Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
8596	2023-12-04 18:17	ngrok.exe e2eadf60d8f25cae9b29decab461177b Malicious Library Malicious Packer UPX PE File PE64 wget OS Processor Check VirusTotal Malware sandbox evasion WriteConsoleW				2.2	M	2	ZeroCERT

8597	2023-12-04 18:16	g.exe 2c32f30ee011f338d4cb5ebc852d4ee5 Generic Malware Malicious Library Malicious Packer ASPack UPX PE32 PE File OS Processor Check VirusTotal Malware AutoRuns Windows Remote Code Execution		13 Info spa.gotohttp.com(152.32.197.201) usw.gotohttp.com(43.130.10.102) hk.gotohttp.com(47.241.41.42) def.gotohttp.com(43.130.10.102) tk.gotohttp.com(103.143.72.251) eu.gotohttp.com(43.131.61.143) use.gotohttp.com(49.51.102.118) 47.241.41.42 152.32.197.201 43.130.10.102 103.143.72.251 43.131.61.143 49.51.102.118		2.2	M	1	ZeroCERT

8598	2023-12-04 18:14	kjox.exe 3c6b3c50afec4a49e616569559d4a749 Formbook UPX PE32 PE File .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName DNS		1		4.0	M	47	ZeroCERT

8599	2023-12-04 18:13	Microsoftdeletedentirehistoryf... 6ee6e6e58e88fbb222f7b1c8e37973d7 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed		1	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.6	M	37	ZeroCERT

8600	2023-12-04 18:12	1.dll 60cdf8bcf6966eac70e5f38c26c0003c Emotet Gen1 Generic Malware Malicious Library Malicious Packer Antivirus UPX PE32 PE File DLL DllRegisterServer dll OS Processor Check VirusTotal Malware Remote Code Execution				1.8	M	35	ZeroCERT

8601	2023-12-04 18:11	demon.x64.exe f89c632c014ae133e895eaca52caecf5 Generic Malware PE File PE64 VirusTotal Malware Malicious Traffic unpack itself Check virtual network interfaces Sliver DNS	1 Keyword trend analysis	1	1	4.4	M	47	ZeroCERT

8602	2023-12-04 18:11	herewgo.exe 8bfd7886121330aca3002b5b1e768740 NSIS Malicious Library UPX Downloader PE32 PE File OS Processor Check Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself AppData folder Browser Email ComputerName crashed				5.8	M	53	ZeroCERT

8603	2023-12-04 18:09	cred64.dll a17a5ab2d131cd9eefcece4f1d22e531 Malicious Library UPX PE File DLL PE64 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency PDB MachineGuid Malicious Traffic Checks debugger unpack itself Windows utilities sandbox evasion installed browsers check Windows Browser Email DNS Software	1 Keyword trend analysis	1		8.0	M	48	ZeroCERT

8604	2023-12-04 18:09	ma.exe 81145190d0c6cb7c04a3c7b8de03fd16 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 VirusTotal Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself DNS		1		3.2	M	17	ZeroCERT

8605	2023-12-04 18:07	WILD_PRIDE.exe 6b44d99b258c275ee7fcf230da177f3e Malicious Packer UPX PE File PE64 VirusTotal Malware Checks debugger DNS		1		4.2	M	39	ZeroCERT

8606	2023-12-04 18:06	Posh_v2_dropper_x64.exe a5748047ebbe34d7821a2a040e4ca54e Hide_EXE Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself				3.6	M	50	ZeroCERT

8607	2023-12-04 18:05	aiitoo.exe 5ea91b3790b5e6e52eb199a13d945808 UPX PE32 PE File VirusTotal Malware Remote Code Execution crashed				2.8	M	47	ZeroCERT

8608	2023-12-04 18:04	1.ps1 b4c3aac58bfdfdaff5a51ec9370d0bc0 Hide_EXE Generic Malware Antivirus OS Processor Check VirusTotal Malware Check memory unpack itself				1.6	M	38	ZeroCERT

8609	2023-12-04 18:03	good.exe 28417328b64f515c71ceab7b1ee5766b Generic Malware Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check ZIP Format Lnk Format GIF Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check human activity check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed	1 Keyword trend analysis	5	7 Info ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Suspected RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration)	14.4	M	50	ZeroCERT

8610	2023-12-04 18:02	1.exe d3b17ddf0b98fd2441ed46b033043456 Generic Malware Malicious Packer UPX PE32 PE File VirusTotal Malware Check memory WriteConsoleW				1.6	M	63	ZeroCERT