Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9406	2023-10-20 17:36	lllllillilililiil.vbs c22b3eab9a5dbb2ac744e6d3c683bc30 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	2 Keyword trend analysis	2	1		7.6		7	ZeroCERT

9407	2023-10-20 17:36	bQK0.exe 7910bff79818720386ddbf4fa2d00b3c Malicious Packer Downloader ScreenShot AntiDebug AntiVM PE File PE32 Browser Info Stealer Remcos VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS DDNS keylogger	1 Keyword trend analysis	4	3		11.6		63	ZeroCERT

9408	2023-10-20 17:36	gen.txt.vbs 73e726752629a1a3dba427ec1c2927fa Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1			9.2	M	11	ZeroCERT

9409	2023-10-20 17:33	a3_2.jpg.exe d08f3729495ae6ed7e5d63e605c80cb1 .NET DLL PE File DLL PE32 VirusTotal Malware PDB					1.4		51	ZeroCERT

9410	2023-10-20 16:35	a3.jpg.exe ca0299d9cfce19b30bedc50656f16983 AsyncRAT UPX Malicious Packer .NET framework(MSIL) PE File PE32 .NET EXE OS Processor Check Malware download AsyncRAT NetWireRC Malware DNS DDNS		2	4		0.4			ZeroCERT

9411	2023-10-20 16:35	2.txt.ps1 133848a60273204305d389b93d512a2b Generic Malware Antivirus VirusTotal Malware unpack itself WriteConsoleW Windows Cryptographic key					1.2	M	6	ZeroCERT

9412	2023-10-20 16:35	0ef3m78ofl.js 294821b2898d04ac7d4972e00582c64d Generic Malware Antivirus powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key DDNS	2 Keyword trend analysis	2	3		6.4	M		ZeroCERT

9413	2023-10-20 09:26	HTMLincache.doc 0f8b57f118a80ad75a56a9bb3f1206ea MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	2		4.0	M	28	ZeroCERT

9414	2023-10-20 07:34	macringa2.1.exe f231a02d229e5f504eacc706629ae2f1 NSIS Malicious Library UPX PE File PE32 FormBook Malware download Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself	4 Keyword trend analysis Info http://www.jys639.com/t6tg/?ARr=iZSd4WcVLoxrty2SI4zYYm+k8zxr4doV+JNRrflDFWaXgV8umUmWRFTZcO/6j4IcEfQ2bA86&ndlpdZ=u4itArTPyX7D http://www.verificardsa.com/t6tg/?ARr=e3AQhDkaG9eafEaUpLL/rSilDzf/hET9ej10VBCXgx4U67QE0b9NWX3D0BBjP0VOu+agMW4z&ndlpdZ=u4itArTPyX7D http://www.izeera.com/t6tg/?ARr=m529FBdnR7W3BTzP5MxjwgE+mkLjoMm+UZfynz2FhzEQtAjK+eSB/JNk4Nuy1iudF5erJ+NJ&ndlpdZ=u4itArTPyX7D http://www.nextino.app/t6tg/?ARr=hbKaBdJJ6vFN8tzB35DGgEHrZG9ClC0kvKQfUGuMd838c0khCL09IqdRU/B5FhQhg2CjjGkb&ndlpdZ=u4itArTPyX7D	8	1		3.4	M		ZeroCERT

9415	2023-10-20 07:32	truever0510dn.exe 93556130a3846a62780b2b331cd19ea0 Gen1 Generic Malware Malicious Library UPX Admin Tool (Sysinternals etc ...) Malicious Packer Anti_VM PE File PE32 CAB OS Processor Check PE64 DLL ftp DllRegisterServer dll PNG Format Malware PDB Malicious Traffic Check memory buffers extracted Creates executable files unpack itself Tofsee ComputerName DNS	1 Keyword trend analysis	7	2		3.4	M		ZeroCERT

9416	2023-10-20 07:32	yes.exe 355e758c66e73f61dbaaeb7174f74de0 PE File PE64					0.8	M		ZeroCERT

9417	2023-10-20 07:31	newumma.exe dfd00cebfa70ea1470514e2c03770fd4 Malicious Library UPX Malicious Packer AntiDebug AntiVM PE File PE32 OS Processor Check PE64 Malware download Amadey Cryptocurrency Miner Malware AutoRuns PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Kelihos Tofsee Windows ComputerName DNS CoinMiner	4 Keyword trend analysis	13 Info rangeroverfan.org(172.67.165.223) - malware galandskiyher5.com(194.169.175.127) - malware foxandcatbet.org(104.21.71.26) - malware pastebin.com(104.20.67.143) - mailcious xmr-eu1.nanopool.org(51.15.193.130) - mailcious 51.255.34.118 193.42.33.7 - mailcious 194.169.175.127 - malware 79.137.192.18 - malware 104.21.66.240 104.21.71.26 - malware 51.15.65.182 - mailcious 172.67.34.170 - mailcious	10 Info ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Possible Kelihos.F EXE Download Common Structure ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org)	3	12.6	M		ZeroCERT

9418	2023-10-20 07:29	198.exe 0171e926fc187d40081567eeb2b2ef27 Malicious Library UPX PE File PE32 OS Processor Check					0.4			ZeroCERT

9419	2023-10-19 19:52	lnvoice_1332936990.js fd8654cbec65781ef40ef64410c93bf6 Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis				5.2		1	guest

9420	2023-10-19 18:42	HTMLcache8.dOC 2b81d6d754937ab82947a76d395df643 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic exploit crash Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	2		3.6	M	29	ZeroCERT