Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8746	2023-11-26 13:56	new.exe 0179eec24965822ea41af4447d767961 Generic Malware Antivirus UPX PE32 PE File .NET EXE OS Processor Check VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName Cryptographic key keylogger					8.4	M	55	ZeroCERT

8747	2023-11-26 13:52	devenvhost.exe 552fc1ab56ac48bebff7d6ddb8555045 Gen1 Malicious Library UPX AntiDebug AntiVM PE32 PE File OS Processor Check VirusTotal Malware PDB Code Injection Check memory Checks debugger Creates executable files unpack itself WriteConsoleW Remote Code Execution					5.8	M	54	ZeroCERT

8748	2023-11-26 13:50	timeSync.exe 1bdfbfdae4986adb79324930d7c9eaa3 Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB unpack itself					1.6	M	35	ZeroCERT

8749	2023-11-26 13:49	home.exe b5f964d3dbe27ea562d3a750af190bea Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check ZIP Format Lnk Format GIF Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed	1 Keyword trend analysis	5	7 Info ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP) ET MALWARE Suspected RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration)		13.2	M	43	ZeroCERT

8750	2023-11-26 13:47	toolspub2.exe 5f4839a45c6193363a21b784bf91e783 Malicious Library UPX AntiDebug AntiVM PE32 PE File OS Processor Check VirusTotal Malware PDB Code Injection Checks debugger buffers extracted unpack itself					6.6	M	30	ZeroCERT

8751	2023-11-26 13:45	update.exe 37035aa02a65b1b869898cb611d37686 Browser Login Data Stealer NetWire RAT Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware AutoRuns Check memory Checks debugger Creates executable files AppData folder Windows DNS DDNS		1	1		4.8	M	60	ZeroCERT

8752	2023-11-26 13:45	winrar.exe 715d9e1786839981fc5aa6ec4c9df1a6 Antivirus UPX PE32 PE File .NET EXE OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key					4.4	M	58	ZeroCERT

8753	2023-11-26 13:43	setup.exe 13c54df3790dbde46fbe989793e21ce7 Malicious Library PE32 PE File VirusTotal Malware WMI Creates executable files RWX flags setting Checks Bios anti-virtualization ComputerName					3.8	M	28	ZeroCERT

8754	2023-11-26 13:42	Server.exe a92ef911215a303fc49de97c4c6d837f njRAT backdoor PE32 PE File .NET EXE VirusTotal Malware WriteConsoleW DNS DDNS		1	1		1.8	M	65	ZeroCERT

8755	2023-11-26 13:41	macindas2.1.exe 84682f07f2f1698e49b6a29573c5679d NSIS Malicious Library UPX PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself	4 Keyword trend analysis Info http://www.salvanandcie.com/tb8i/?-ZeTi6B=UMOMUPRltOuIOavlOV9TAbzOI3NyPSxU0IiF98vYZIoJYysmNQovnALCNihIDsZ76SkBnDz1&2d=lnxh http://www.tron-pk.xyz/tb8i/?-ZeTi6B=5rJxyOnP1GB0ESD4ttWy9/4jFy42toRxagw3E+bnB/pmFdmTHJRzMwLMKKbb+ploXs+4W+sP&2d=lnxh http://www.texwwfrx.com/tb8i/?-ZeTi6B=zluqp2Qif7Juk0jSJTDTdhTVgLgB+eVfrKJdSE4Bz8PdBwx7LJWv3E/FDzXvfZ8eIpu6oPdn&2d=lnxh http://www.free-indeed.faith/tb8i/?-ZeTi6B=mjsfGumS0MCj+go/ckdO0h+daXKQjTCMjol4fCy+GQ9z9EIRohWOFaX9TAL/50qANRa4gnnD&2d=lnxh	9	2		4.2	M	48	ZeroCERT

8756	2023-11-26 13:40	sihost.exe 8a7ee9dbd620232871c7ce897fcb14e9 PE32 PE File .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.6	M	53	ZeroCERT

8757	2023-11-26 13:40	asusns.exe e59325a169b1a80fd0525ea86e130ff8 Formbook AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself AppData folder suspicious TLD Browser DNS		19 Info www.talknconvert.com(34.120.137.41) - mailcious www.ofupakoshi.com(118.27.125.154) - mailcious www.velvet-key-properties.top(162.0.222.119) - mailcious www.wearehydrant.com(216.40.34.41) - mailcious www.oneillspubs.com(199.59.243.225) - mailcious www.speedbikesglobal.com(207.244.126.150) - mailcious www.zz23xw.top(198.44.187.121) - mailcious www.54c7pv.top(154.91.180.241) - mailcious www.ezus.life(34.96.147.60) - mailcious 34.96.147.60 - mailcious 198.44.187.121 - mailcious 207.244.126.150 - mailcious 154.91.180.241 - mailcious 199.59.243.225 - mailcious 216.40.34.41 - mailcious 45.33.6.223 34.120.137.41 - mailcious 118.27.125.154 - mailcious 162.0.222.119 - mailcious	5	18 Info http://www.oneillspubs.com/zqco/ http://www.ezus.life/zqco/ http://www.zz23xw.top/zqco/ http://www.ofupakoshi.com/zqco/ http://www.speedbikesglobal.com/zqco/ http://www.talknconvert.com/zqco/ http://www.ezus.life/zqco/ http://www.54c7pv.top/zqco/ http://www.54c7pv.top/zqco/ http://www.wearehydrant.com/zqco/ http://www.velvet-key-properties.top/zqco/ http://www.wearehydrant.com/zqco/ http://www.velvet-key-properties.top/zqco/ http://www.zz23xw.top/zqco/ http://www.oneillspubs.com/zqco/ http://www.ofupakoshi.com/zqco/ http://www.speedbikesglobal.com/zqco/ http://www.talknconvert.com/zqco/	9.6	M	43	ZeroCERT

8758	2023-11-26 13:39	update.exe 4a657cf9c1289e3df987268e32961a66 Generic Malware Malicious Library Antivirus UPX Malicious Packer PE32 PE File CAB OS Processor Check DLL MSOffice File DllRegisterServer dll Malware download VirusTotal Malware Buffer PE PDB suspicious privilege Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check BumbleBee ComputerName DNS		20 Info 0xtmu3tz.life() 6xhpschv.life() luw8ubf2.life(85.17.31.82) zefawfb0.life(94.131.9.114) n64c2akw.life(5.79.71.225) 6o26tws0.life() 3nmeg5wa.life() r5ue5rok.life() 37zi55wc.life() aqnx9c9h.life() 4huoqrsp.life() dph3pby8.life(192.71.249.220) et53yjoc.life() rbvsf6io.life() 1qa3k743.life(85.17.31.82) hx0hysyg.life(185.248.144.178) 8qwcvseh.life() i9f44mju.life() tvgco82h.life() 5.79.71.205 - suspicious	2		5.2	M	5	ZeroCERT

8759	2023-11-26 13:38	test.exe 3630b92ac5ed33de5eb53b563913bb02 Malicious Library .NET framework(MSIL) UPX PE32 PE File .NET EXE OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	62	ZeroCERT

8760	2023-11-26 13:37	syncUpd.exe cbea2e95a6df177f26b684090c1d28db Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB unpack itself					1.4	M	29	ZeroCERT