Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8206	2024-07-02 09:48	27.txt.exe cfa3c233dbdff5cf57692484c4e50e6a AsyncRAT Malicious Library Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware DNS DDNS		2	2		1.6		51	ZeroCERT

8207	2024-07-02 09:47	28.txt.exe 3b2129194c379040d94f02260925b029 AsyncRAT Malicious Library Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware DNS DDNS		2	2		1.6		49	ZeroCERT

8208	2024-07-02 09:45	package_full.pdf.lnk 87e1217cd4517d2c3ea39b1b970a5550 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process Tofsee Interception Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1		7.0		24	ZeroCERT

8209	2024-07-02 09:44	new_image2.jpg.exe 667baab9068512e49333a7c9dfba6a34 Malicious Library Antivirus .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself ComputerName					2.4		46	ZeroCERT

8210	2024-07-02 08:01	log2.exe 8bad626419244605cb6bfa7ffef1e8cc Emotet Gen1 Generic Malware NSIS PhysicalDrive Malicious Library Downloader ASPack Malicious Packer UPX Admin Tool (Sysinternals etc ...) Antivirus .NET framework(MSIL) Anti_VM Javascript_Blob PE File PE32 MZP Format OS Processor Check DllRegisterServer d Browser Info Stealer AutoRuns Check memory Creates executable files Windows utilities AppData folder WriteConsoleW installed browsers check Windows Browser	4 Keyword trend analysis	2			4.6	M		ZeroCERT

8211	2024-07-02 08:00	log1.exe f52824923a9ff5a93f42812255439a1c Emotet Gen1 PhysicalDrive Generic Malware NSIS NMap Malicious Library Downloader ASPack Malicious Packer UPX Admin Tool (Sysinternals etc ...) Antivirus .NET framework(MSIL) Javascript_Blob Anti_VM PE File PE32 MZP Format OS Processor Check DllRegisterSer Browser Info Stealer AutoRuns Check memory Creates executable files Windows utilities AppData folder WriteConsoleW installed browsers check Windows Browser	5 Keyword trend analysis	2			4.6	M		ZeroCERT

8212	2024-07-02 07:58	svchost.exe ad8b93be8ce15ff47c2c079201bd17c9 Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	51	ZeroCERT

8213	2024-07-02 07:55	asec.exe 8962b367891c933d896bc4ed9c2cffba Generic Malware UPX Antivirus PE File PE32 PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities Disables Windows Security suspicious process WriteConsoleW Windows Update ComputerName Cryptographic key					9.0	M	45	ZeroCERT

8214	2024-07-02 07:54	kdmapper.exe afb27825d8a45bea2992eca0e060a968 Gen1 Emotet HermeticWiper Generic Malware NSIS NMap Malicious Library Malicious Packer UPX Downloader Admin Tool (Sysinternals etc ...) ASPack Anti_VM PE File PE32 MZP Format OS Processor Check DllRegisterServer dll HWP CAB ActiveXObject PE64 ftp VirusTotal Malware AutoRuns Check memory Creates executable files installed browsers check Windows Browser					4.0		69	ZeroCERT

8215	2024-07-02 07:54	buildcr.exe 88932ab33c38072946abc06b426d33b8 [m] Generic Malware Generic Malware Suspicious_Script_Bin task schedule Malicious Library UPX Socket DGA Http API ScreenShot PWS DNS Internet API AntiDebug AntiVM PE File PE32 OS Processor Check Malware download Dridex VirusTotal Malware Microsoft AutoRuns Code Injection Checks debugger buffers extracted Creates executable files unpack itself Windows utilities AppData folder malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS	3 Keyword trend analysis	6	9 Info ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Potential Dridex.Maldoc Minimal Executable Request ET MALWARE Win32/Vodkagats Loader Requesting Payload ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET MALWARE Win32/Filecoder.STOP Variant Public Key Download ET POLICY PE EXE or DLL Windows file download HTTP	2	12.2	M	55	ZeroCERT

8216	2024-07-02 07:51	csrss.exe a273d142217177ab8013d6ebeafbc22f Malicious Library Malicious Packer Antivirus UPX PE File PE64 OS Processor Check PDB Check memory Checks debugger ComputerName RCE					1.6	M		ZeroCERT

8217	2024-07-02 07:49	IHBHXXQF.exe 5f4de1a8ed39bdcaf3e4c6d5fa547fc2 Gen1 HermeticWiper Malicious Library UPX Malicious Packer ASPack Anti_VM PE File PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check					3.2	M	14	ZeroCERT

8218	2024-07-02 07:45	snukingorig2.5.exe 7d50650cd2ba63482d4caf875ae65a8e Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File PE32 Device_File_Check OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	1 Keyword trend analysis	2	3		8.8	M	33	ZeroCERT

8219	2024-07-02 07:45	igccu.exe bb1b8864e1d82735205d07d202c5d864 LokiBot Malicious Library Socket PWS DNS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	1		13.2	M	30	ZeroCERT

8220	2024-07-01 16:46	Update.js 365d4f4e6ffed01288e0fae6e352e8a5 VBScript wscript.exe payload download Tofsee crashed Dropper	1 Keyword trend analysis	2	2		10.0			guest