Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6976	2023-11-25 18:08	PLmp.exe d689713e2c880daf649ec894a0761274 PrivateLoader NPKI Gen1 HermeticWiper Generic Malware Suspicious_Script NSIS Malicious Library VMProtect UPX Antivirus Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM Javascript_Blob AntiDebug AntiVM PE File PE64 PE32 DLL PNG Format JPEG Forma Browser Info Stealer Malware download VirusTotal Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Disables Windows Security AppData folder AntiVM_Disk sandbox evasion WriteConsoleW IP Check VM Disk Size Check PrivateLoader Tofsee Ransomware Windows Browser DNS	5 Keyword trend analysis Info http://45.15.156.229/api/firegate.php - rule_id: 36052 http://45.15.156.229/api/tracemap.php - rule_id: 33783 https://vk.com/doc278414724_666990616?hash=4CotYHxpQIpd56XcQZdpXEA3nXJg8jBmLdZCLDYGTM4&dl=5wzQdfHJAm42JxdCzDIp2OLxzWhsnZyAL9RzHoNviH8&api=1&no_preview=1 https://sun6-23.userapi.com/c909618/u278414724/docs/d42/29be4c51d720/tmvwr.bmp?extra=lo1JLlDudToLN88wnSMMBgylnX1wZTo7dOyVInza09welEABQpw4eL107Ew0zGWbBHSZBcWjr8Ul2BHoKLnfShpyWd-XGHjt6BGnQMXMMB9fPp0nlsR-7ZS6NAy1Lkfclpxxg_FCr-j3uBfJEA https://api.myip.com/	10	8 Info SURICATA Applayer Mismatch protocol both directions SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) ET INFO Executable Download from dotted-quad Host ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	2	19.4	M	43	ZeroCERT

6977	2023-11-25 18:06	tuc5.exe 116ebbc2915bf21996640b6b02f22032 Emotet Gen1 Malicious Library UPX PE32 PE File MZP Format CHM Format PE64 DLL DllRegisterServer dll OS Processor Check Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName crashed					4.2	M		ZeroCERT

6978	2023-11-25 18:06	setup.exe 0d375fd6602f6c2654ac7e1024db9138 Malicious Library PE32 PE File VirusTotal Malware WMI Creates executable files RWX flags setting unpack itself Checks Bios anti-virtualization ComputerName					4.6	M	40	ZeroCERT

6979	2023-11-25 18:05	b.exe f6c58c6f968a8216b9b92a56bd14d421 Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware unpack itself Windows crashed					3.2	M	50	ZeroCERT

6980	2023-11-25 18:04	netTimer.exe 23cc0f81619254309799e918ee40fee0 Malicious Packer UPX PE File PE64 VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself anti-virtualization ComputerName					4.4	M	36	ZeroCERT

6981	2023-11-25 18:03	Jqjfw.exe 6866f4e7450d085b19ad1aa9adaca819 Malicious Library .NET framework(MSIL) UPX Socket Http API ScreenShot PWS HTTP SMTP DNS Code injection Internet API AntiDebug AntiVM PE32 PE File .NET EXE OS Processor Check JPEG Format VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS Cryptographic key		3			12.6	M	45	ZeroCERT

6982	2023-11-25 17:59	build.exe b1886e56eee344b730dbd3ca44cc8545 Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB unpack itself					2.2	M	51	ZeroCERT

6983	2023-11-25 17:58	decord.exe faa78f58b4f091f8c56ea622d8576703 Generic Malware NSIS Malicious Library UPX Antivirus Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM PE32 PE File .NET EXE PNG Format OS Processor Check ZIP Format JPEG Format BMP Format CHM Format DLL icon PE64 CAB MZP Format MSOffice File Wor VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Ransomware					7.0	M	54	ZeroCERT

6984	2023-11-25 17:56	decord.exe faa78f58b4f091f8c56ea622d8576703 Generic Malware NSIS Malicious Library UPX Antivirus Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM PE32 PE File .NET EXE PNG Format OS Processor Check ZIP Format JPEG Format BMP Format CHM Format DLL icon PE64 CAB MZP Format MSOffice File Wor VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Ransomware					7.0	M	54	ZeroCERT

6985	2023-11-25 17:55	Loader%20Resou%E2%80%AEnls.scr 21bc89b62236a92090a9b9732ce09b5e PE32 PE File .NET EXE PDB Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee		2	1		1.4	M		ZeroCERT

6986	2023-11-25 10:40	plugmanzx.exe d58652b6bd76ac545da4b9dd4f70e032 Formbook .NET framework(MSIL) PWS DNS AntiDebug AntiVM PE32 PE File .NET EXE VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS		2	1		14.4	M	19	ZeroCERT

6987	2023-11-24 11:14	Order_Information.url 7f4085aab74f2da761e65d5fb41fd40f AntiDebug AntiVM URL Format MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	2		5.4			ZeroCERT

6988	2023-11-24 11:12	Payment.url 1009a583d82ccd724ae13dc4d378de59 AntiDebug AntiVM URL Format MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	2		6.0		14	ZeroCERT

6989	2023-11-24 11:03	Payment_Information.url 9eb31a50bbe8cc0146b9f778d270ddd4 AntiDebug AntiVM URL Format MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	2		5.4			ZeroCERT

6990	2023-11-24 11:00	Order_Information.url 73461871b344c75f77323047fbafd617 AntiDebug AntiVM URL Format MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	2		5.8		5	ZeroCERT