Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
7486	2023-10-25 12:19	bQRH.exe ac63955ca4261eab11b0b3142360d160 njRAT backdoor Generic Malware UPX PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder DNS DDNS		1	2	3.6		54	ZeroCERT

7487	2023-10-25 11:22	FX_432661.exe 897af5616bfd6af5b687876924f39ee3 Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check VirusTotal Malware PDB Code Injection Checks debugger wscript.exe payload download Creates executable files suspicious process Tofsee crashed		2	3	5.4	M	50	ZeroCERT

7488	2023-10-25 11:20	smss.exe 841031a37159398b8eebca7bb7eff56b Formbook AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	1 Keyword trend analysis	3	1	9.6	M	52	ZeroCERT

7489	2023-10-25 11:18	sbin22zx.exe 78d449904f1a8a3000a3ba549dba764e Formbook .NET framework(MSIL) AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself crashed	3 Keyword trend analysis Info http://www.verglastrading.com/o5pf/?mfsl7bH=24DNDnrDcx6L3afu5G1pkrBprLMzzQPg6Xzu90F1O+mCQnlaWpmaey15xXgKFEq13OCFUf2W&lZB=UFQL6bspOrB8clA http://www.dunamistrainingco.com/o5pf/?mfsl7bH=M65aXi2UcAQn8718tEf3TkBOasjwjM7dajGYfqZwQUoD/VZKFFr8D11HJhntAT8u92hoG1AP&lZB=UFQL6bspOrB8clA http://www.megpt.chat/o5pf/?mfsl7bH=E+bgnEcwb41II7cnnt+h2mzNG/BCb3QKnbvPFJefYzLGoeJCAYodXDovcmtnYxWVA45lpWIQ&lZB=UFQL6bspOrB8clA	6	1	9.8	M	46	ZeroCERT

7490	2023-10-25 11:16	audiodgse.exe 3059a8f7e4b873219bc3dc4d510e936a Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself Remote Code Execution				2.4	M	53	ZeroCERT

7491	2023-10-25 11:16	kung.exe f6e91ab67abb675d4893f49397629d95 Malicious Packer PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory AntiVM_Disk suspicious TLD VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	2	6 Info ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1	8.0	M	66	ZeroCERT

7492	2023-10-25 11:00	HTMLprofile.doc 5342b58b3951c40f8e5eb08f5d9824be MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Windows Exploit Google DNS crashed	7 Keyword trend analysis Info http://141.98.6.91/72/Audiodgse.exe http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adnh37obenwknkqmvhcw72i7qsia_417/lmelglejhemejginpboagddgdfbepgmp_417_all_ZZ_kqkdtq7va5rvur2kfj67x5s2gi.crx3 http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acwcdm4bj7lx4xbm2ireywxlhvca_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win64_adsurwm4gclupf32xdrpgdnapira.crx3 http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3 http://edgedl.me.gvt1.com/edgedl/release2/chrome/czao2hrvpk5wgqrkz4kks5r734_109.0.5414.120/109.0.5414.120_chrome_installer.exe https://update.googleapis.com/service/update2 https://update.googleapis.com/service/update2?cup2key=11:ucciJXz2DRnbg3OLFhEKLNT1Ho4HCaExqeDsDp12_7M&cup2hreq=8650510305d18db3aa4a81c1579e660f081ba8e1c5014aaf087a8fc498361059	30 Info edgedl.me.gvt1.com(34.104.35.123) dns.google(8.8.4.4) www.google.com(142.250.76.132) clients2.googleusercontent.com(172.217.161.225) www.gstatic.com(142.250.206.227) accounts.google.com(142.250.206.205) _googlecast._tcp.local() apis.google.com(142.251.222.14) clientservices.googleapis.com(142.250.206.195) r1---sn-3u-bh2ss.gvt1.com(211.114.64.12) 142.250.204.35 142.250.206.238 - mailcious 172.217.25.1 - malware 141.98.6.91 - mailcious 211.114.64.12 142.250.206.234 - malware 142.251.220.46 142.250.206.195 172.217.25.3 34.104.35.123 142.250.76.131 142.250.199.68 142.251.220.109 172.217.24.68 172.217.161.225 - mailcious 142.251.220.110 172.217.24.67 142.250.207.106 - malware 142.250.199.67 172.217.25.174 - mailcious	9 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET INFO Observed Google DNS over HTTPS Domain (dns .google in TLS SNI)	4.4		28	ZeroCERT

7493	2023-10-25 10:55	HTMLCacheCentos.doc b1e8cf61c7cef7569de508e08785dadf MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Exploit crashed				2.6		28	ZeroCERT

7494	2023-10-25 10:53	ImxyQs.exe 6b99673a78e02bdd536e208b986c5b4d .NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself ComputerName	1 Keyword trend analysis			2.2	M	48	ZeroCERT

7495	2023-10-25 10:48	HTMLCacheCentos.dOC b39f481790c393d21234af0ced69da7a MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash Tofsee Exploit crashed		2	3	2.2	M	29	ZeroCERT

7496	2023-10-25 10:37	HTMLCachesClear.dOC ae797eafb49080484af9350259e7920a MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash Tofsee Exploit crashed		2	3	2.2	M	29	ZeroCERT

7497	2023-10-25 09:54	setup.exe fe90648e5db0ee19d7dcae2a5f4acc25 Malicious Library PE File PE32 VirusTotal Malware WMI Creates executable files RWX flags setting Checks Bios anti-virtualization ComputerName				4.2	M	41	ZeroCERT

7498	2023-10-25 09:54	HTMLCacheCentos.dOC b39f481790c393d21234af0ced69da7a MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash unpack itself Tofsee Exploit crashed		2	3	2.6	M	29	ZeroCERT

7499	2023-10-25 09:52	201.exe 6c13146feeabc071309b41335514bf99 Themida Packer Malicious Library UPX Http API ScreenShot Internet API AntiDebug AntiVM PE File PE32 .NET EXE DLL OS Processor Check Browser Info Stealer Malware download VirusTotal Malware Cryptocurrency wallets Cryptocurrency Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare AppData folder sandbox evasion VMware anti-virtualization installed browsers check Ransomware Lumma Stealer Windows Browser ComputerName Firmware Cryptographic key crashed	1 Keyword trend analysis	2	2	16.0	M	23	ZeroCERT

7500	2023-10-25 09:52	HTMLprofile.dOC 2885bbb18db2fc076e129a10729faadb MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash unpack itself Tofsee Exploit crashed	2 Keyword trend analysis	2	3	3.2	M	30	ZeroCERT