Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	Zero	VT	Player
9286	2023-08-21 09:29	http://setup.icloud.com AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed	3 Keyword trend analysis	2		4.2			guest

9287	2023-08-19 05:16	http://sequoia.apple.com							guest

9288	2023-08-19 04:40	http://api.maptiler.com 60c9f86239a45db522e58c777de569f4 Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Windows Exploit DNS crashed	1 Keyword trend analysis	2		4.2			guest

9289	2023-08-19 04:24	http://proxy.safebrowsing.appl... Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Windows Exploit DNS crashed	1 Keyword trend analysis	2		4.2			guest

9290	2023-08-19 04:14	http://api.smoot.apple.com Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Windows Exploit DNS crashed		2		5.2			guest

9291	2023-08-18 18:10	s28a1f.exe 97ae7169e56c372a7d45996303c06d45 Malicious Library PE File PE32 Browser Info Stealer FTP Client Info Stealer suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1		5.4			ZeroCERT

9292	2023-08-18 18:10	1ds3y.exe b78141a544759e1a07740aa28b35584c Generic Malware Malicious Library UPX Antivirus AntiDebug AntiVM OS Processor Check PE File PE32 PowerShell VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process WriteConsoleW IP Check Windows ComputerName DNS Cryptographic key crashed	5 Keyword trend analysis Info http://www.microsoft.com/ http://ip-api.com/json/?fields=query,status,countryCode,city,timezone http://46.29.235.84/clpr/OWUsN2UsODMsOWIsOWUsODIsOTAsOTEsNjQsN2Ys - rule_id: 35599 http://pastebin.com/raw/r0KhEEzi - rule_id: 35402 https://pastebin.com/raw/r0KhEEzi - rule_id: 35401	10	3	14.4	M	52	ZeroCERT

9293	2023-08-18 18:04	PolicyChanges.pdf.lnk 60696fce8c5e2d338afd213a0147d63b Generic Malware Hide_EXE Suspicious_Script_Bin Downloader Malicious Library UPX Malicious Packer Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API FTP KeyLogger Ant VirusTotal Malware Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW ComputerName		7		4.4		8	ZeroCERT

