Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9346	2023-10-24 14:55	build.exe 3ed791d0d3ef43adf351275e0e2d5eb1 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself Remote Code Execution					2.2	M	35	ZeroCERT

9347	2023-10-24 14:41	mashilao.txt.exe da5957bd18549edc1c451f1ab98aa4c5 AgentTesla Malicious Library UPX PE File PE32 .NET EXE Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName crashed					3.8		56	ZeroCERT

9348	2023-10-24 10:03	setup.7z 4c65dedbb73fbb8d9daae8179d67082b Escalate priviledges PWS KeyLogger AntiDebug AntiVM Malware download Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check PrivateLoader Tofsee Lumma Stealer DNS	8 Keyword trend analysis Info http://94.142.138.131/api/firegate.php - rule_id: 32650 http://94.142.138.131/api/tracemap.php - rule_id: 28311 http://dannyleagy.fun/api http://volkels.fun/api https://volkels.fun/api https://psv4.userapi.com/c909328/u52355237/docs/d47/c541f110e091/Installation.bmp?extra=UgwBGkMcfjcRXxJpAN_ASDuA0Ulq2C1OYolHMcvZH2Z240wWgFPur2bYY2ipG1c__XCmg7VaCVjAHzDdCrA1S8XNsrR_lsV0QDzjRvhM0brwyhjZhKAOz1A4_7Q9pVPYoNMU8ICt2QCICYFC https://vk.com/doc52355237_667317398?hash=Nzo9Lpy2lnkLk0e9i3sM5Q7Rmhu0skEqTijVFqSmRV4&dl=zTGHW6YEQC0elKjKTCqYaLRzYnULI1fc07ZVd4bICGH&api=1&no_preview=1 https://api.myip.com/	13 Info psv4.userapi.com(87.240.190.89) api.myip.com(172.67.75.163) ipinfo.io(34.117.59.81) dannyleagy.fun(104.21.92.100) volkels.fun(104.21.42.158) vk.com(87.240.132.67) - mailcious 104.21.92.100 - mailcious 172.67.163.133 - malware 172.67.75.163 87.240.190.89 87.240.129.133 - mailcious 94.142.138.131 - mailcious 34.117.59.81	6 Info ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA Applayer Mismatch protocol both directions ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE [ANY.RUN] Win32/Lumma Stealer Check-In	2	4.2	M		ZeroCERT

9349	2023-10-24 09:41	luoves.vbs 0ce3fdcbefda30517ac10b2fdf96f426 AgentTesla Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM PowerShell Browser Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee EXPLOIT_KIT Windows Exploit Browser Email ComputerName DNS Cryptographic key crashed	2 Keyword trend analysis	3	2	1	15.2	M	15	ZeroCERT

9350	2023-10-24 09:37	stodio.ps1 0c98e19efb1135d07bb79af8bee0956d Generic Malware Antivirus VirusTotal Malware Check memory unpack itself Windows Cryptographic key					1.2		6	ZeroCERT

9351	2023-10-24 09:37	millianozx.doc b394ab992ac85ab0fefc4a7d3d181bbd MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash suspicious TLD Windows Exploit DNS crashed	11 Keyword trend analysis Info http://www.kectapp.xyz/qbru/ http://www.jantanslot.xyz/qbru/ http://www.micsites.com/qbru/?11=mDZ2amPM8lWqbeAYWcDKqdpiecTJ9prCGyOd2oWqi+yKbAV58Q/8VgXtpTMQ/k9YpjQqe6WeoDmxmXaptUBmMq6sDIRlbyaAuf4h15w=&LQk=H8uqa http://www.0857.bet/qbru/ http://www.thefulfilleddog.net/qbru/?11=1EPu3c3qpncBWw5AsPbmO/uk1IuylEz0DkrYlvCIwqSSQ2S5BpR/UJA6bHVgZ1CeA3nqd3Tiw9yI3Ym4nbGMG+qDHZJm8eYC1fBVsac=&LQk=H8uqa http://www.thefulfilleddog.net/qbru/ http://www.micsites.com/qbru/ http://www.sqlite.org/2017/sqlite-dll-win32-x86-3160000.zip http://www.0857.bet/qbru/?11=k1gkcJ6tXVBJWcfD5JFdj9jh1GwKScxeJP6VCK1BK8ixvV5VgN0eYG6gTrvugstFS6wF93GzuEqrlILkxAhWglV5VSYx8lCBsUKmTZc=&LQk=H8uqa http://www.jantanslot.xyz/qbru/?11=kMrvYXKBNwaF4E5tRezPj5SMX6XQ+ILaa8SXqvb1iySbFntGTH4YGFtALrA4UwFGSL+bmisufUZFVXdWgTdYvXpvkIKAL06RY9IgoHM=&LQk=H8uqa http://fresh1.ironoreprod.top/_errorpages/millianozx.exe	12 Info www.thefulfilleddog.net(91.195.240.19) www.rinconesdetenerife.com() www.micsites.com(162.241.63.76) www.jantanslot.xyz(91.195.240.19) www.kectapp.xyz(162.0.233.82) www.0857.bet(91.195.240.19) fresh1.ironoreprod.top(172.67.166.168) - mailcious 91.195.240.19 - mailcious 172.67.166.168 - mailcious 162.0.233.82 162.241.63.76 45.33.6.223	5		4.4	M	33	ZeroCERT

