Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
7786	2023-10-12 09:28	bQ6f.exe 955a7deb29f4b03b35faa62100d416fd Malicious Packer Downloader ScreenShot AntiDebug AntiVM PE File PE32 Browser Info Stealer Remcos VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS DDNS keylogger	1 Keyword trend analysis	4	3		11.6		56	ZeroCERT

7787	2023-10-12 07:52	sihost.exe 7f6feed7fc881b9b450fb7f3b726c2ae AgentTesla Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed		2	4		14.0	M	22	ZeroCERT

7788	2023-10-12 07:50	macbomard2.1.exe 7f4be9fcb7371a4a4c98462602a33639 NSIS Malicious Library UPX PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself	4 Keyword trend analysis Info http://www.new-minerals.com/t6tg/?Tj=KAteo39jXhYLV1ChmFznVIk+hBqN4AymFECkKH2GQakbZ7TdByL07ntBP05Gab5nXO3C3vF7&RX=dn98bVV8c4CP http://www.tugerdi.site/t6tg/?Tj=Za8NgA951HtgEMA/N1pbqY3Eng45w2byd25/9jAsmGZLSXWq5l9klRymntmNRw3MeMdtayU2&RX=dn98bVV8c4CP http://www.aspiredstudio.com/t6tg/?Tj=2Be6iIgSXmfB1nqJxUfd7To44XQGyUfcHTuBHOXScd6rc4VNel4uavXkn/Sr1IDzPZX3+Zir&RX=dn98bVV8c4CP http://www.ocoala.com/t6tg/?Tj=Bo69CXQCSq8YAZlSXsSXSHHhzBc0NkTLrUDc3+XWv9vtXAWnC5Ex0xTxf+gUzISZTYrGWz37&RX=dn98bVV8c4CP	9	1		4.0	M	37	ZeroCERT

7789	2023-10-12 07:48	5ea275.exe 1c576ece1cb918832be3d9e5f665388b Themida Packer Generic Malware UPX Anti_VM PE File PE32 VirusTotal Malware Check memory unpack itself Windows utilities Checks Bios Detects VirtualBox Detects VMWare suspicious process WriteConsoleW VMware anti-virtualization Windows Firmware crashed					7.8	M	56	ZeroCERT

7790	2023-10-12 07:47	random.exe c47b267a11aaf34abcf7ceec04e629c1 Malicious Library UPX Malicious Packer PE File PE64 OS Processor Check VirusTotal Malware					0.8	M	16	ZeroCERT

7791	2023-10-12 07:45	sa.exe 3e2647ddf841fd56db65ef710f6801f8 Malicious Library UPX Malicious Packer Antivirus .NET framework(MSIL) PE File PE32 .NET EXE OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself					2.0		58	ZeroCERT

7792	2023-10-12 07:45	smss.exe ced4af5a976fb361bfded06260f5985f Malicious Library UPX PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder					3.0		33	ZeroCERT

7793	2023-10-12 02:23	up.exe 5e6716377dc71d7fa5c97d778c154ce4 Malicious Packer PE File PE32 MZP Format Lnk Format GIF Format VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself AntiVM_Disk anti-virtualization VM Disk Size Check human activity check Interception ComputerName Remote Code Execution Firmware crashed	1 Keyword trend analysis	4			9.2		55	malware123

7794	2023-10-11 18:38	cleanse.exe 0e85f5058fa30907be18273932a6f917 Generic Malware Antivirus Malicious Library UPX Anti_VM PE File PE32 .NET EXE OS Processor Check ZIP Format BMP Format CHM Format DLL MSOffice File JPEG Format Word 2007 file format(docx) VirusTotal Malware Check memory Checks debugger unpack itself AppData folder Ransomware					3.0	M	15	ZeroCERT

7795	2023-10-11 18:36	typhon.exe 3fad6c3e0604ee091f2b2a61a91e2b4d Malicious Packer .NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware Telegram Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee ComputerName DNS	2 Keyword trend analysis	6	7 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET HUNTING Telegram API Domain in DNS Lookup ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Lookup api.ipify.org ET POLICY External IP Lookup Domain (ipapi .co in DNS lookup) ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)		4.4	M	20	ZeroCERT

7796	2023-10-11 18:36	build.exe 71535cb29a844c48321528d0fdfdb6d9 PE File PE64 VirusTotal Cryptocurrency Miner Malware Cryptocurrency Check memory unpack itself Auto service Check virtual network interfaces ComputerName Firmware DNS		1	2		4.8	M	35	ZeroCERT

7797	2023-10-11 18:12	bQ5J.exe 82f98bb613a30f61ceb9ca7686f97847 PE File PE32 .NET EXE VirusTotal Malware Tofsee	1 Keyword trend analysis	3	1		1.6		51	ZeroCERT

7798	2023-10-11 18:12	BYxYP9c1.ps1 ee4cabf85331d01dcc5fa75be75b5598 Generic Malware Antivirus .NET DLL PE File DLL PE32 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows ComputerName Cryptographic key crashed					7.6		27	ZeroCERT

