Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8521	2023-12-11 14:24	release_ver9.rar a64249c49fd7686653154060beaa68dc Stealc Escalate priviledges PWS KeyLogger AntiDebug AntiVM Malware download Vidar Open Directory Malware c&c suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself suspicious TLD IP Check PrivateLoader Tofsee Stealc Stealer Windows Exploit Browser RisePro DNS Downloader plugin	15 Keyword trend analysis Info http://5.42.64.41/2a7743b8bbd7e4a7/freebl3.dll http://5.42.64.41/40d570f44e84a454.php - rule_id: 38591 http://5.42.64.41/2a7743b8bbd7e4a7/vcruntime140.dll http://5.42.64.41/2a7743b8bbd7e4a7/nss3.dll http://5.42.64.41/2a7743b8bbd7e4a7/softokn3.dll http://5.42.64.41/2a7743b8bbd7e4a7/msvcp140.dll http://195.20.16.45/api/tracemap.php http://apps.identrust.com/roots/dstrootcax3.p7c http://5.42.64.41/2a7743b8bbd7e4a7/sqlite3.dll http://5.42.64.35/timeSync.exe - rule_id: 38593 http://195.20.16.45/api/firegate.php http://5.42.64.41/2a7743b8bbd7e4a7/mozglue.dll https://db-ip.com/demo/home.php?s=175.208.134.152 https://api.myip.com/ https://iplis.ru/1Gemv7.mp3	28 Info medfioytrkdkcodlskeej.net(91.215.85.209) - malware db-ip.com(172.67.75.166) iplis.ru(104.21.63.150) - mailcious ioiouoiuououiyjgroup.sbs(172.67.212.175) - malware iplogger.org(172.67.132.113) - mailcious never.hitsturbo.com(172.67.168.30) - malware ipinfo.io(34.117.59.81) vk.com(87.240.132.72) - mailcious api.myip.com(104.26.8.59) 194.49.94.97 - malware 5.42.64.41 - mailcious 5.42.64.35 - malware 104.26.9.59 104.21.63.150 193.233.132.34 - mailcious 185.216.70.235 23.43.165.105 104.21.37.196 193.233.132.51 - mailcious 87.240.132.67 - mailcious 91.215.85.209 - mailcious 34.117.59.81 104.26.5.15 104.21.46.59 - malware 195.20.16.45 172.67.132.113 109.107.182.3 - mailcious 87.240.132.72 - mailcious	36 Info SURICATA Applayer Mismatch protocol both directions SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO TLS Handshake Failure ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET INFO EXE - Served Attached HTTP ET HUNTING Rejetto HTTP File Sever Response ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE Suspected RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET EXPLOIT_KIT DRIVEBY Likely Evil EXE with no referer from HFS webserver (used by Unknown EK) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	2	5.6	M		ZeroCERT

8522	2023-12-11 14:18	release_ver9.rar a64249c49fd7686653154060beaa68dc Escalate priviledges PWS KeyLogger AntiDebug AntiVM suspicious privilege Check memory Checks debugger unpack itself					1.6			ZeroCERT

8523	2023-12-11 14:17	tuc5.exe e6a2e949c740c3e5c4763b6ab7e13d7c Emotet Gen1 Generic Malware Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE32 PE File MZP Format DLL OS Processor Check DllRegisterServer dll PE64 wget ZIP Format Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName crashed					4.0	M		ZeroCERT

8524	2023-12-11 14:14	Vbewgil.exe 752d19f58c4bcb8ced90460032b693e4 Hide_EXE .NET framework(MSIL) PE File PE64 .NET EXE MachineGuid Check memory Checks debugger unpack itself					1.4	M		ZeroCERT

8525	2023-12-11 13:24	hv.exe 59d1fa3b93c1cbbe665017060c8140aa Admin Tool (Sysinternals etc ...) .NET framework(MSIL) UPX Malicious Library PWS AntiDebug AntiVM PE32 PE File .NET EXE PNG Format DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces AppData folder installed browsers check SectopRAT Windows Browser Backdoor ComputerName DNS Cryptographic key Software crashed		1	1		15.2		9	ZeroCERT

8526	2023-12-11 11:08	pdf.exe e7ff90c3f9326d57e42e276d0afb4c48 UPX Malicious Library AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	3		14.6	M	50	ZeroCERT

8527	2023-12-08 18:40	microsoftdecidedtodeleteentire... 49ad634e1dfd465013beb3ce092015de MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	4	2		4.6	M	33	ZeroCERT

8528	2023-12-08 18:38	Microsoftdecidedtodeleteentire... 684c997cc1b2dc1290b00576e884f425 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Windows Exploit DNS crashed		3	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure		4.2	M	36	ZeroCERT

8529	2023-12-08 18:38	index.php 8801830b87729b1843ff56584d9f34a0 Malicious Library PE32 PE File PDB unpack itself Remote Code Execution					1.2	M		ZeroCERT

8530	2023-12-08 18:36	chrome.exe c0af31044fcaa756f32f13007d50724f Gen1 Generic Malware Malicious Library UPX Antivirus Malicious Packer PE32 PE File MZP Format URL Format DLL PE64 Remcos VirusTotal Malware Malicious Traffic Check memory Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows DNS keylogger	2 Keyword trend analysis	4	1		6.4	M	41	ZeroCERT

8531	2023-12-08 09:42	MicrosoftHealthcheck.vbs 61fee3f2dd4255c687072b4eac7cdb0d Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	3	1		9.0		4	ZeroCERT

8532	2023-12-08 09:41	bd1b8cc6.exe 8801830b87729b1843ff56584d9f34a0 Malicious Library PE32 PE File PDB unpack itself Remote Code Execution					1.2	M		ZeroCERT

8533	2023-12-08 09:39	download.jpg.exe d92beb564ff56460bacf7c722a2879cb Generic Malware Antivirus PE32 PE File DLL .NET DLL VirusTotal Malware PDB					0.6		7	ZeroCERT

8534	2023-12-07 17:38	dll.jpg.exe c0b7ffa3b6b89673fab5638e395cd4f5 Generic Malware Antivirus PE32 PE File DLL .NET DLL VirusTotal Malware PDB					0.6		8	ZeroCERT

8535	2023-12-07 17:38	async.exe e18397f25b87a6f58b9c226e8e9ea03f PE32 PE File .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows utilities suspicious process WriteConsoleW Windows Cryptographic key					7.4	M	43	ZeroCERT