9352	2023-10-24 09:36	2.txt.ps1 aadf28a8133c1568c175e89318d94c7c Generic Malware Antivirus VirusTotal Malware unpack itself WriteConsoleW Windows Cryptographic key	1 Keyword trend analysis				1.2		6	ZeroCERT

9353	2023-10-24 07:55	sus.exe 7412fa29d56312aeba1f8b6270233b3c Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check Malware PDB Code Injection buffers extracted DNS		1			7.0	M		ZeroCERT

9354	2023-10-24 07:54	millianozx.exe 457727c9b8dd78217d49bea020449909 AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself AppData folder Browser DNS	14 Keyword trend analysis Info http://www.kectapp.xyz/qbru/?anOq=AKv6Sx9RVd6z2/31a4gR3Wgyc3JtU8qKmPe7+UrIL8TjLxsJecLezwQjuZ98RUtGdoqXoCw2Dq51ZBZibaR07jPp//OuLsnn2xhjFf8=&3a2x=2fb-JND6m3 http://www.lobbytoto.monster/qbru/?anOq=iQ92ur2Sdw35d14MbXAly4d2Faqd60R4I1Dw/Tl8gFH8stlpyoNHbAizaH+Bw3DHRGVIsqMgKgbAqfkREWr/tUz6nTc7E4egZH6ltrM=&3a2x=2fb-JND6m3 http://www.thefulfilleddog.net/qbru/?anOq=1EPu3c3qpncBWw5AsPbmO/uk1IuylEz0DkrYlvCIwqSSQ2S5BpR/UJA6bHVgZ1CeA3nqd3Tiw9yI3Ym4nbGMG+qDHZJm8eYC1fBVsac=&3a2x=2fb-JND6m3 http://www.jantanslot.xyz/qbru/ http://www.noobblaster.com/qbru/?anOq=JwUQbw9gdYZct0LJFqgQhomntkVU4J4oJl17WXJ+AFRyfT4sHnCJTE/q+g/8FXC2UPAGWJVVrTRCX1X2jmb+aDKdlWJFqx0qGNhg4lw=&3a2x=2fb-JND6m3 http://www.sqlite.org/2018/sqlite-dll-win32-x86-3230000.zip http://www.sqlite.org/2020/sqlite-dll-win32-x86-3330000.zip http://www.sqlite.org/2019/sqlite-dll-win32-x86-3290000.zip http://www.micsites.com/qbru/?anOq=mDZ2amPM8lWqbeAYWcDKqdpiecTJ9prCGyOd2oWqi+yKbAV58Q/8VgXtpTMQ/k9YpjQqe6WeoDmxmXaptUBmMq6sDIRlbyaAuf4h15w=&3a2x=2fb-JND6m3 http://www.sqlite.org/2021/sqlite-dll-win32-x86-3340000.zip http://www.investpenedes.cat/qbru/?anOq=YZJFXZ9xfpf30tJgDxxTGEGE+KMVd/EzeWPkmUEDc5guDi5jW3/N8gPEof6kX9EypdrpCcrqioTdxt2KvHn8uye9Hb50fauqm3W9FDg=&3a2x=2fb-JND6m3 http://www.jantanslot.xyz/qbru/?anOq=kMrvYXKBNwaF4E5tRezPj5SMX6XQ+ILaa8SXqvb1iySbFntGTH4YGFtALrA4UwFGSL+bmisufUZFVXdWgTdYvXpvkIKAL06RY9IgoHM=&3a2x=2fb-JND6m3 http://www.sqlite.org/2019/sqlite-dll-win32-x86-3270000.zip http://www.0857.bet/qbru/?anOq=k1gkcJ6tXVBJWcfD5JFdj9jh1GwKScxeJP6VCK1BK8ixvV5VgN0eYG6gTrvugstFS6wF93GzuEqrlILkxAhWglV5VSYx8lCBsUKmTZc=&3a2x=2fb-JND6m3	17 Info www.lobbytoto.monster(91.195.240.123) www.thefulfilleddog.net(91.195.240.19) www.rinconesdetenerife.com() www.micsites.com(162.241.63.76) www.jantanslot.xyz(91.195.240.19) www.kectapp.xyz(162.0.233.82) www.0857.bet(91.195.240.19) www.investpenedes.cat(137.135.184.158) www.noobblaster.com(167.172.228.26) 91.195.240.19 - mailcious 137.135.184.158 162.0.233.82 91.195.240.123 - mailcious 167.172.228.26 - mailcious 162.241.63.76 45.33.6.223 157.240.215.35			10.4	M	30	ZeroCERT

