Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
7336	2023-11-01 18:46	htmlIREcontentwritingcache.doc 0e17386f4c9bd1dc872a1b00a5ec1ce0 MS_RTF_Obfuscation_Objects RTF File doc Malware download Remcos VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS DDNS crashed	2 Keyword trend analysis	5	8 Info ET JA3 Hash - Remcos 3.x TLS Connection ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO DYNAMIC_DNS Query to a .duckdns .org Domain ET INFO DYNAMIC_DNS Query to .duckdns. Domain		4.6	M	30	ZeroCERT

7337	2023-11-01 18:42	Archive.rar 8988dd76e0075a66d1030daa58d220f1 Escalate priviledges PWS KeyLogger AntiDebug AntiVM ftp Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself suspicious TLD IP Check PrivateLoader Tofsee DNS	5 Keyword trend analysis Info http://94.142.138.113/api/firegate.php - rule_id: 36152 http://94.142.138.113/api/tracemap.php - rule_id: 28877 https://vk.com/doc26060933_667173484?hash=A1dmV4pq2EY7qgmQUNzGLIsxaMexd8IeIWU9C4qfGWs&dl=HW3dyNuyU3NU5OenwscyGVYZxNCzBaTesYkhsTpR8qs&api=1&no_preview=1 https://sun6-21.userapi.com/c237231/u26060933/docs/d41/b01ef5bd7b4a/Setup.bmp?extra=fPPLkVjVVeEJBIi4Of7fAGBCJkUgPJP0zTNhqwXCyZxyqQK-ShKZ5pV0Q9N_iwIsrcQGex6idPQM1iCflk3FKizdrZfEwMM53QuRuvk2p_dEZymICGeJzS0sCUFyDI0lpF31qoWurBw1MNPi https://api.myip.com/	13 Info iplis.ru(148.251.234.93) - mailcious iplogger.org(148.251.234.83) - mailcious ipinfo.io(34.117.59.81) api.myip.com(172.67.75.163) vk.com(87.240.132.72) - mailcious sun6-21.userapi.com(95.142.206.1) - mailcious 148.251.234.83 148.251.234.93 - mailcious 104.26.9.59 95.142.206.1 - mailcious 87.240.137.164 - mailcious 94.142.138.113 - mailcious 34.117.59.81	8 Info ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) SURICATA Applayer Mismatch protocol both directions ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) ET INFO TLS Handshake Failure ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET POLICY IP Check Domain (iplogger .org in TLS SNI)	2	5.0	M	1	ZeroCERT

7338	2023-11-01 18:39	IGCC.exe d49b62e60e0e42b43f32adf23acfd369 UPX .NET framework(MSIL) PE File PE32 .NET EXE OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.6	M	49	ZeroCERT

7339	2023-11-01 09:58	questionnaire.exe 065f0871b6025b8e61f35a188bca1d5c Generic Malware Malicious Library Anti_VM PE File PE64 ftp OS Processor Check VirusTotal Malware Check memory Creates executable files unpack itself Check virtual network interfaces DNS crashed	2 Keyword trend analysis	1			3.4		13	ZeroCERT

7340	2023-11-01 09:58	document_issued_ticket.bat 36615e952d3d0230e01c4aa0007c5cfa Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities WriteConsoleW Windows ComputerName Cryptographic key					3.4		2	ZeroCERT

7341	2023-11-01 09:48	settings.md.ps1 d4a8463332d11c465c311485626a089e Lnk Format GIF Format VirusTotal Malware powershell AutoRuns MachineGuid Check memory Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	4	1		7.2	M	15	ZeroCERT

7342	2023-11-01 09:47	vpke8.js 64fb844512400c176e18d956894663dd crashed					0.2			ZeroCERT

7343	2023-11-01 09:44	CNOZ1237_3680420.js 8bc1516039ff6f4e48087ae01613c98a VirusTotal Malware WMI ComputerName					1.4		2	guest

7344	2023-11-01 09:40	pwdw54.js 13d3bf04f274c2d9282623217acbbb5e unpack itself crashed					0.6			ZeroCERT

7345	2023-11-01 09:39	3mmusbi9y.js e6e3eb6eddb12bdddc85bb59707dd4e4 crashed					0.2			ZeroCERT

7346	2023-11-01 09:37	jli.txt.exe 4a0d3c937e2ecb5ddc198d431901efef Generic Malware Malicious Library UPX Malicious Packer Antivirus PE File DLL PE32 MZP Format OS Processor Check VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					5.0		19	ZeroCERT

7347	2023-11-01 07:48	build.exe 908ffa6f05e09995c1d3d51b08ccaa89 Malicious Library UPX PE File PE32 OS Processor Check unpack itself					0.8	M		ZeroCERT

7348	2023-11-01 07:47	700.exe 450783b6304d896d217b0a816a3f4853 Hide_EXE Suspicious_Script_Bin Malicious Library UPX Socket Http API ScreenShot Escalate priviledges Steal credential HTTP DNS Code injection Internet API KeyLogger AntiDebug AntiVM PE File PE32 MZP Format OS Processor Check Lnk Format GIF Format ZIP Form Browser Info Stealer Malware download FTP Client Info Stealer Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software	1 Keyword trend analysis	6	6 Info ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity)		20.2	M		ZeroCERT

7349	2023-10-31 20:43	index.ps1 d41d8cd98f00b204e9800998ecf8427e Generic Malware Antivirus unpack itself					0.4			guest

7350	2023-10-31 18:06	droidlokiiiiiiiiiiiibase64.txt... 58c5addb4156542d91c8ba18d4acc5d9 Malicious Packer PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory suspicious TLD installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	9 Info ET DNS Query to a .top domain - Likely Hostile ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP Request to a .top domain ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response		6.2			ZeroCERT