Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8911	2023-09-04 17:13	foto2166.exe 1ad10fe1f8b0816dcc0c371a16383f10 Gen1 Emotet Malicious Library UPX CAB PE File PE32 VirusTotal Malware AutoRuns PDB suspicious privilege Check memory Checks debugger Creates executable files unpack itself Windows utilities Disables Windows Security suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows Update Remote Code Execution Cryptographic key crashed					8.6	M	46	ZeroCERT

8912	2023-09-04 17:10	@interpoIpanic_alice.exe d9109db79ab552695a226bd2bde10c92 Malicious Library UPX AntiDebug AntiVM OS Processor Check PE File PE32 VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		1			9.2		28	ZeroCERT

8913	2023-09-04 17:08	fotod200.exe e08ec2efbc2cb0b25e6b8b63a6c19014 Gen1 Emotet Malicious Library UPX CAB PE File PE32 VirusTotal Malware AutoRuns PDB Check memory Creates executable files unpack itself Windows utilities suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows Remote Code Execution					5.2		39	ZeroCERT

8914	2023-09-04 17:08	obizx.exe 1caeba20d73f6665029d6bc0fa853312 .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.2		22	ZeroCERT

8915	2023-09-04 17:06	gen.txt.vbs 028a0617ed7c664bd7ba075bf52fb984 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1			9.0	M	6	ZeroCERT

8916	2023-09-04 17:05	cod.jpg.vbs 40674809fecf09c232335b84919108b2 Antivirus crashed					0.2	M		ZeroCERT

8917	2023-09-04 15:26	set17.exe 9cb1d62bdfac3735fcbc75a9ed9fc113 Emotet Gen1 Malicious Library UPX Confuser .NET MZP Format PE File PE32 DLL OS Processor Check DllRegisterServer dll PE64 CHM Format suspicious privilege Check memory Checks debugger Creates executable files unpack itself Windows utilities AppData folder WriteConsoleW Windows ComputerName crashed					4.2	M		ZeroCERT

8918	2023-09-04 15:23	setup294.exe 6b4871afc29f9a0494fddb3a475c638e Malicious Library UPX AntiDebug AntiVM OS Processor Check PE File PE32 DLL PDB Code Injection Checks debugger Creates executable files unpack itself AppData folder Remote Code Execution					3.4			ZeroCERT