9355	2023-10-24 07:51	angi.exe f281b31a99932f0d6c1fa3dd0649a36a Gen1 Generic Malware Malicious Library UPX Antivirus PE File PE64 OS Processor Check DLL PE32 Browser Info Stealer Malware download VirusTotal Malware Cryptocurrency wallets Cryptocurrency PDB Malicious Traffic Check memory Checks debugger buffers extracted unpack itself AppData folder sandbox evasion Ransomware Lumma Stealer Browser ComputerName	1 Keyword trend analysis	2	2		7.2	M	37	ZeroCERT

9356	2023-10-24 07:50	texaszx.exe 2aaebe44a0a2a7f2512f13a45a979406 PWS KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS Software crashed		6	4		10.8	M	29	ZeroCERT

9357	2023-10-24 07:50	foto2552.exe 5e967436bbe28a1b2b6d4016ae7b5024 Amadey RedLine stealer Gen1 Emotet Malicious Library UPX Admin Tool (Sysinternals etc ...) ScreenShot PWS AntiDebug AntiVM PE File PE32 CAB PNG Format MSOffice File DLL OS Processor Check Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Tofsee Stealc Stealer Windows Exploit Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	24 Keyword trend analysis Info http://193.233.255.73/loghub/master - rule_id: 37500 http://77.91.124.1/theme/Plugins/clip64.dll - rule_id: 37036 http://77.91.124.1/theme/Plugins/cred64.dll - rule_id: 37037 http://77.91.124.1/theme/index.php - rule_id: 37040 https://www.youtube.com/img/desktop/supported_browsers/firefox.png https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyz5YVxzRBWdpyuUtppgdvRy2Tw194Av0LWqrv008iX9c7bZnoHLo250QAw7Iz6oyudGemXR1A https://accounts.google.com/_/bscframe https://accounts.google.com/generate_204?6-E0fA https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc-.woff https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://www.youtube.com/img/desktop/supported_browsers/edgium.png https://accounts.google.com/ https://www.youtube.com/img/desktop/supported_browsers/yt_logo_rgb_light.png https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxM.woff https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxQBLRrENNzDGU7Qlkoss48yKJ12ueLob1lnUSvITk9Wdk0c8W1-KA6F38Oypk5hTx5sGjsKg&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S470064247%3A1698101077522125 https://www.youtube.com/img/desktop/supported_browsers/dinosaur.png https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2F https://fonts.googleapis.com/css?family=YouTube+Sans:500 https://www.google.com/favicon.ico https://www.youtube.com/img/desktop/supported_browsers/chrome.png https://www.youtube.com/img/desktop/supported_browsers/opera.png https://fonts.gstatic.com/s/youtubesans/v19/Qw3hZQNGEDjaO2m6tqIqX5E-AVS5_rSejo46_PCTRspJ0OosolrBEJL3HMXfxQASluL2m_dANVawBpSF.woff https://fonts.googleapis.com/css?family=Roboto:400,500	18 Info ssl.gstatic.com(142.250.206.227) www.facebook.com(157.240.31.35) www.google.com(142.250.76.132) www.youtube.com(142.251.222.14) - mailcious fonts.googleapis.com(172.217.161.234) accounts.google.com(142.250.206.205) fonts.gstatic.com(142.250.207.99) 142.251.220.78 142.251.220.45 77.91.124.86 172.217.27.36 51.68.143.81 193.233.255.73 - mailcious 77.91.124.1 - malware 172.217.24.227 172.217.31.10 157.240.215.35 142.250.66.67	13 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	4	20.2	M		ZeroCERT

9358	2023-10-24 07:48	snow.exe bd136d61e094dd46fae5f3fda5d18d48 LokiBot PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed keylogger		4	5		14.4	M	43	ZeroCERT

9359	2023-10-24 07:48	nalo.exe 35ec78636adb2e2094fc506736d9ffe1 Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check Malware download VirusTotal Malware PDB Code Injection Malicious Traffic buffers extracted unpack itself Stealc Browser DNS	1 Keyword trend analysis	1	2	1	8.2	M	19	ZeroCERT

9360	2023-10-24 07:48	newmar.exe 6020dace849357f1667a1943c8db7291 Emotet Gen1 Malicious Library UPX Confuser .NET AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check icon PE64 DllRegisterServer dll MZP Format DLL VirusTotal Cryptocurrency Miner Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName DNS crashed CoinMiner		7	6 Info ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET INFO TLS Handshake Failure ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner)		11.4	M	56	ZeroCERT