Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
7606	2023-10-19 08:00	Ads.exe 6e781cf49af81b961d0ab465210a35f8 Generic Malware Malicious Library UPX Malicious Packer Antivirus AntiDebug AntiVM PE File PE64 PE32 OS Processor Check DLL Malware download VirusTotal Cryptocurrency Miner Malware AutoRuns Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Check virtual network interfaces AppData folder malicious URLs suspicious TLD Tofsee Windows DNS Downloader CoinMiner	10 Keyword trend analysis Info http://apps.identrust.com/roots/dstrootcax3.p7c http://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 http://gobo02fc.top/build.exe http://85.217.144.143/files/My2.exe - rule_id: 34643 http://galandskiyher5.com/downloads/toolspub1.exe https://pastebin.com/raw/xYhKBupz - rule_id: 36780 https://diplodoka.net/4d1aaeb879448e5236e36d2209b40d34/7a54bdb20779c4359694feaa1398dd25.exe https://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 https://potatogoose.com/4d1aaeb879448e5236e36d2209b40d34/baf14778c246e15550645e30ba78ce1c.exe https://flyawayaero.net/baf14778c246e15550645e30ba78ce1c.exe - rule_id: 36783	29 Info pastebin.com(172.67.34.170) - mailcious diplodoka.net(104.21.78.56) net.geo.opera.com(107.167.110.211) gobo02fc.top(85.143.220.63) laubenstein.space(45.130.41.101) - mailcious flyawayaero.net(172.67.216.81) - malware yip.su(148.251.234.93) - mailcious grabyourpizza.com(172.67.197.174) - malware galandskiyher5.com(194.169.175.127) - malware potatogoose.com(172.67.180.173) darianentertainment.com(65.109.26.240) lycheepanel.info(104.21.32.208) - malware pool.hashvault.pro(131.153.76.130) - mailcious 148.251.234.93 - mailcious 85.217.144.143 - malware 172.67.216.81 - malware 107.167.110.216 85.143.220.63 45.130.41.101 - mailcious 194.169.175.127 - malware 172.67.217.52 - malware 104.21.32.208 - malware 172.67.180.173 162.159.135.233 - malware 172.67.197.174 104.20.67.143 - mailcious 65.109.26.240 - mailcious 23.67.53.27 131.153.76.130 - mailcious	17 Info ET DNS Query for .su TLD (Soviet Union) Often Malware Related SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a .top domain - Likely Hostile ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET INFO Packed Executable Download ET INFO TLS Handshake Failure ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET INFO HTTP Request to a .top domain ET HUNTING Request to .TOP Domain with Minimal Headers SURICATA TLS invalid record type SURICATA TLS invalid record/traffic ET HUNTING Possible EXE Download From Suspicious TLD ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)	3	13.2	M	36	ZeroCERT

7607	2023-10-19 07:59	Random.exe 191febed315d7c3a620b564e99e5f3cc Gen1 Emotet Generic Malware UPX Malicious Library Malicious Packer Antivirus AntiDebug AntiVM PE File PE64 PE32 .NET EXE OS Processor Check PNG Format DLL CAB MSOffice File JPEG Format Malware download VirusTotal Cryptocurrency Miner Malware AutoRuns Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder malicious URLs suspicious TLD WriteConsoleW Tofsee Windows Exploit ComputerName DNS crashed Downloader CoinMiner	12 Keyword trend analysis Info http://104.194.128.170/svp/Ykwrxaauw.dat http://172.86.97.117/himeffectivelyproress.exe http://85.217.144.143/files/My2.exe - rule_id: 34643 http://85.217.144.143/files/Amadey.exe - rule_id: 37253 http://galandskiyher5.com/downloads/toolspub1.exe http://apps.identrust.com/roots/dstrootcax3.p7c http://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 http://gons01b.top/build.exe https://pastebin.com/raw/HPj0MzD6 https://diplodoka.net/4d1aaeb879448e5236e36d2209b40d34/7a54bdb20779c4359694feaa1398dd25.exe https://potatogoose.com/4d1aaeb879448e5236e36d2209b40d34/baf14778c246e15550645e30ba78ce1c.exe https://flyawayaero.net/baf14778c246e15550645e30ba78ce1c.exe - rule_id: 36783	32 Info iplogger.com(148.251.234.93) - mailcious yip.su(148.251.234.93) - mailcious pool.hashvault.pro(131.153.76.130) - mailcious net.geo.opera.com(107.167.110.216) martvl.com(69.48.143.183) - malware laubenstein.space(45.130.41.101) - mailcious pastebin.com(104.20.68.143) - mailcious flyawayaero.net(172.67.216.81) - malware grabyourpizza.com(104.21.90.82) - malware gons01b.top(85.143.220.63) galandskiyher5.com(194.169.175.127) - malware potatogoose.com(172.67.180.173) lycheepanel.info(104.21.32.208) - malware diplodoka.net(104.21.78.56) 104.21.78.56 107.167.110.211 148.251.234.93 - mailcious 121.254.136.9 85.217.144.143 - malware 104.194.128.170 193.42.32.29 - malware 85.143.220.63 45.130.41.101 - mailcious 69.48.143.183 - malware 194.169.175.127 - malware 131.153.76.130 - mailcious 104.21.32.208 - malware 172.67.216.81 - malware 172.67.197.174 104.21.35.235 172.86.97.117 104.20.67.143 - mailcious	17 Info ET DNS Query to a .top domain - Likely Hostile ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET INFO HTTP Request to a .top domain ET HUNTING Request to .TOP Domain with Minimal Headers ET HUNTING Possible EXE Download From Suspicious TLD ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)	3	19.4	M	23	ZeroCERT

