Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6751	2024-08-13 17:17	buttersmoothkitchenapparealssi... 76326ac1e6d011a8ebcba393ae837027 Generic Malware Antivirus Hide_URL PowerShell Malware download Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key DDNS	1 Keyword trend analysis	2	2	1	8.8	M		ZeroCERT

6752	2024-08-13 17:17	updatedequitosfridayyyyMPDW-co... 3443ed347a3f74c89d2deda980d47522 Generic Malware Antivirus Hide_URL PowerShell powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	3	1		7.8	M		ZeroCERT

6753	2024-08-13 17:14	greeceeeeArchive.vbs 9218fd739d9081a575a2f5f1402e6fec Generic Malware Antivirus PowerShell VBScript powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key Dropper	1 Keyword trend analysis	3	3	1	10.0	M		ZeroCERT

6754	2024-08-13 17:14	madamwebbbbbbMPDW-constraints.... 3dfbd33df96998e1f6a37dc298a75ca4 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1		7.6	M	3	ZeroCERT

6755	2024-08-13 17:12	mondayequitosssMPDW-constraint... 1b1dd5797314342cfb948c6cfbac09b0 Generic Malware Antivirus Hide_URL PowerShell powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1		7.2			ZeroCERT

6756	2024-08-13 17:11	sweetrosefalvourcakeandbutterb... 04f40400495c1c17270f9c71e6d40717 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS DDNS crashed	2 Keyword trend analysis	3	2	1	5.0	M	34	ZeroCERT

6757	2024-08-13 17:10	sahost.exe d996f588469a7a1af5ababce991b42f5 Generic Malware Malicious Library .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Telegram PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	6	9 Info ET HUNTING Telegram API Domain in DNS Lookup ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check		15.2	M	22	ZeroCERT

6758	2024-08-13 17:09	sahost.exe 29e3de6b17d0fdfb360834f038b59a39 NSIS Suspicious_Script_Bin Malicious Library UPX Anti_VM PE File PE32 DLL VirusTotal Malware AppData folder					1.4	M	24	ZeroCERT

6759	2024-08-13 16:00	NursultanClient.exe b3d8b18d332153db164df8b55c3272a4 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Check memory crashed					1.2		14	ZeroCERT

6760	2024-08-13 11:29	T9.exe 762e2c938ec4a35e6b67fafb977fd05c RedLine stealer Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key	1 Keyword trend analysis	2	5 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	1	11.4	M	30	r0d

6761	2024-08-13 11:22	T9.exe 762e2c938ec4a35e6b67fafb977fd05c Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key	1 Keyword trend analysis	2	5 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	1	11.4	M	30	r0d

6762	2024-08-13 11:06	arch1208_0924.7z f6b650c35ed4de1040e590b400db1ef3 Escalate priviledges PWS KeyLogger AntiDebug AntiVM suspicious privilege Check memory Checks debugger unpack itself					1.6	M		ZeroCERT

6763	2024-08-13 10:44	arch1208_0924.7z f6b650c35ed4de1040e590b400db1ef3 Escalate priviledges PWS KeyLogger AntiDebug AntiVM suspicious privilege Check memory Checks debugger unpack itself					1.6			ZeroCERT

6764	2024-08-13 10:27	240903-회국회(정) 제1차 전체회의 의사일정안(결... f5f5a585a12df9cb406dde6b3e6da23d AntiDebug AntiVM CHM Format VirusTotal Malware Code Injection Check memory crashed					2.4		30	ZeroCERT

6765	2024-08-13 10:23	240903-회국회(정) 제1차 전체회의 의사일정안(결... f5f5a585a12df9cb406dde6b3e6da23d AntiDebug AntiVM CHM Format VirusTotal Malware Code Injection Check memory unpack itself					2.6		30	ZeroCERT