7799	2023-10-11 18:11	Ooseha.exe cb75f58a8d5e9ab38bf5e6afdb09d7c8 Formbook UPX .NET framework(MSIL) ScreenShot PWS AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check FormBook Malware download VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key	16 Keyword trend analysis Info http://www.onlyleona.com/kniu/ - rule_id: 36720 http://www.frefire.top/kniu/ - rule_id: 36723 http://www.prosourcegraniteinc.com/kniu/ - rule_id: 36717 http://www.poultry-symposium.com/kniu/ - rule_id: 36722 http://www.xxkxcfkujyeft.xyz/kniu/ - rule_id: 36719 http://www.prosourcegraniteinc.com/kniu/?WvaMk96=9xFgCh3s8l/k2B8O7aAt9yPceR5ZLMimGcu4Dy10KR8z2IhjbkPtetaY6rVQOSuqKBOJhR+SeENFOh5XwKmANMDhEFCrb4byHJuvuWU=&tP=06tUJ - rule_id: 36717 http://www.theartboxslidell.com/kniu/ - rule_id: 36718 http://www.theartboxslidell.com/kniu/?WvaMk96=pbzwZ3uv6ZLNK9kOZcORaqCkpmWHCySL5KPRtIvuGjYxhe5HL3eyc57X4ozDsIqy99XGgcN1QrQuWuftpLGszPSRgY0zgb673Mjl5VE=&tP=06tUJ - rule_id: 36718 http://23.95.106.3/479/Kodviywuey.mp3 http://www.tsygy.com/kniu/?WvaMk96=bJ36cMi4kupHJe0Hctq9gMewB+uvjmGDqwrfSqfgcqRhOtXAC1zMZIlHhDCyIhSJCFAYjWOLktx1yjWN3ai585tt7uX+B1FmFo0jbF0=&tP=06tUJ - rule_id: 36721 http://www.onlyleona.com/kniu/?WvaMk96=eul8o7FRTpzZYv+GqkkzOpE5tEZO7cuUa8jf7YGp4uFOB2eW2y1ALY7ycZgKlFf7jddzg63rMJOPKD43r6dZxMpJnJONv2M7MFgI8Mw=&tP=06tUJ - rule_id: 36720 http://www.tsygy.com/kniu/ - rule_id: 36721 http://www.xxkxcfkujyeft.xyz/kniu/?WvaMk96=i0HwDxosD6vP35vKxXt8TqB5hgt09UAmGu6yXsGJ7KHeDbKCAxtr8kYkpXafqSJ5CWKS4JQhNIcZa2fBS8/HEz0POFGF5EDYOp/zgDU=&tP=06tUJ - rule_id: 36719 http://www.sqlite.org/2017/sqlite-dll-win32-x86-3170000.zip http://www.frefire.top/kniu/?WvaMk96=w8rKBuSUIg6smCThP+RZr8URK2cMAOxRwdqHG6Uo67OOMeio1zBa/jWrwyXT3+M/9aqTr1N41d9bzE5WN9beyeWExgAtk5mD8L1zbeQ=&tP=06tUJ - rule_id: 36723 http://www.poultry-symposium.com/kniu/?WvaMk96=40XX9Ytbs/otsI+0yUtAogrXy8SgXZWV889z9rydVcgoc+JCy8vgR1icdWU6u94Njq5xrtv7NQnpOX1iusCyLYuLxlHkdapdsh1Ymak=&tP=06tUJ - rule_id: 36722	19 Info www.onlyleona.com(172.67.132.228) - mailcious www.prosourcegraniteinc.com(216.239.34.21) - mailcious www.xxkxcfkujyeft.xyz(216.240.130.67) - mailcious www.frefire.top(67.223.117.37) - mailcious www.8956kjw1.com(103.71.154.243) www.theartboxslidell.com(199.59.243.225) - mailcious www.tsygy.com(23.104.137.185) - mailcious www.poultry-symposium.com(85.128.134.237) - mailcious www.pengeloladata.click() - mailcious 216.239.38.21 - phishing 23.104.137.185 - mailcious 23.95.106.3 - mailcious 199.59.243.225 67.223.117.37 - mailcious 85.128.134.237 - mailcious 216.240.130.67 - mailcious 104.21.13.143 103.71.154.243 45.33.6.223	12 Info SURICATA HTTP unable to match response to request ET INFO HTTP Request to a .top domain ET MALWARE FormBook CnC Checkin (POST) M2 ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET DNS Query to a .top domain - Likely Hostile ET MALWARE FormBook CnC Checkin (GET) ET HUNTING Request to .XYZ Domain with Minimal Headers ET HUNTING Request to .TOP Domain with Minimal Headers	14 Info http://www.onlyleona.com/kniu/ http://www.frefire.top/kniu/ http://www.prosourcegraniteinc.com/kniu/ http://www.poultry-symposium.com/kniu/ http://www.xxkxcfkujyeft.xyz/kniu/ http://www.prosourcegraniteinc.com/kniu/ http://www.theartboxslidell.com/kniu/ http://www.theartboxslidell.com/kniu/ http://www.tsygy.com/kniu/ http://www.onlyleona.com/kniu/ http://www.tsygy.com/kniu/ http://www.xxkxcfkujyeft.xyz/kniu/ http://www.frefire.top/kniu/ http://www.poultry-symposium.com/kniu/	11.4	M	43	ZeroCERT

7800	2023-10-11 18:11	KjAvj6Vu.ps1 ea8465175894190a7542d07bcea179b8 Generic Malware Antivirus .NET DLL PE File DLL PE32 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows ComputerName Cryptographic key crashed					7.0		27	ZeroCERT