Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8986	2023-11-11 16:12	audiodgs.exe 23c236d7c2132d874492c9cc1edb3df2 AgentTesla .NET framework(MSIL) SMTP KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer PDB Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName Cryptographic key Software crashed					9.0			ZeroCERT

8987	2023-11-11 13:24	XClientvm.exe 386f066c417fa04b1d6f94ac81f1be6b Antivirus UPX PE32 PE File .NET EXE OS Processor Check suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName					2.6	M		ZeroCERT

8988	2023-11-11 13:22	Aasd2wdsdas.exe c652cb73b3e3c45d34d494441d84780d Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check Windows crashed					0.8			ZeroCERT

8989	2023-11-11 13:22	B.exe 74f3a69c12af4f57291a63bb8418f8cc Malicious Packer UPX PE32 PE File .NET EXE OS Processor Check Check memory Checks debugger unpack itself ComputerName					1.0			ZeroCERT

8990	2023-11-11 13:20	XClient.exe 9c4b77cf2202adddde8c49474b31760e Antivirus UPX PE32 PE File .NET EXE OS Processor Check suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName					2.6	M		ZeroCERT

8991	2023-11-11 13:20	const.exe 2e12de9f8aa8b2513ab5cd51549ea472 Malicious Library UPX PE File PE64 OS Processor Check WriteConsoleW					0.4			ZeroCERT

8992	2023-11-10 10:06	Pikabot_pw_H17.zip 1e64f3868dc8dc63eea055b19f2a73d1 ZIP Format Malware Malicious Traffic DNS	1 Keyword trend analysis	3	2		1.4	M		ZeroCERT