8919	2023-09-04 15:10	Instal_pass.7z 6012442e75bf062ee37a19e3b813b95c PrivateLoader Escalate priviledges PWS KeyLogger AntiDebug AntiVM RedLine Malware download Malware Microsoft suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself suspicious TLD IP Check PrivateLoader Tofsee Stealer Windows RisePro Trojan DNS Downloader	25 Keyword trend analysis Info http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://87.121.221.58/g.exe - rule_id: 35764 http://45.15.156.229/api/firegate.php - rule_id: 36052 http://apps.identrust.com/roots/dstrootcax3.p7c http://www.maxmind.com/geoip/v2.1/city/me http://myfilebest.com/order/set17.exe http://94.142.138.113/api/tracemap.php - rule_id: 28877 https://preconcert.pw/setup294.exe https://vk.com/doc44017378_668841700?hash=B7naXG9fPpueUKaZxzbzFzqgThiLopd9A232GVSoLbD&dl=VDCn0RuU4RRcIuzpA6hHZu4JCvVt7UCUAmWFRORbSKs&api=1&no_preview=1 https://vk.com/doc44017378_668806860?hash=qtzoSGTGfTX0Y89NBaFBYakjoCyaeVOVJQ5aLZ9qe6c&dl=MsOUl0nIy2MxBmzFM55NV4K7DzBdgHfls4LY6OEHerL&api=1&no_preview=1#qq https://db-ip.com/demo/home.php?s=175.208.134.152 https://vk.com/doc44017378_668685574?hash=2Z9kWDMxHv9Bg52ieOFMjjyZlIe2LzZhpXJtbJfi2jD&dl=MckLSTrLnFqxzbDQcQsY8zw8KxvNLWnEyU8AMbhyK6s&api=1&no_preview=1#WW1 https://psv4.userapi.com/c909618/u44017378/docs/d58/3ae907fdfcf3/Synapse.bmp?extra=KUBnABH___ud3k6Iz_4j06dbnFS9VRlNbUwfTgh7gFkqGiY9bpQRB8S2WTllutClgFicO9HQdM2CdICtoMDrTIUve1tpzFA4EraxxEm1T-w5HYMIufQJZJ3ZZuL60ICYmx_il49EiGSxeEtl https://db-ip.com/ https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://sun6-20.userapi.com/c909228/u44017378/docs/d21/84fb03a45baf/RisePro_0_5_eM6kP0V0t0TJM31LPkFZ.bmp?extra=0flX9Y0ztZxXjKMYf4MpJJjzvYpZP31BlbRhAJosHEXpLdo8JT_b5DH9Y0PRC9dGByVJGDom6Q85dl7oudoJZHFhYVAOPLcxqHxV4bfTwq2t2ZLBF5atjVwW-KpohUyr8NnU5FS4_f1sEXD4 https://sun6-23.userapi.com/c240331/u44017378/docs/d40/ea107227b79a/test2.bmp?extra=T669DDPm8ZLFNZCYmG4ho1hhgwomS77jaE2Yn7VnIXwin8UREXNFw9ArqM4W0cg7xTW45XFbxsmQRIFsVfy1w7UsYsb0Uhx9j2OLuM-0E3RUf8vSZA5CNcinhMJmev2Nv1FGmFs4mSuLTip3 https://vk.com/doc44017378_668790441?hash=ZAKf3wtiDekEKOwL5zOUpKlhs3NsBThU4THBbA9UjZ0&dl=tGcv3oqIrQKDSR0z8GXJxfn9P4s1HZm2ci3UQevYE7w&api=1&no_preview=1#test2 https://sun6-20.userapi.com/c909618/u44017378/docs/d36/970407f834ab/PL_Client.bmp?extra=aN41sDSFUADrGrdU_RjM1QHebyaC6CfPPnkhN8Sh5X1ARi3KwK86JBBO2RmrPchH2zWsjNJamP2kvNM4ZBw3wVvUHefjC0u7DuaIJJ3n0zlEfuc5TbQudsfFWKgLDw8h18lU6pjBLjcaodL_ https://vk.com/doc44017378_668805679?hash=Pq8nRu8IL2bYqDVs2GPjMvpAFMOm04kusdFGQmRlGY0&dl=ns6C3Wug8h8cGKJrvWC9ONCmtSXnbVIqzmpprkB3Voz&api=1&no_preview=1#rise https://sun6-21.userapi.com/c909628/u44017378/docs/d11/ac2bb3ec415d/WWW1.bmp?extra=PdcCi5Du3aPXs6h3g6zfZQ1vp80eYhCaeQWYwshlaKabq3cItIQbRsgtJq0TWtJ44yhs8vYSoCXkcJ9B1aoCxAqw1FzxTuOWr37cbrEr81UIcHuZxy3avmSshVlPZDeDf90bALLE9p_SrNDd https://sun6-21.userapi.com/c909218/u44017378/docs/d35/7d15da7ffef6/qq.bmp?extra=2GxVWJpu25oym3VxYwWNtfWO8cQIKYpcF0VxbVK3BFm6aprr9H7tTHFEku9l_-NfQgcfHxfucUok_MgxivF-HiFfE_IhhOE0f3IqvHMsERCQI19xXhu3k8QfnZs_rFCImiUJW5RjB0c29Ysf https://sun6-22.userapi.com/c235031/u44017378/docs/d4/1974a6683533/crypted.bmp?extra=XHKJoN80jGNAz1QmohIWSJwLNw1xbuFQMIVe0WiYZj62gT4pGvNZfyg4fHynhr0PlaBSK9k-uRbQkcGieK0oYQcB8CGDXqOb9JLjC38GlvNCMUriI1WLUKlrZb65vZcsrmYy1EOO8igzh7tD https://vk.com/doc44017378_668771908?hash=xTpUd6Irq53Iv3XxYBTLtZCTvA1vPIxYTBJi9GFflYg&dl=r01wYZoWFOYu6Y5AAmkbdHXEnBHxBfvDm7ze3p9Hqz0&api=1&no_preview=1#1 https://vk.com/doc44017378_668679037?hash=6lxdrm9NUkSryZCfzYZn4zR2sOTXzaKgfQIcVCaPnvX&dl=FLqYTpktPSSWsXhtSyyzRawRyuZZexn7WIKXiXEZBv4&api=1&no_preview=1	49 Info preconcert.pw(172.67.197.101) api.2ip.ua(162.0.217.254) db-ip.com(172.67.75.166) psv4.userapi.com(87.240.190.76) api.db-ip.com(104.26.5.15) api.myip.com(172.67.75.163) agsnv.com(181.214.31.34) - malware iplis.ru(148.251.234.93) - mailcious sun6-22.userapi.com(95.142.206.2) iplogger.org(148.251.234.83) - mailcious sun6-23.userapi.com(95.142.206.3) ipinfo.io(34.117.59.81) myfilebest.com(172.67.183.191) www.maxmind.com(104.18.145.235) sun6-20.userapi.com(95.142.206.0) - mailcious vk.com(87.240.132.67) - mailcious sun6-21.userapi.com(95.142.206.1) - mailcious 148.251.234.93 - mailcious 194.169.175.128 - mailcious 104.18.145.235 181.214.31.34 - malware 77.91.68.238 - malware 87.240.129.133 - mailcious 104.26.5.15 172.67.75.163 87.240.190.76 87.121.221.58 - malware 172.67.75.166 104.21.56.98 162.0.217.254 194.26.135.162 - mailcious 87.240.132.67 - mailcious 34.117.59.81 148.251.234.83 104.21.84.222 121.254.136.9 176.123.9.142 - mailcious 94.142.138.113 - mailcious 185.225.73.32 - mailcious 149.202.0.242 - mailcious 45.15.156.229 - mailcious 104.26.9.59 104.26.4.15 87.240.137.164 - mailcious 95.142.206.3 163.123.143.4 - mailcious 95.142.206.1 - mailcious 95.142.206.0 - mailcious 95.142.206.2	28 Info ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) SURICATA Applayer Mismatch protocol both directions ET DNS Query to a *.pw domain - Likely Hostile ET INFO Executable Download from dotted-quad Host ET MALWARE Single char EXE direct download likely trojan (multiple families) ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure ET INFO EXE - Served Attached HTTP ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer Activity (Response) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Response) ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Get_settings) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration)	4	6.0	M		ZeroCERT

