Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8806	2023-09-07 19:06	no230.exe 79aeea7e2cae474eba241c822e5f99e8 Malicious Library UPX AntiDebug AntiVM OS Processor Check PE File PE32 Malware download VirusTotal Malware Code Injection Malicious Traffic buffers extracted unpack itself Stealc Browser DNS	1 Keyword trend analysis	1	2	1	8.8	M	14	ZeroCERT

8807	2023-09-07 19:06	dloidvbsssss.vbs 604119e70e8646be1e0626523f82acd6 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	3	1		8.4	M	8	ZeroCERT

8808	2023-09-07 19:04	tualiop.vbs b712210ee2a1427f19d123de5cc4b29e Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	3	1		9.0	M	8	ZeroCERT

8809	2023-09-07 19:03	KUYYERAEUG.exe af43f40a0b114fd0dfc2919b475003ca Malicious Library PE File PE64 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself					2.4	M	34	ZeroCERT

8810	2023-09-07 19:02	keninv.exe 5a2f3553f03bea972618a4fc780146ab .NET framework(MSIL) AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself AppData folder suspicious TLD Browser DNS	5 Keyword trend analysis Info http://www.sqlite.org/2019/sqlite-dll-win32-x86-3280000.zip http://www.sqlite.org/2020/sqlite-dll-win32-x86-3310000.zip http://www.sqlite.org/2017/sqlite-dll-win32-x86-3160000.zip http://www.bookingshop01.top/hnmu/?zNts=PAkg1urm7N9AVeASEKiY0GMQCzBOtYt4wERqVQow/jdQ5NqazHSv+YEC2ee5pD3t/p5aHGQj+n8MoPHKBsOZlw3EOYcHEuSkqJKafkc=&PZpKO=y9dVejt2Kk4On http://www.bookingshop01.top/hnmu/	5	2		11.8		18	ZeroCERT

8811	2023-09-07 19:02	1.exe ff06438321dc9f8b1dadfe3fecb1df92 Malicious Library UPX OS Processor Check MZP Format PE File PE64 Check memory Tofsee		2	2		0.4	M		ZeroCERT

8812	2023-09-07 19:00	fantasy.vbs 20b5ae33d5b27bf8d6a25659b4ee4798 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	3	1		9.0		8	ZeroCERT

8813	2023-09-07 18:59	jeffzx.doc 302822808680b13287d8d8942ee6dc0c MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware exploit crash unpack itself Windows Exploit DNS crashed	1 Keyword trend analysis	1	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		3.6	M	29	ZeroCERT

8814	2023-09-07 18:57	kenpol.exe 9e621dabf65534dfc620eb0c70f6b7a4 .NET framework(MSIL) AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself					7.4		17	ZeroCERT

8815	2023-09-07 18:57	jatropkaq.vbs 567e6ba31d1adf5a1fd3e69d1f0e1865 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	3	1		8.4		8	ZeroCERT

8816	2023-09-07 17:54	obizx.doc 5c2b9063897b742f636bbed0c5dc7884 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware exploit crash IP Check Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	5	8 Info SURICATA Applayer Detect protocol only one direction SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure		3.6	M	29	ZeroCERT

8817	2023-09-07 17:49	mtxRwzg.exe e244628c750d40509ef2e3e72e4c2049 UPX .NET framework(MSIL) Http API Escalate priviledges AntiDebug AntiVM OS Processor Check PE File .NET EXE PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself suspicious process sandbox evasion Windows Browser ComputerName Cryptographic key crashed					10.8	M	34	ZeroCERT

8818	2023-09-07 17:47	123.exe 4c328b215a84c1b2c982a3268b4a0cea PE File PE64 VirusTotal Cryptocurrency Miner Malware unpack itself DNS CoinMiner		2	1		1.8	M	31	ZeroCERT

8819	2023-09-07 17:47	undergroundzx.exe 4f91d6f43a69717ff16f3c09dcd0e7e8 PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.0	M	30	ZeroCERT

8820	2023-09-07 17:45	qqdownloadftnv5 9cbc21a9ed6e1525332557904760e570 VBA_macro Generic Malware Http API PWS ScreenShot KeyLogger AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection RWX flags setting unpack itself					3.6	M	45	ZeroCERT