO5RJDS1eEOZh0NZgZcXNvjBcCFfJ8&api=1&no_preview=1#ww11 https://www.youtube.com/img/desktop/supported_browsers/firefox.png https://sun6-22.userapi.com/c240331/u418490229/docs/d4/5ba0427424be/WWW11_32.bmp?extra=N-N_wqY1NIwAlVfIR5pYrBcNGu-kwYAzemwNThjJIh_6xOECNLWLQmT5UTWCxQU3irEk4s0tDzSjPFWZEKQav7b9lotmLgJlMtxtS7uhKfr1gWyicC9O0Ot1dTTMTC-uuTl_XLb7ef48c4KGew https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2F https://sun6-21.userapi.com/c237031/u418490229/docs/d18/6b546154631b/sdfhj8s.bmp?extra=C_vJLuNWCRIppkkIF6WUoUokqmaeSJqMBjrt4zjg9VnJyJhAvki5z7wZk_JX5JGRJKeGSeM8y6i0C_GOFaYmVyRvRed1FQFM0q1Kou5v6rtOgAt69h0BIEgojXsd2TuTOShLu8kzbNqW-2g7rw https://vk.com/doc418490229_669637079?hash=VdguLglaUQxQEWy7OPzp09fMiy3JG1498Od7lJ6mEhw&dl=Z0vdo01g0fZfW08T5s4JBiEH2UzpBHOBxg4Yxkx8vU4&api=1&no_preview=1 https://api.2ip.ua/geo.json https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc-.woff https://sun6-23.userapi.com/c237231/u418490229/docs/d12/ececed6be1fb/LG.bmp?extra=pLNgfOmTCOoCaYarwpdyTYgqNb4VBMyPeCK1ctoGNIrUiMRz2sgnoXwnnCBPcRPNVWfRTkA0kvj3KpSooKOvyYdyemYk3kUC3gIdzVA1LdoEQVTtDW9ybLvdgW8VLXHZ3cEBSJgo8-VWwXgr8A https://fonts.gstatic.com/s/youtubesans/v23/Qw3hZQNGEDjaO2m6tqIqX5E-AVS5_rSejo46_PCTRspJ0OosolrBEJL3HMXfxQASluL2m_dANVawBpSF.woff https://www.youtube.com/img/desktop/supported_browsers/yt_logo_rgb_light.png https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxM.woff https://www.youtube.com/img/desktop/supported_browsers/dinosaur.png https://www.youtube.com/img/desktop/supported_browsers/opera.png	62 Info fonts.googleapis.com(172.217.26.234) db-ip.com(104.26.5.15) ipinfo.io(34.117.186.192) sun6-23.userapi.com(95.142.206.3) - mailcious medfioytrkdkcodlskeej.net(91.215.85.209) - malware psv4.userapi.com(87.240.137.134) learn.microsoft.com(104.76.76.50) api.2ip.ua(172.67.139.220) iplogger.org(172.67.132.113) - mailcious cdn.discordapp.com(162.159.134.233) - malware sun6-20.userapi.com(95.142.206.0) - mailcious sun6-21.userapi.com(95.142.206.1) - mailcious zen.topteamlife.com(172.67.138.35) - malware www.youtube.com(142.250.207.46) - mailcious bitbucket.org(104.192.141.1) - malware fonts.gstatic.com(172.217.25.163) zexeq.com(175.120.254.9) - malware www.linkedin.com(13.107.42.14) api.myip.com(172.67.75.163) sun6-22.userapi.com(95.142.206.2) - mailcious vk.com(87.240.132.67) - mailcious dcfsdfds2fdhfgj.sbs(104.21.25.43) iplis.ru(104.21.63.150) - mailcious 95.142.206.1 - mailcious 5.42.64.35 - malware 162.159.133.233 - malware 13.107.42.14 - phishing 195.20.16.188 172.67.138.35 - malware 104.21.4.208 142.250.204.142 142.251.220.99 172.67.75.163 34.117.186.192 185.172.128.19 - mailcious 91.215.85.209 - mailcious 189.232.1.60 91.92.249.253 - mailcious 5.42.64.41 - mailcious 194.33.191.60 - mailcious 104.26.8.59 104.76.76.50 172.67.222.173 172.67.147.32 193.233.132.67 61.111.58.34 - malware 87.240.137.134 172.67.75.166 194.33.191.102 - malware 104.192.141.1 - mailcious 195.20.16.45 - mailcious 77.105.147.130 142.250.204.138 45.15.156.229 - mailcious 193.42.33.14 - malware 87.240.137.164 - mailcious 95.142.206.3 - mailcious 95.142.206.2 - mailcious 172.67.139.220 95.142.206.0 - mailcious 87.240.132.72 - mailcious 109.107.182.3 - mailcious	35 Info ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET INFO Observed Discord Domain (discordapp .com in TLS SNI) SURICATA Applayer Mismatch protocol both directions ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET INFO Executable Download from dotted-quad Host ET HUNTING Rejetto HTTP File Sever Response ET INFO Packed Executable Download ET INFO TLS Handshake Failure ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET EXPLOIT_KIT DRIVEBY Likely Evil EXE with no referer from HFS webserver (used by Unknown EK) ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization) ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE Suspected RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Get_settings) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE Redline Stealer Family Activity (Response) ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET MALWARE Win32/Filecoder.STOP Variant Public Key Download ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io)	5	5.2	M		guest

