Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
7396	2024-08-02 09:50	wemustbegood.js a1cf34ca2fc8b93d34e15b80b7d5424d Generic Malware Antivirus Hide_URL ActiveXObject PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut ICMP traffic unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key DDNS	2 Keyword trend analysis	1	2	7.4		4	ZeroCERT

7397	2024-08-02 09:50	SNK.txt.exe 18c1314189b50b530c8cf1db4176c1b6 Malicious Library Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Telegram suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	6	9 Info ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET HUNTING Telegram API Domain in DNS Lookup ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI	7.8		56	ZeroCERT

7398	2024-08-02 09:50	sos.txt.exe 184303252d69a1ca88ece7779af9c82f Malicious Library Malicious Packer UPX PE File PE64 VirusTotal Malware DNS crashed		1		3.4	M	8	ZeroCERT

7399	2024-08-02 09:46	newlevelcreatedgirlseyewithme.... 39842ac95e5d6500f94a88a158709223 Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis			5.8	M	4	ZeroCERT

7400	2024-08-02 09:46	blessedflowerongirlhairwithcre... e7116bd7b7352b12e22506b1b8c4adab Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut ICMP traffic unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key DDNS	2 Keyword trend analysis	1	2	7.4	M	4	ZeroCERT

7401	2024-08-02 09:46	Done.js a5246a96de7e1d5ebdd3fd74579aae3a unpack itself crashed				0.6			ZeroCERT

7402	2024-08-02 09:35	IMG_8729.scr 7a9e91cd05bb23625354d0f46066904c Gen1 Generic Malware Malicious Library UPX Http API HTTP Code injection Internet API Anti_VM AntiDebug AntiVM PE File PE64 OS Processor Check VirusTotal Malware Buffer PE Code Injection Malicious Traffic Check memory Checks debugger buffers extracted exploit crash unpack itself Windows utilities suspicious process malicious URLs sandbox evasion WriteConsoleW installed browsers check Windows Exploit Browser ComputerName DNS crashed	3 Keyword trend analysis	1	1	12.0		15	ZeroCERT

7403	2024-08-02 09:31	wethinkingentirethingstobegrea... 98fccb07a0d2a7658b6c42edb5eb1462 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed	1 Keyword trend analysis	1		4.6	M	38	ZeroCERT

7404	2024-08-02 09:31	PDFGOOOOO.HTA 99bbfc2fe6e9742b44c42abf3b9ea18e Suspicious_Script_Bin AntiDebug AntiVM MSOffice File VirusTotal Malware VBScript Code Injection Check memory Checks debugger buffers extracted wscript.exe payload download Creates executable files RWX flags setting exploit crash unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows Exploit Advertising Google ComputerName DNS crashed Dropper	10 Keyword trend analysis Info https://support.google.com/drive/answer/6283888 https://www.googletagmanager.com/gtag/js?id=G-H30R9PNQFN https://support.google.com/favicon.ico https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94YtzCwA.woff https://docs.google.com/document/d/1F5RULhkoBF-7vdHlyYfHj3e_zEDMCP6lEzhIzBxJ77M/edit https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff https://www.google-analytics.com/analytics.js https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc-.woff	11 Info www.googletagmanager.com(142.250.207.104) support.google.com(142.250.206.206) - mailcious docs.google.com(172.217.25.174) - mailcious www.newupdatenew.com(93.127.201.247) - mailcious www.google-analytics.com(142.250.76.142) fonts.gstatic.com(142.250.207.99) 142.251.130.14 142.250.76.14 172.217.24.99 142.250.71.200 93.127.196.158	1	10.0	M	19	ZeroCERT

7405	2024-08-02 09:28	creatednewthingstobegreatwithe... ca2e6b4cf62ef944abfed82240d9f7fa MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS DDNS crashed keylogger	3 Keyword trend analysis	5	11 Info ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5.4	M	39	ZeroCERT

7406	2024-08-02 09:26	creamcreamcreamcreamcreamcream... 0ab62c1916d23d8cb531e308441dc2fc MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS DDNS crashed	1 Keyword trend analysis	2	2	5.0	M	37	ZeroCERT

7407	2024-08-02 07:50	wahost.exe c4e132981278de75588c85590d9bbad4 Generic Malware Malicious Library Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	4	6 Info ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check	16.0	M	52	ZeroCERT

7408	2024-08-02 07:49	MYNEWRDX.exe d0e607a1ad56961a092468aa9c89152b RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		2	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 13 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	9.8	M	57	ZeroCERT

7409	2024-08-02 07:47	jsawdtyjde.exe 4c3049f8e220c2264692cb192b741a30 SystemBC Generic Malware Downloader Malicious Library UPX Malicious Packer Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiV VirusTotal Malware AutoRuns PDB Code Injection Creates executable files unpack itself AppData folder Windows RCE				5.8	M	51	ZeroCERT

7410	2024-08-02 07:47	4434.exe 607c413d4698582cc147d0f0d8ce5ef1 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed				2.4	M	56	ZeroCERT