9294	2023-08-18 18:01	pass1234_setup.7z cd129faa117216c35156304670140b06 Escalate priviledges PWS KeyLogger AntiDebug AntiVM Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check DNS	23 Keyword trend analysis Info http://94.142.138.131/api/firegate.php - rule_id: 32650 http://208.67.104.60/api/tracemap.php - rule_id: 28876 http://193.233.254.61/loghub/master - rule_id: 35736 http://zzz.fhauiehgha.com/m/okka25.exe - rule_id: 34705 http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://87.121.221.58/g.exe - rule_id: 35764 http://apps.identrust.com/roots/dstrootcax3.p7c http://94.142.138.131/api/tracemap.php - rule_id: 28311 http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=GPe3xmuleVDaoOMEldmdr3MP.exe&platform=0009&osver=5&isServer=0 http://77.91.124.231/info/photo551.exe - rule_id: 35889 http://194.169.175.233:3002/file.exe - rule_id: 35890 http://www.maxmind.com/geoip/v2.1/city/me https://busell.store/setup294.exe - rule_id: 35772 https://transfer.sh/get/S8wmOYi1yh/s28a1f.exe https://transfer.sh/get/Els5w2XD23/1ds3y.exe https://sun6-22.userapi.com/c237231/u647736509/docs/d56/ff6bde39d062/WWW1.bmp?extra=s__W1ni87TI6Duoswc_5WTp-ZIO2Qd59SKzhEqRFcQl-k1J4KAcBfVMo-bPsw0dFD9VXVx7H98KchsBhY5pJ34s_2Pecy9ZUMezwbbMr7285OlnifZTf678xl_FtoUV2KZ57GsxX98HPQN8_MQ https://db-ip.com/demo/home.php?s=175.208.134.152 https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://db-ip.com/ https://sun6-21.userapi.com/c909628/u647736509/docs/d12/fd5c7be24aa4/PMmp.bmp?extra=QnkMoPcHh8Pcl9kFUIDvMGE9HrYxZTxMWrVO2SS1Sx4yHP5Q5kT-e7Goat-vWaxmZ-PrrfXp6boVtQQQstdn1i8BSip7NETyr912uQxRlY6BUbMA12qEMoVwuodJKRgPCPb3fkIKpOycnGY0kg https://sun6-21.userapi.com/c235131/u647736509/docs/d12/1252c115442f/nudik.bmp?extra=DGoaqLEDsZ3vggeRfdmskz6ZM5azb77zzwL--59fZ45MDdw0qPOQf4y41LDFhStRPPoi2amvgrWPc6qnVp05BabutIeih26aH5tGiyYUTSF4JVORJU74v-DDmHCRMMAC6I3T2FLrjzABvjQEBQ https://sun6-23.userapi.com/c909628/u647736509/docs/d6/739bc3acf24e/RisePro.bmp?extra=4CuDyfIZuYP0bK3ZthEhDyIY7JTcPdNDWB-xWugKYKMzm7GYkAaCWBmMPL-CeiDi5CKnAyxfeLzY30Q5g8hsgJz_kOpQ4VpvA10LWfEQdi1KZEwr-PlrVfsWuYLypMmNjbUlSwPqmc2w3ipuOQ https://vk.com/doc647736509_665789779?hash=apIBNy1YzIlgOTOme2DjZEPMlC8mQMOrnNK6KuFrvTc&dl=KncEUWyJtdzd8EZ0lpauSTMDceKmPJX1qASzGUdtBnw&api=1&no_preview=1#nudik	48 Info db-ip.com(172.67.75.166) learn.microsoft.com(23.200.154.53) z.nnnaajjjgc.com(156.236.72.121) - malware api.myip.com(104.26.9.59) www.maxmind.com(104.17.214.67) iplis.ru(148.251.234.93) - mailcious sun6-22.userapi.com(95.142.206.2) busell.store(172.67.159.178) - malware zzz.fhauiehgha.com(103.100.211.218) - mailcious sun6-21.userapi.com(95.142.206.1) - mailcious ipinfo.io(34.117.59.81) bitbucket.org(104.192.141.1) - malware sun6-23.userapi.com(95.142.206.3) vk.com(87.240.132.78) - mailcious iplogger.org(148.251.234.83) - mailcious api.db-ip.com(172.67.75.166) transfer.sh(144.76.136.153) - malware 148.251.234.93 - mailcious 194.169.175.128 - mailcious 93.186.225.194 - mailcious 104.192.141.1 - mailcious 208.67.104.60 - mailcious 87.121.221.58 - malware 61.111.58.34 - malware 172.67.75.166 172.67.75.163 193.233.254.61 - mailcious 194.26.135.162 - mailcious 23.219.70.2 148.251.234.83 104.21.9.89 - malware 34.117.59.81 45.15.156.229 - mailcious 194.169.175.233 - malware 94.142.138.131 - mailcious 144.76.136.153 - mailcious 77.91.124.231 - malware 104.17.214.67 149.202.0.242 156.236.72.121 - mailcious 23.67.53.17 95.142.206.3 163.123.143.4 - mailcious 95.142.206.1 - mailcious 77.91.124.54 - mailcious 95.142.206.2 103.100.211.218 - malware 185.244.181.112	10 Info http://94.142.138.131/api/firegate.php http://208.67.104.60/api/tracemap.php http://193.233.254.61/loghub/master http://zzz.fhauiehgha.com/m/okka25.exe http://45.15.156.229/api/tracemap.php http://87.121.221.58/g.exe http://94.142.138.131/api/tracemap.php http://77.91.124.231/info/photo551.exe http://194.169.175.233:3002/file.exe https://busell.store/setup294.exe	6.2	M		ZeroCERT

9295	2023-08-18 17:24	dasHost.exe f226785987c5b4c128d4785c6a2d413d PE File PE64 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Windows Cryptographic key				2.4	M	23	ZeroCERT

9296	2023-08-18 17:22	ChromeSetup.exe e092af3320c668d973ca003e7ecc387f Generic Malware Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed				11.8	M	45	ZeroCERT

9297	2023-08-18 17:22	isHost.exe 700dfeedaf6d739064bdc295eabe23bf PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself				2.4	M	36	ZeroCERT

9298	2023-08-18 16:09	sqlite3.dll 1f44d4d3087c2b202cf9c90ee9d04b0f UPX PE File DLL PE32							yjw

9299	2023-08-18 15:53	sqlite3.dll 1f44d4d3087c2b202cf9c90ee9d04b0f UPX PE File DLL PE32							yjw

9300	2023-08-18 15:48	sqlite3.dll 1f44d4d3087c2b202cf9c90ee9d04b0f UPX PE File DLL PE32							yjw