8920	2023-09-04 15:06	Invitation To Attend Cryptocur... 0b4aab3d1e2946b15b70a63187c1f927 AntiDebug AntiVM CHM Format VirusTotal Malware AutoRuns MachineGuid Code Injection Check memory RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName	1 Keyword trend analysis				4.8		20	ZeroCERT

8921	2023-09-04 11:15	4.html f71368efc1380be49fbffadd63510ab1 Antivirus AntiDebug AntiVM MSOffice File Code Injection exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		3.4	M		ZeroCERT

8922	2023-09-04 11:06	4.html f71368efc1380be49fbffadd63510ab1 Antivirus unpack itself crashed					0.6	M		ZeroCERT

8923	2023-09-04 11:01	Konni_종합소득세 해명자료 제출 안내.lnk... 19dc387bffdc0a22f640bd38af320db4 Generic Malware Suspicious_Script_Bin Antivirus HWP PS PostScript Malicious Library AntiDebug AntiVM Lnk Format GIF Format PowerShell MSOffice File PE File PE32 ZIP Format Malware download VirusTotal Malware Campaign powershell AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger WMI heapspray Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check human activity check Konni Windows ComputerName DNS Cryptographic key	3 Keyword trend analysis	5	2		15.4		10	ZeroCERT

8924	2023-09-04 10:30	Fukushima.chm 9e6a2914a35256dd450db549fb975f45 Generic Malware Antivirus Hide_URL AntiDebug AntiVM CHM Format VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process suspicious TLD WriteConsoleW Interception Windows ComputerName Cryptographic key	2 Keyword trend analysis	2	1		8.4		14	ZeroCERT

8925	2023-09-04 09:40	aafg31.exe 103b3199c5a7b92b74ce14f14a3965d4 Malicious Library UPX PE File PE64 VirusTotal Malware PDB unpack itself Tofsee Remote Code Execution	1 Keyword trend analysis	2	2		1.8		33	ZeroCERT