Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8146	2024-07-04 07:38	ABC.exe 2808310786effc87a4359c778a73a7ee UPX PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Check memory Checks debugger unpack itself ComputerName					2.8		42	ZeroCERT

8147	2024-07-04 07:36	injector.exe 509c110ee54d73c3398140a5eb78c45a NSIS Malicious Library UPX Confuser .NET PE File PE32 .NET EXE VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger Creates executable files unpack itself AppData folder ComputerName DNS crashed		1	2		5.2		57	ZeroCERT

8148	2024-07-04 02:39	http://py.pl/I7mIC 6cb7e9e8e7161d8a30c49a4228aafaaf Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File PNG Format JPEG Format VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	2	2		5.6			guest

8149	2024-07-03 19:10	file_xgep41gp.dyp.txt.ps1 b75a49ff9b2f445e17519d2e743fe1b4 Generic Malware Antivirus Malware powershell Malicious Traffic unpack itself Check virtual network interfaces Tofsee ComputerName	2 Keyword trend analysis	2	1	1	3.2	M		ZeroCERT

8150	2024-07-03 19:02	file_ahstznsa.ob0.txt.ps1 478b1ac88592f59f8a1d4cb790120c38 Generic Malware Antivirus VirusTotal Malware powershell Malicious Traffic unpack itself Check virtual network interfaces Tofsee ComputerName	2 Keyword trend analysis	2	1	1	3.6	M	9	ZeroCERT

8151	2024-07-03 18:50	poop.exe 42e52b8daf63e6e26c3aa91e7e971492 PE File PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Check memory Creates shortcut Creates executable files Ransomware Browser					4.6	M	68	ZeroCERT

8152	2024-07-03 18:47	uho.uouo.uououo.doc 9904916ce3549610216e99d83e7e2135 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit Java DNS crashed	3 Keyword trend analysis	4	4	1	5.0	M	33	ZeroCERT

8153	2024-07-03 18:46	client_win.exe 9f478308a636906db8c36e77ce68b4c2 Gen1 Generic Malware Malicious Library UPX Anti_VM PE File PE64 OS Processor Check DLL ZIP Format VirusTotal Malware Check memory Creates executable files WriteConsoleW					1.6		26	ZeroCERT

8154	2024-07-03 18:44	123.exe 4a24aad5274be7e1fd5e3ef95ea20f8f Gen1 Generic Malware Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 OS Processor Che VirusTotal Malware AutoRuns PDB Code Injection Creates executable files Windows utilities WriteConsoleW Windows RCE crashed					6.0		47	ZeroCERT

8155	2024-07-03 18:43	OPERATIONAL_MOAT.exe fe630e60d070ead8f5421d4006872435 Malicious Packer UPX PE File PE64 VirusTotal Malware Checks debugger DNS		1	1		4.4		45	ZeroCERT

8156	2024-07-03 18:41	ok.exe 2a5bdb0a785762ab4982d360bd4c37e5 Malicious Packer UPX PE File PE64 VirusTotal Malware Checks debugger DNS		1	1		4.2		38	ZeroCERT

8157	2024-07-03 18:41	wmi.jpg.exe 1953c97029337ec04a8d4b69911d843f UPX PE File PE32 Malware download VirusTotal Malware SMB Traffic Potential Scan AutoRuns Malicious Traffic Check memory Creates executable files ICMP traffic RWX flags setting Windows utilities WriteConsoleW Firewall state off IP Check Windows DNS DDNS Downloader	5 Keyword trend analysis Info http://118.184.169.48/dyndns/getip http://16.162.161.106:8080/api/node/ip_validate http://ssl.ftp21.cc/64.jpg http://download.microsoft.com/download/E/4/1/E4173890-A24A-4936-9FC9-AF930FE3FA40/NDP461-KB3102436-x86-x64-AllOS-ENU.exe http://45.113.194.127/api.php?query=175.208.134.152&co=&resource_id=6006&oe=utf8	27 Info gtxvdqvuweqs.com(16.162.201.176) - mailcious members.3322.org(118.184.169.48) down.ftp21.cc(107.189.29.100) - malware ipv6-api.iproyal.com() api.ipify.org(172.67.74.152) download.microsoft.com(72.247.96.197) hook.ftp21.cc(211.108.60.155) - malware api6.my-ip.io() www.362-com.com(1.226.84.135) web.362-com.com(110.11.158.238) opendata.baidu.com(45.113.194.189) www.4i7i.com(1.226.84.135) api.iproyal.com(93.189.62.83) ssl.ftp21.cc(211.108.60.155) - malware 16.162.161.106 104.26.13.205 211.108.60.155 - malware 59.151.136.153 51.161.196.188 45.113.194.127 16.162.201.176 - mailcious 1.226.84.135 218.57.129.51 93.189.62.83 118.184.169.48 110.11.158.238 119.203.212.165 - malware	12 Info ET DNS Query for .cc TLD ET INFO Packed Executable Download ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 ET MALWARE JS/WSF Downloader Dec 08 2016 M4 ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection ET INFO DYNAMIC_DNS Query to 3322.org Domain ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection ET INFO SSH-2.0-Go version string Observed in Network Traffic ET SCAN Behavioral Unusual Port 135 traffic Potential Scan or Infection ET INFO External IP Lookup Domain DNS Lookup (my-ip .io) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup		11.2	M	40	ZeroCERT

8158	2024-07-03 18:40	toi.txt.exe 5de123afed9669f8abd8994820591ec7 Generic Malware PE File DLL PE64 VirusTotal Malware crashed					1.4	M	45	ZeroCERT

8159	2024-07-03 18:38	EERIE_EAVE.exe e515e4872f4891fb598b503c34036b8c Malicious Packer UPX PE File PE64 VirusTotal Malware Checks debugger Check virtual network interfaces DNS		1	1		4.8		40	ZeroCERT

8160	2024-07-03 18:38	lumma0207.exe 168c5908924803d268d26965c32a5620 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself crashed					2.2		26	ZeroCERT