Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
7456	2024-08-01 08:37	1.exe d94cf1913f3dbee17014f7a765c09d4e Generic Malware Themida Packer Malicious Library WinRAR UPX Admin Tool (Sysinternals etc ...) PE File PE32 OS Processor Check .NET EXE PDB suspicious privilege Check memory Checks debugger Creates executable files unpack itself Checks Bios Detects VMWare AppData folder AntiVM_Disk VMware anti-virtualization VM Disk Size Check Windows ComputerName RCE Firmware crashed					6.8			ZeroCERT

7457	2024-08-01 08:37	ber.exe 40b5cfe2ff96cd0f16a0af393ac8b039 Lumma Stealer UPX PE File PE32								ZeroCERT

7458	2024-08-01 02:05	141532.php e25219536e1f96b52b090a9e8a05620f unpack itself crashed					0.6			guest

7459	2024-08-01 02:05	141532.php e25219536e1f96b52b090a9e8a05620f crashed					0.2			guest

7460	2024-07-31 23:18	azmid170.exe 8a7e8d21f7790b63abb22853ccb0178c Emotet Malicious Library UPX ScreenShot KeyLogger AntiDebug AntiVM PE File PE32 Lnk Format GIF Format OS Processor Check DllRegisterServer dll suspicious privilege Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself AntiVM_Disk VM Disk Size Check ComputerName					4.0			guest

7461	2024-07-31 23:06	InstallAAAwave.exe 47781e2f67d75de26c08227ef50a1da5 Emotet Gen1 Generic Malware UPX Antivirus Malicious Library PE File PE32 MZP Format Lnk Format GIF Format DllRegisterServer dll DLL BMP Format OS Processor Check VirusTotal Malware Check memory Creates shortcut Creates executable files RWX flags setting unpack itself AntiVM_Disk VM Disk Size Check ComputerName crashed					4.2		1	guest

7462	2024-07-31 21:37	dssdj.exe b78013e1727d77333e2780e95d064b4b Malicious Library UPX PE File PE32 MZP Format DLL DllRegisterServer dll VirusTotal Malware Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check crashed					3.0		1	guest

7463	2024-07-31 14:55	23.exe 367009ea6fe948f4c0773f4cd1274a5f Admin Tool (Sysinternals etc ...) UPX AntiDebug AntiVM PE File PE32 Malware download AsyncRAT NetWireRC VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI RWX flags setting unpack itself Ransomware Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	3	5	1	12.4	M	30	ZeroCERT

7464	2024-07-31 14:53	3007f.hta d7690e8539ac10edbe4099d361fb7cb5 Generic Malware Antivirus Admin Tool (Sysinternals etc ...) UPX AntiDebug AntiVM PowerShell PE File PE32 Malware download Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key	6 Keyword trend analysis Info http://poslisoubor.cz/gf.php?33f6c54a9a525e2c37453931c2aadebe/9.txt - rule_id: 41656 http://poslisoubor.cz/gf.php?33f6c54a9a525e2c37453931c2aadebe/9.txt http://94.154.172.166/rwrv/23.exe - rule_id: 41655 http://94.154.172.166/rwrv/23.exe https://www.mediafire.com/file_premium/p3wr1k36iwfjl7y/Backup_Guide.pdf/file - rule_id: 41657 https://www.mediafire.com/file_premium/p3wr1k36iwfjl7y/Backup_Guide.pdf/file	7	9 Info ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01 ET INFO Executable Download from dotted-quad Host ET HUNTING File Sharing Related Domain in DNS Lookup (download .mediafire .com) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE JS/Nemucod.M.gen downloading EXE payload ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	3	15.8			ZeroCERT

7465	2024-07-31 14:45	Ledger Backup Guide.pdf.lnk 2f7d198bd913d4694467e2ded0e55ead Generic Malware Antivirus Admin Tool (Sysinternals etc ...) UPX AntiDebug AntiVM Lnk Format GIF Format PowerShell PE File PE32 Malware download AsyncRAT NetWireRC Vulnerability VirusTotal Malware VBScript Cryptocurrency wallets Cryptocurrency powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Ransomware Interception Windows Exploit ComputerName Trojan DNS Cryptographic key	4 Keyword trend analysis	8	19 Info ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01 ET INFO Executable Download from dotted-quad Host ET DROP Spamhaus DROP Listed Traffic Inbound group 3 SURICATA TLS invalid record type SURICATA TLS invalid record/traffic SURICATA Applayer Detect protocol only one direction ET POLICY Possible HTA Application Download ET INFO Dotted Quad Host HTA Request ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl ET MALWARE Generic AsyncRAT Style SSL Cert ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199) ET HUNTING File Sharing Related Domain in DNS Lookup (download .mediafire .com) ET MALWARE VBS/TrojanDownloader.Agent.XAO Payload Inbound ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE JS/Nemucod.M.gen downloading EXE payload ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		19.4		11	ZeroCERT

7466	2024-07-31 10:34	iamworkingonentirethingstobeba... c1770981e03dda36b16f52acb050e99a MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash Exploit DNS crashed	2 Keyword trend analysis	1			4.8	M	36	ZeroCERT

7467	2024-07-31 10:26	au.js dbe4c84c471b795ec32210638cd177cd Malicious Library Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Telegram suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	7	9 Info ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check ET HUNTING Telegram API Domain in DNS Lookup		11.6		16	ZeroCERT

7468	2024-07-31 10:26	Archive.js d24a4b4852a8485e74220ee5979f2884 Generic Malware Antivirus ActiveXObject PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	2 Keyword trend analysis	2	1		7.0		4	ZeroCERT

7469	2024-07-31 10:26	iamworkingonentirethingstobeba... c1770981e03dda36b16f52acb050e99a MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash unpack itself Exploit DNS crashed		1			5.2	M	36	ZeroCERT

7470	2024-07-31 10:24	Invoice-2024-07-29.url 123301099bd2b21b2b13bddb06c940dc AntiDebug AntiVM URL Format Code Injection exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	3 Keyword trend analysis	1	8 Info ET INFO Executable Download from dotted-quad Host ET HUNTING WebDAV Retrieving .exe ET HUNTING Successful PROPFIND Response for Application Media Type ET WEB_CLIENT DLL or EXE File From Possible WebDAV Share Possible DLL Preloading Exploit Attempt ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure		3.4	M		ZeroCERT