8993	2023-11-10 09:56	File.7z bb71ffe7937155152037cdc440585d84 PrivateLoader Vidar Escalate priviledges PWS KeyLogger AntiDebug AntiVM RedLine Malware download Malware Microsoft Telegram suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself suspicious TLD IP Check PrivateLoader Tofsee Stealc Stealer Windows Browser RisePro DNS	43 Keyword trend analysis Info http://116.203.6.243/vcruntime140.dll http://194.169.175.118/xinchao.exe - rule_id: 38117 http://116.203.6.243/ http://194.49.94.97/download/Services.exe - rule_id: 38118 http://116.203.6.243/freebl3.dll http://116.203.6.243/mozglue.dll http://116.203.6.243/softokn3.dll http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=rV_Nuhsf2eVb3XOccZ0Dj_6o.exe&platform=0009&osver=5&isServer=0 http://45.15.156.229/api/firegate.php - rule_id: 36052 http://116.203.6.243/msvcp140.dll http://94.142.138.113/api/tracemap.php - rule_id: 28877 http://94.142.138.131/api/firegate.php - rule_id: 32650 http://91.92.243.151/api/tracemap.php - rule_id: 37889 http://94.142.138.131/api/firecom.php - rule_id: 36179 http://94.142.138.131/api/tracemap.php - rule_id: 28311 http://116.203.6.243/nss3.dll http://185.172.128.69/latestumma.exe - rule_id: 38123 http://194.49.94.48/timeSync.exe - rule_id: 38122 http://193.233.255.73/loghub/master - rule_id: 37500 http://116.203.6.243/sqlite3.dll http://apps.identrust.com/roots/dstrootcax3.p7c http://www.maxmind.com/geoip/v2.1/city/me https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://vk.com/doc26060933_667528566?hash=OTCzD0QCzqeJq5SIvsXLVFRVBbH7eK1WCGsQ6mOrd5L&dl=ZJ7zWgprIslqoCmbsrQTIYQBzbXmZRVz0zSmTdxZxGc&api=1&no_preview=1#ww11 https://sdjkvbsdjhbfws.online/setup294.exe https://db-ip.com/ https://iplis.ru/1Gemv7.mp3 https://sun6-20.userapi.com/c235131/u26060933/docs/d3/53091e847edb/tmvwr.bmp?extra=Le_vxQE8E5cLEtAH66rBWexFSg5CSxIKn2szOxTGBozeLFkHy4F4XbS3aNOf9LugqYuRx6dFCCprBMnVgKzVjIzl0Xr37LuXOT11KggLBzUM0QzZ_hAzjvWOA_E8r0qr8FHGvXm5xy5ZjWhW https://sun6-20.userapi.com/c237031/u26060933/docs/d15/577b6ea1b853/32ssh7832haf.bmp?extra=5Sj2m5N-WW1o8G60TsZw9pAKaoTklYxdyzPSSX441VMdef--VJYocLoiOx2gkVZXzTMOysKCD7OgRE7PVnMHpX6QSojeKZ-WZSXFto31F03Kuzh_kJ--ga0dMaMgZhIINT6dJ9kcHhGSS0i2 https://dzen.ru/?yredirect=true https://sun6-22.userapi.com/c909418/u26060933/docs/d56/0609e38ef0da/crypted.bmp?extra=QFlszKtMsgS-mx-G62xacL3opH89JGGB3Uz0-CW9tVXZKJ_P7btk01ima3deNDuE0gkijwpcdhB1qffooPppKi0RE-Ul_1bAYvrK1wQleUatC5ISWjd4Pe_1snTt-r2yO7UZwuz2_BAys3rN https://sun6-22.userapi.com/c235031/u26060933/docs/d42/a4b434e88a19/WWW11_32.bmp?extra=UJ87MK1fGLgOjA2PjNJKjsoLWxVEdMiK1WFqHOajY8EnCGrxhIUdfgGakh0XCFdzrYX0cTAzF6EEqbXRFjSfvaNulsvY5AovWlRekbyLHh-qEV-xyL6hRFF338U7tUv6n8KcDPs8n9KSlZfg https://api.2ip.ua/geo.json https://sun6-23.userapi.com/c235131/u26060933/docs/d50/d2b07b77fd38/file071123.bmp?extra=m0OZzlzNPND_UV9hqNWGBcMDxjBF-jxReXikM8F6lJvClOX9ApFx093KH92hiNygh9EBAFUl1kaYu9NAQfFdmCpGCI9f2s4hUju2Hp0jurhdikue7AKiti4sZFF0iwsAqBaGIQ7CYW0pBmHu https://sun6-21.userapi.com/c909418/u26060933/docs/d57/261ed0551a21/setup.bmp?extra=sptm5XsFkrmaQkt_X4EAlGNosFhvTKLQZ8PIXRyhV511sinJuYyuwOWxFUNXAsgDYGG68LNeAahg6RP7V45TeCW3e6ovlzj_q_F0tkq7iQTdR3hraF6-uvxuPSsANXkSWBZfsje197w4eik7 https://vk.com/doc26060933_667523399?hash=WLuLAnlRCes7phPpFRvUbYz21GqcCKgOZOcL7Q7X7ZX&dl=aPgqyzqJ1PRYIAiSorxfbGjkWZZsshzQfAT4vTRxBiP&api=1&no_preview=1#risepro https://sso.passport.yandex.ru/push?uuid=444111ed-ac96-40d7-a4d5-377e3cb86f1a&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue https://sun6-22.userapi.com/c235131/u26060933/docs/d1/bc4668ce3db8/PL_Clientp.bmp?extra=yxXqxV6cfLE15TZudnp-v9wBapknfnd0Hp-W2fwDU6lfDkNcwtL34UFLI5ok4OWOMdav6QjlDYzLB3Oagh6N2vnUTAmM2YIPDvDXo5h_-ZSM_WC9nHsFNJDiVGq3HiLDQzeZIbseV-7GCWAq https://sun6-20.userapi.com/c236331/u26060933/docs/d10/73936c217d6b/RisePro.bmp?extra=rXsFQn56oUAwifhelKmgeo_46KFbmPN8ZM4usH5cHO_KLOdYthEQSJRa8qQgQa3_lWUoIxf1FvO0iSrSrxZ_9Enk0KwmcJaewOdOfMC3Lrh8YA1BCpGLu-Xol31GLGu33uQ7vVKSica5OXyh https://vk.com/doc26060933_667502336?hash=8gT8SKYMMUNCPoYA5YsSAka8CsUJov2CaZxzXdCttJX&dl=iAhYuqtGMoLbuDY0v4MARtzS5LoqlhCsEYijkUisGqc&api=1&no_preview=1#1 https://vk.com/doc26060933_667508201?hash=6VnuemqrvgMX7JGCKhOp7uAllSfIKzasrs7cM1fWhgL&dl=JwY775FVXYxbFspXlbElezWDzeVHhbpuZXgjGmHUTZs&api=1&no_preview=1#setup https://steamcommunity.com/profiles/76561199568528949 - rule_id: 38188	67 Info db-ip.com(104.26.5.15) t.me(149.154.167.99) - mailcious ipinfo.io(34.117.59.81) sun6-23.userapi.com(95.142.206.3) - mailcious dzen.ru(62.217.160.2) learn.microsoft.com(23.210.37.172) api.2ip.ua(172.67.139.220) steamcommunity.com(104.76.78.101) - mailcious iplogger.org(148.251.234.83) - mailcious sdjkvbsdjhbfws.online(104.21.7.128) twitter.com(104.244.42.65) telegram.org(149.154.167.99) sun6-20.userapi.com(95.142.206.0) - mailcious api.db-ip.com(104.26.4.15) ironhost.io(172.67.193.129) sso.passport.yandex.ru(213.180.204.24) gons13fc.top(193.233.193.26) - malware yandex.ru(77.88.55.60) iplis.ru(104.21.63.150) - mailcious sun6-21.userapi.com(95.142.206.1) - mailcious sun6-22.userapi.com(95.142.206.2) - mailcious arturogillotti.icu() www.maxmind.com(104.18.145.235) vk.com(87.240.129.133) - mailcious api.myip.com(104.26.9.59) 194.169.175.128 - mailcious 104.18.146.235 104.26.5.15 193.233.255.73 - mailcious 104.244.42.129 - suspicious 23.67.53.27 149.154.167.99 - mailcious 104.21.65.24 5.42.92.93 - malware 172.67.75.166 62.217.160.2 185.216.70.232 - mailcious 104.21.7.128 87.240.132.67 - mailcious 5.42.92.51 194.49.94.48 - malware 34.117.59.81 148.251.234.83 104.26.8.59 172.67.147.32 23.40.45.69 194.169.175.118 - mailcious 104.75.41.21 - mailcious 91.92.243.151 - mailcious 91.103.252.189 - malware 185.172.128.69 - malware 104.21.57.237 - mailcious 116.203.6.243 94.142.138.113 - mailcious 194.49.94.97 - malware 45.15.156.229 - mailcious 104.26.9.59 213.180.204.24 194.33.191.60 - mailcious 95.142.206.3 - mailcious 95.142.206.2 - mailcious 95.142.206.1 - mailcious 95.142.206.0 - mailcious 94.142.138.131 - mailcious 193.233.193.26 - malware 87.240.132.72 - mailcious 77.88.55.88	39 Info ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) SURICATA Applayer Mismatch protocol both directions ET INFO Executable Download from dotted-quad Host ET HUNTING Suspicious services.exe in URI ET DNS Query to a .top domain - Likely Hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET INFO HTTP Request to a .top domain ET INFO Packed Executable Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET HUNTING Possible EXE Download From Suspicious TLD ET INFO Observed Telegram Domain (t .me in TLS SNI) ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET INFO TLS Handshake Failure ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity) ET INFO DNS Query for Suspicious .icu Domain ET MALWARE Redline Stealer Activity (Response) ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Response)	13 Info http://194.169.175.118/xinchao.exe http://194.49.94.97/download/Services.exe http://45.15.156.229/api/tracemap.php http://45.15.156.229/api/firegate.php http://94.142.138.113/api/tracemap.php http://94.142.138.131/api/firegate.php http://91.92.243.151/api/tracemap.php http://94.142.138.131/api/firecom.php http://94.142.138.131/api/tracemap.php http://185.172.128.69/latestumma.exe http://194.49.94.48/timeSync.exe http://193.233.255.73/loghub/master https://steamcommunity.com/profiles/76561199568528949	5.0	M		ZeroCERT