7608	2023-10-19 07:59	audiodgse.exe d7bde041b821e3b3e6e3a71846cee9ef Formbook NSIS Malicious Library UPX PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself DNS	5 Keyword trend analysis Info http://www.vaskaworldairways.com/sy22/?Dxlpd=0xwPlKA6nfVb2/YVENf+IWv5xvicy/R8paHQQCrWR7ymRnci8vQj1/jQPH6Z9LiVJHGqShyE&mnSh=Txlhkdx - rule_id: 35942 http://www.zhperviepixie.com/sy22/?Dxlpd=hdFL0kwy0tP2Sq5zkMkXOvLbydzGG5NDjXbLdYDkA/+zwUFtuqh4YP0DuyJcd4UMQHwk1geg&mnSh=Txlhkdx - rule_id: 35635 http://www.gracefullytouchedartistry.com/sy22/?Dxlpd=32OyyUZHwqvJixPuiOQtM5MnMYIWhWk0yyAoMHrFdBB4wJvVGBkivZFh4+NGsLP7HahAbSBt&mnSh=Txlhkdx - rule_id: 35940 http://www.docomo-mobileconsulting.com/sy22/?Dxlpd=lVM1xi/uUQcXVrGb3v1MnIj4JTU8QNZxAwtnBLuxN6GTboe8PABHdOr2nABXcw5/boXeCr4R&mnSh=Txlhkdx - rule_id: 35906 http://www.vinteligencia.com/sy22/?Dxlpd=bFBzPUMpurqsSaAEhywdCFYwBQqPS0zKvFatuRp4xXu+SuvLn4C9Xg+acXGhzE1ceHoH+Iro&mnSh=Txlhkdx - rule_id: 35688	11 Info www.vaskaworldairways.com(97.118.134.29) - mailcious www.vinteligencia.com(172.67.198.50) - mailcious www.docomo-mobileconsulting.com(185.53.177.52) - mailcious www.zhperviepixie.com(167.172.228.26) - mailcious www.gracefullytouchedartistry.com(34.149.87.45) - mailcious 34.149.87.45 - phishing 172.67.198.50 167.172.228.26 - mailcious 185.53.177.52 - mailcious 97.118.134.29 131.153.76.130 - mailcious	1	5	4.8	M	40	ZeroCERT

7609	2023-10-19 07:56	audiodgse.exe 5f19da54cd1ddcef58de1e0bdf595459 .NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself					2.4	M	40	ZeroCERT

7610	2023-10-19 07:55	system32.exe d1e40dfbae57e5f3205117f5c9d64a76 Vidar Gen1 Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Telegram MachineGuid Malicious Traffic Check memory WMI Creates shortcut Creates executable files unpack itself Collect installed applications Check virtual network interfaces AntiVM_Disk sandbox evasion anti-virtualization VM Disk Size Check installed browsers check Tofsee Browser Email ComputerName DNS Software crashed	4 Keyword trend analysis	5	4	1	13.2	M	49	ZeroCERT

7611	2023-10-19 07:54	audiodgse.exe 0ea00cd19382a471a5f599c54dff91f1 UPX .NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.6	M	42	ZeroCERT

7612	2023-10-19 07:52	audiodgse.exe 834f8d3c68e80cb0288dac71275bf89a Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself					2.2	M	47	ZeroCERT

7613	2023-10-19 07:52	undergroundzx.exe 050408a7ec8e1c0ef8a7e417fbccc299 LokiBot .NET framework(MSIL) PWS KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Discord Browser Email ComputerName DNS Software crashed keylogger	1 Keyword trend analysis	4	6 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed Discord Domain (discordapp .com in TLS SNI)		13.4	M	29	ZeroCERT

7614	2023-10-19 07:50	audiodgse.exe 8ed749953dfc694808ed27f1aea08b71 Generic Malware .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed		2	4		12.6	M	30	ZeroCERT

7615	2023-10-19 07:49	damianozx.exe 487fa93e89fd1ec0969e0083966714bd PWS KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS Software crashed		2	4		9.8	M	27	ZeroCERT

7616	2023-10-19 02:14	Rechung-87_PDF.js.pdf 64b82476268205bc28b7fccca5808cf0 PDF								guest

7617	2023-10-18 18:04	sogn.exe b67ddf6cef57729b557a66460c0b6dd4 UPX .NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself					2.4	M	43	ZeroCERT

7618	2023-10-18 18:01	test.exe 3939345bad08812d7dba41f064c1665d Malicious Packer PE File PE32 VirusTotal Malware unpack itself DNS		2			3.6	M	62	ZeroCERT

7619	2023-10-18 18:00	arinzezx.exe e25e15eb096d884c88cce0f4e079d2de UPX .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Browser Email ComputerName Software crashed		2	2		10.8	M	41	ZeroCERT

7620	2023-10-18 17:57	123.exe 62914a3d73d59716bd8dbbbd947f6a02 RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) Confuser .NET PE File PE32 .NET EXE OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key		1			3.8	M	55	ZeroCERT