Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
7186	2024-07-21 09:43	si.exe c894a24b791013f77cd90631beb2c5ea Malicious Library Malicious Packer Antivirus .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself					2.4		64	ZeroCERT

7187	2024-07-21 09:36	billi_e58d74e455634dc695ed8a7b... e2fc88419295970ffa4e773dcf566f14 Malicious Packer UPX PE File PE32 VirusTotal Malware unpack itself DNS		1			3.6	M	56	ZeroCERT

7188	2024-07-21 09:36	billi_e58d74e455634dc695ed8a7b... 092c3991693cf8e0023895e4c1681fae PE File PE32 VirusTotal Malware unpack itself DNS		1			4.0	M	55	ZeroCERT

7189	2024-07-21 09:34	billi_e58d74e455634dc695ed8a7b... b9edf01e4f7bcefb95dfb9f653344569 Malicious Packer UPX PE File PE32 VirusTotal Malware unpack itself DNS		1			3.6	M	56	ZeroCERT

7190	2024-07-21 09:34	billi_e58d74e455634dc695ed8a7b... c781ee8c2429c44cda2d6d2ab3830991 Malicious Packer UPX PE File PE32 VirusTotal Malware unpack itself DNS		1			3.6	M	56	ZeroCERT

7191	2024-07-20 20:44	info.zip cbcb58ffe45c202c11bcf2070496aed6 ZIP Format VirusTotal Malware suspicious TLD DNS		2			2.2	M	56	ZeroCERT

7192	2024-07-20 20:34	AppGate018ver1.exe 8f8f6a36a8b827ceaae1228fd2669002 Vidar Client SW User Data Stealer LokiBot Gen1 Emotet ftp Client info stealer Generic Malware Themida Packer Malicious Library UPX ASPack .NET framework(MSIL) Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File PE64 OS Processor Che Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Cryptocurrency Miner Malware Telegram AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Detects VirtualBox Detects VMWare Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VMware Firewall state off anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Interception Windows Discord Browser RisePro ComputerName Firmware DNS Software crashed CoinMiner	10 Keyword trend analysis Info http://176.111.174.109/psyzh - rule_id: 40370 http://77.105.133.27/download/123p.exe - rule_id: 40857 http://91.103.252.177/api/twofish.php http://apps.identrust.com/roots/dstrootcax3.p7c http://94.232.45.38/eee01/eee01.exe - rule_id: 39938 http://91.103.252.177/api/crazyfish.php http://77.105.133.27/download/th/space.php - rule_id: 40856 https://steamcommunity.com/profiles/76561199743486170 - rule_id: 41270 https://db-ip.com/demo/home.php?s= https://iplogger.org/1nhuM4.js	28 Info db-ip.com(104.26.5.15) pool.hashvault.pro(131.153.76.130) - mailcious api64.ipify.org(104.237.62.213) api.myip.com(172.67.75.163) steamcommunity.com(23.66.133.162) - mailcious iplogger.org(104.21.4.208) - mailcious t.me(149.154.167.99) - mailcious ipinfo.io(34.117.59.81) cdn.discordapp.com(162.159.134.233) - malware lop.foxesjoy.com(172.67.159.232) - malware 149.154.167.99 - mailcious 176.111.174.109 - malware 96.7.99.225 172.67.75.163 104.26.4.15 162.159.130.233 - malware 94.232.45.38 - malware 104.21.66.124 - malware 104.237.62.213 79.137.192.13 - malware 91.103.252.177 89.111.172.64 - mailcious 77.105.133.27 - mailcious 78.46.255.249 - mailcious 34.117.59.81 121.254.136.9 172.67.132.113 131.153.76.130 - mailcious	26 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io) ET INFO TLS Handshake Failure ET DROP Spamhaus DROP Listed Traffic Inbound group 8 ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO Executable Download from dotted-quad Host ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET DROP Spamhaus DROP Listed Traffic Inbound group 30 ET INFO Observed Discord Domain (discordapp .com in TLS SNI) SURICATA Applayer Mismatch protocol both directions ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING Redirect to Discord Attachment Download ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET INFO Packed Executable Download ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE RisePro TCP Heartbeat Packet ET INFO Observed Telegram Domain (t .me in TLS SNI) ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET POLICY IP Check Domain (iplogger .org in TLS SNI)	5	28.4	M	15	ZeroCERT

7193	2024-07-20 20:32	92584v.exe 0d0b2d2e8e757e66ae44a0e3aeed2512 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.2	M	55	ZeroCERT

7194	2024-07-20 20:29	gold.exe 3828babaa69c01aa31609e67ac8c1f71 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.2	M	59	ZeroCERT

7195	2024-07-20 20:28	crowdstrike-hotfix.zip 1e84736efce206dc973acbc16540d3e5 ZIP Format Remcos VirusTotal Malware DNS		2	1		1.0		6	ZeroCERT

7196	2024-07-20 20:27	appdrivesound.exe 0f798c42cf4a3724aab608409cdb0426 North Korea Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger buffers extracted unpack itself ComputerName					3.0	M	42	ZeroCERT

7197	2024-07-20 20:27	LummaC2.exe 3d2133fcf75f684b0b8d0152c8304c9b Lumma Stealer UPX PE File PE32 VirusTotal Malware					1.2	M	54	ZeroCERT

7198	2024-07-20 20:25	669b5b78252ea_googlesoft.exe 8ac8aa90462b3181025ca80e26af7848 Vidar Client SW User Data Stealer LokiBot ftp Client info stealer Malicious Library .NET framework(MSIL) UPX ASPack Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check FTP Client Info Stealer VirusTotal Malware Telegram PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	1 Keyword trend analysis	5	3	1	17.0	M	18	ZeroCERT

7199	2024-07-20 20:25	svchost.exe 4ebd63449193b8fdbd0c0315f8e33e10 Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	54	ZeroCERT

7200	2024-07-20 20:23	winiti.exe 6298475c0e4860db7568c5b231e3cca9 Generic Malware Malicious Library UPX Antivirus PE File PE32 DLL VirusTotal Malware powershell suspicious privilege Check memory Checks debugger WMI Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows ComputerName Cryptographic key crashed					7.4	M	53	ZeroCERT