Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8926	2023-11-14 08:02	newmar.exe 0099a99f5ffb3c3ae78af0084136fab3 Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check Malware AutoRuns Malicious Traffic Check memory Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS	1 Keyword trend analysis	1			4.8	M		ZeroCERT

8927	2023-11-14 08:01	Rjiyeslhtb.exe 41c3a1be867a689a3c4c2e95e2c40023 UPX PE File PE64 Check memory Checks debugger unpack itself					1.2	M		ZeroCERT

8928	2023-11-14 07:58	wininit.exe e746086f470668fe6cfc3da407fdd032 Formbook Generic Malware .NET framework(MSIL) Antivirus PWS DNS AntiDebug AntiVM PE32 PE File .NET EXE FormBook Malware download Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	6 Keyword trend analysis Info http://www.chonggonzalez.com/bp31/ http://www.zloomux.com/bp31/ http://www.chonggonzalez.com/bp31/?4hIPNx=i8xMAsplts1fVWIwWOiZyKMG3HcPF0/pv9lT+CaFwPb7cSw7ejwLK6p2kEZsPcoFVhe8fhoh&nfut_l=xPJx_6jp&sql=1 http://www.zloomux.com/bp31/?4hIPNx=vvPW/2Pd5QHeIEBGm8G0+Ony9yXqUyBfOyFfBG0rKYjwD4sgiUzqNaP2HxjG8nxDdvZI64Qs&nfut_l=xPJx_6jp&sql=1 http://www.smartagriafrica.info/bp31/?4hIPNx=OJ1wdLQJPVHT7VM7DL9mTUJRAG8pTY12NlK6t8ps5ocpXXUVXYvRwMmTQlbyJ47ya7gchoZP&nfut_l=xPJx_6jp&sql=1 http://www.smartagriafrica.info/bp31/	7	1		11.0	M		ZeroCERT

8929	2023-11-14 07:58	unsecapp.exe 754ce856887cc1da00e95d45c5163075 AgentTesla Confuser .NET PWS SMTP KeyLogger AntiDebug AntiVM PE File PE64 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows Browser Email ComputerName Software crashed keylogger	1 Keyword trend analysis	3	2		11.2	M		ZeroCERT

8930	2023-11-14 06:13	unk.exe ca42b110a0926f8aa00abd2500d520cb Malicious Library UPX PE File PE64 OS Processor Check PDB Remote Code Execution					1.0			guest

8931	2023-11-13 10:59	InstallSetup9.exe 072d5b65a446875e47dd36a8773b9971 NSIS Generic Malware Malicious Library UPX Antivirus Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM PE32 PE File PNG Format OS Processor Check ZIP Format JPEG Format BMP Format CHM Format DLL icon PE64 CAB MZP Format MSOffice File Word 2007 fi Malware Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Ransomware					5.0	M		ZeroCERT

8932	2023-11-13 10:59	HTMLBrowserIEhistorycleaner.vb... e5a6ec94e45fa3bb3f6076256ccf05a2 Generic Malware Antivirus PowerShell powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	4 Keyword trend analysis	5	2	1	8.6			ZeroCERT

8933	2023-11-13 10:58	build.exe 90dd1720cb5f0a539358d8895d3fd27a Vidar Gen1 Generic Malware Malicious Library UPX Malicious Packer AntiDebug AntiVM PE32 PE File OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Malware Telegram MachineGuid Code Injection Malicious Traffic Check memory WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Stealer Windows Browser Email ComputerName DNS Software	9 Keyword trend analysis Info http://5.75.246.163/softokn3.dll http://5.75.246.163/vcruntime140.dll http://5.75.246.163/msvcp140.dll http://5.75.246.163/freebl3.dll http://5.75.246.163/mozglue.dll http://5.75.246.163/sqlite3.dll http://5.75.246.163/ http://5.75.246.163/nss3.dll https://steamcommunity.com/profiles/76561199568528949 - rule_id: 38188	5	11 Info ET INFO TLS Handshake Failure ET INFO Observed Telegram Domain (t .me in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	1	11.8	M		ZeroCERT

8934	2023-11-13 10:56	InstallSetup1.exe 92907b257d087fa3e9fa0a72dc15772e Gen1 NSIS Generic Malware Malicious Library UPX Antivirus Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM PE32 PE File DLL PNG Format OS Processor Check ZIP Format JPEG Format PE64 BMP Format DllRegisterServer dll CHM Format icon CAB MZP Format Browser Info Stealer Malware Check memory Creates executable files unpack itself AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Ransomware Browser					5.4	M		ZeroCERT

8935	2023-11-13 10:53	download cf4151b638a71c1cd8b36edf4476579e Generic Malware PE32 PE File .NET EXE PDB Check memory Checks debugger unpack itself ComputerName					1.6	M		ZeroCERT

8936	2023-11-13 10:47	InstallSetup8.exe 5f5a15189f9eca3843ae765a41106e3f NSIS Generic Malware Malicious Library UPX Antivirus Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM PE32 PE File PNG Format OS Processor Check ZIP Format JPEG Format BMP Format CHM Format DLL icon PE64 CAB MZP Format MSOffice File Word 2007 fi Malware Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Ransomware					5.0	M		ZeroCERT

8937	2023-11-13 10:46	InstallSetup6.exe c4d534c2279d1e53893f70f6444f1067 NPKI HermeticWiper NSIS Generic Malware Suspicious_Script Malicious Library UPX Antivirus Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM Javascript_Blob PE32 PE File PNG Format JPEG Format OS Processor Check ZIP Format icon BMP Format PE64 CAB Malware Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Ransomware					5.0	M		ZeroCERT

8938	2023-11-13 10:41	InstallSetup7.exe e31dd6f0e2b467c367370f18ba09f0f8 NSIS Generic Malware Malicious Library UPX Antivirus Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM PE32 PE File PNG Format OS Processor Check ZIP Format JPEG Format BMP Format CHM Format DLL icon PE64 CAB MZP Format MSOffice File Word 2007 fi Malware Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Ransomware					5.0	M		ZeroCERT

8939	2023-11-13 10:40	WeMod-Setup.exe b5d9ec4463780fe7ff0cad5b7e794ec2 Gen1 Malicious Library Malicious Packer UPX ASPack Anti_VM PE32 PE File DLL PE64 OS Processor Check ZIP Format .NET EXE VirusTotal Malware Buffer PE Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder crashed					4.8	M	60	ZeroCERT

8940	2023-11-13 10:39	HCLcleanupcachecookiebacupclea... 17042d1b64ee37cbd64e3f77a967cfda MS_RTF_Obfuscation_Objects RTF File doc Malware VBScript Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	3 Keyword trend analysis	6	3		3.2	M		ZeroCERT