Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
7711	2023-10-16 11:21	x8.x8.x8.x0x0.doc c8dfd87f05e2744967e74f93a605827e MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed	1 Keyword trend analysis	1	1		4.2		31	ZeroCERT

7712	2023-10-16 11:20	fronttechnologicalprores.exe 5a0d618b0f8ed5b550a811e4b1afdf48 Lumma Gen1 Emotet Malicious Library .NET framework(MSIL) UPX Http API ScreenShot Internet API AntiDebug AntiVM PE File PE64 CAB MSOffice File PNG Format .NET EXE JPEG Format PE32 Browser Info Stealer Malware download VirusTotal Malware Cryptocurrency wallets Cryptocurrency AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder sandbox evasion WriteConsoleW installed browsers check Tofsee Ransomware Lumma Stealer Windows Exploit Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key crashed	3 Keyword trend analysis	5	8 Info ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration ET INFO HTTP Request to a .pw domain ET INFO TLS Handshake Failure ET MALWARE [ANY.RUN] Win32/Lumma Stealer Check-In ET DNS Query to a .pw domain - Likely Hostile	3	22.2	M	45	ZeroCERT

7713	2023-10-16 11:16	ns3.jpg f394ecfbd02494369cd4cca7a70059fa ELF VirusTotal Malware					1.0		33	ZeroCERT

7714	2023-10-16 11:15	build.exe f6d470bdfc5dd8dd800580cfa71d1837 Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself					2.0		36	ZeroCERT

7715	2023-10-16 11:12	clip64.dll ed15379ed0c9f2e2cc0c105fc8f08896 Amadey Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware PDB Malicious Traffic Checks debugger unpack itself DNS	1 Keyword trend analysis	2			3.8		51	ZeroCERT

7716	2023-10-16 11:12	RBY2.exe d334fdbe7080a9e36d94001903199491 Amadey Generic Malware UPX Malicious Library Malicious Packer Antivirus PE File PE32 .NET EXE OS Processor Check JPEG Format DLL PE64 Malware download Amadey VirusTotal Cryptocurrency Miner Malware AutoRuns MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder suspicious TLD WriteConsoleW Tofsee Windows ComputerName DNS Downloader CoinMiner	10 Keyword trend analysis Info http://85.217.144.143/files/My2.exe - rule_id: 34643 http://193.42.32.29/9bDc8sQ/index.php - rule_id: 36909 http://193.42.32.29/9bDc8sQ/index.php?scr=1 - rule_id: 36909 http://guboh2p.top/build.exe http://apps.identrust.com/roots/dstrootcax3.p7c http://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 https://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 https://logicmouse.net/6779d89b7a368f4f3f340b50a9d18d71.exe https://pastebin.com/raw/V6VJsrV3 https://flyawayaero.net/baf14778c246e15550645e30ba78ce1c.exe - rule_id: 36783	27 Info thegrandduck.org(104.21.79.27) yip.su(148.251.234.93) - mailcious guboh2p.top(185.154.192.128) martvl.com(69.48.143.183) laubenstein.space(45.130.41.101) pastebin.com(172.67.34.170) - mailcious flyawayaero.net(172.67.216.81) - malware net.geo.opera.com(107.167.110.216) logicmouse.net(104.21.1.34) potatogoose.com(172.67.180.173) lycheepanel.info(104.21.32.208) - malware pool.hashvault.pro(125.253.92.50) - mailcious 107.167.110.211 148.251.234.93 - mailcious 85.217.144.143 - malware 45.130.41.101 193.42.32.29 - malware 69.48.143.183 172.67.187.122 - malware 104.21.93.225 - phishing 104.21.79.27 185.154.192.128 104.20.68.143 - mailcious 172.67.186.120 121.254.136.9 104.21.35.235 131.153.76.130 - mailcious	18 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET DNS Query to a .top domain - Likely Hostile ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET INFO HTTP Request to a .top domain ET HUNTING Request to .TOP Domain with Minimal Headers ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) ET HUNTING Possible EXE Download From Suspicious TLD ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET MALWARE Amadey Bot Activity (POST) M1	4	9.8	M	59	ZeroCERT

7717	2023-10-16 11:11	laplas03.exe 14817abceacc2869286157bc5198ba30 PE File PE64 VirusTotal Malware crashed					2.2		56	ZeroCERT

7718	2023-10-16 11:10	schtasks.exe 72aa1d054af015d3b90588e9e0cf04ae AsyncRAT UPX Malicious Packer .NET framework(MSIL) PE File PE32 .NET EXE OS Processor Check		2						ZeroCERT

7719	2023-10-16 11:10	audiodgse.exe be17427d37337c71ac701effd983f143 LokiBot Generic Malware Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed		5	4		13.4		53	ZeroCERT

7720	2023-10-16 11:08	cred64.dll 7d6c819c7accbd9abe8f6c4eb087eea2 Browser Login Data Stealer Malicious Library UPX PE File DLL PE64 OS Processor Check VirusTotal Malware PDB Checks debugger installed browsers check Browser ComputerName crashed					2.4		49	ZeroCERT

7721	2023-10-16 11:06	timeSync.exe 03a76b21baa5f39e5f592ad2e11a6336 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself					2.0		36	ZeroCERT

7722	2023-10-16 11:05	humblezx.exe 9db0aa4d2c28205d89536de9244cb7e8 AgentTesla SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS crashed		2	4		9.6		56	ZeroCERT

7723	2023-10-16 11:04	gffdgfdgfdg.msi d5e7a19ebeaa041c09162cac95747cd1 Malicious Library MSOffice File CAB OS Processor Check VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName					2.8		38	ZeroCERT

7724	2023-10-16 11:03	source2.exe f7f4c10dd56dd175ed57b936d3ae87d1 UPX Admin Tool (Sysinternals etc ...) .NET framework(MSIL) Http API ScreenShot Internet API AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer Malware download VirusTotal Malware Cryptocurrency wallets Cryptocurrency PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications sandbox evasion installed browsers check Ransomware Lumma Stealer Windows Browser ComputerName Firmware Cryptographic key	1 Keyword trend analysis	2	2		14.8		48	ZeroCERT

7725	2023-10-16 11:01	treelatestprores.exe ff43aae7083352dc2d8251c1e622c737 Lumma Gen1 Emotet Malicious Library UPX Http API ScreenShot Internet API AntiDebug AntiVM PE File PE64 CAB OS Processor Check MSOffice File PNG Format PE32 .NET EXE JPEG Format Browser Info Stealer Malware download VirusTotal Malware Cryptocurrency wallets Cryptocurrency AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder sandbox evasion WriteConsoleW installed browsers check Tofsee Ransomware Lumma Stealer Windows Exploit Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key crashed	3 Keyword trend analysis	5	8 Info ET INFO HTTP Request to a .pw domain ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration ET MALWARE [ANY.RUN] Win32/Lumma Stealer Check-In ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET INFO TLS Handshake Failure ET DNS Query to a .pw domain - Likely Hostile	3	20.8	M	49	ZeroCERT