6499	2023-12-21 08:06	Pcpkjc.exe 25bbcd3deb0ac8de0822a74f9d91b989 Hide_EXE AntiDebug AntiVM PE File PE64 .NET EXE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key					6.6	M		ZeroCERT

6500	2023-12-21 08:03	spfasiazx.exe aba50ae31c5df3ea0c2394c93d423afe Formbook PE32 PE File .NET EXE PDB Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key					1.6	M		ZeroCERT

6501	2023-12-21 08:01	alphazx.exe 1938e1ce8ff0107d18ae1972302d0060 Formbook PE32 PE File .NET EXE PDB Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		1			3.6			ZeroCERT

6502	2023-12-21 08:01	Mhgskyufhic.exe e5d75255dac28cd11b130b6471b258ee Hide_EXE UPX PE File PE64 OS Processor Check Check memory Checks debugger unpack itself					1.2			ZeroCERT

6503	2023-12-21 07:59	Microsoftdigitalwallettechnolo... f306b23f34ca0c9d62c74d45f399d21a MS_RTF_Obfuscation_Objects RTF File doc Malware download Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	7 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		3.6	M		ZeroCERT

6504	2023-12-21 07:59	Microsofttechnologyunavailable... 70e00aa467b51abaa54b560b0d399010 MS_RTF_Obfuscation_Objects RTF File doc Malware download Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Windows Exploit DNS crashed	1 Keyword trend analysis	3	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		3.6	M		ZeroCERT

6505	2023-12-20 23:29	https://www.luxuryshield.org/?... Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	3 Keyword trend analysis	2	2		4.2			guest

6506	2023-12-20 08:03	sd4.ps1 16eedcc3da8cc730941c9a2f4adaaf7a Generic Malware Antivirus Malware powershell Malicious Traffic Check memory unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1			4.4			ZeroCERT

6507	2023-12-20 08:01	wlanext.exe c810e663dd2ada28c1bb8ee928f1372f Generic Malware Malicious Library UPX Antivirus PE32 PE File powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName DNS Cryptographic key crashed		3			6.0	M		ZeroCERT

6508	2023-12-20 08:01	sd2.ps1 b4127347d3d08d1a466289b2071e81e7 Generic Malware Antivirus Malware powershell Malicious Traffic Check memory unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1			4.4			ZeroCERT

6509	2023-12-20 07:59	Voiceaibeta-5.13.exe ce3cce902aecf173e8899da746b45dc3 Gen1 Malicious Library UPX Malicious Packer Anti_VM PE File PE64 ftp OS Processor Check DLL PNG Format ZIP Format icon Malware Check memory Creates executable files Ransomware					2.0	M		ZeroCERT

6510	2023-12-20 07:59	helper.exe 07bf5c0cec29332eaee4559712044afa Generic Malware Malicious Library UPX Antivirus PE32 PE File OS Processor Check PowerShell Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows Browser Advertising ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	1		5.8	M		ZeroCERT