8994	2023-11-10 09:35	smo.exe 3fe5e1bbb296648428c4436703bd6302 RedLine stealer Emotet Gen1 Malicious Library UPX ScreenShot PWS AntiDebug AntiVM PE32 PE File CAB Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Stealc Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	6 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1	1	18.0	M	40	ZeroCERT

8995	2023-11-10 09:32	1.exe 08d14f9715fe88fe5260096942b4dd51 Malicious Library Malicious Packer PE32 PE File Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5		6.4	M	50	ZeroCERT

8996	2023-11-10 09:30	i.exe 80929c8d2ecd8d400fed9a029f4e4763 SystemBC PE32 PE File VirusTotal Malware DNS		1			1.8	M	57	ZeroCERT

8997	2023-11-10 09:30	build.exe bed063565678cce483a7647b3fe5dd27 Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					2.2	M	41	ZeroCERT

8998	2023-11-10 09:29	from.exe 2c1702ec1ce5fce93e682e82afe6fd91 RedLine stealer Emotet Gen1 Malicious Library UPX ScreenShot PWS AntiDebug AntiVM PE32 PE File CAB Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Stealc Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	6 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1	1	17.2	M	36	ZeroCERT

8999	2023-11-10 09:28	File_Vbs.vbs 739bf7015a7bb68f0c0452e64497be77 VirusTotal Malware wscript.exe payload download Tofsee	1 Keyword trend analysis	2	2		2.6	M	4	ZeroCERT

9000	2023-11-10 09:26	File_Vbs.vbs f148d80b7b8949564596b07b8d56d72f Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	5	2		9.6	M	5	ZeroCERT