Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
9541	2023-10-16 18:35	fuljani.exe 942dbace85ab0d41045bb37a66ccb139 Generic Malware PE File PE32 .NET EXE VirusTotal Malware Buffer PE Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Tofsee ComputerName	1 Keyword trend analysis	2	2	4.8		40	ZeroCERT

9542	2023-10-16 18:35	fuljani.exe 942dbace85ab0d41045bb37a66ccb139 Generic Malware PE File PE32 .NET EXE VirusTotal Malware Buffer PE Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Tofsee ComputerName	1 Keyword trend analysis	2	2	4.8		40	ZeroCERT

9543	2023-10-16 12:55	gate4.exe 5c6b1ca0336366662d0f444e01f96a3a PrivateLoader RedLine stealer Themida Packer Generic Malware UPX Malicious Library VMProtect ScreenShot PWS Socket DGA Http API DNS Internet API SMTP Anti_VM AntiDebug AntiVM PE File PE64 PE32 ZIP Format DLL OS Processor Check PNG Format Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Microsoft Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder malicious URLs AntiVM_Disk suspicious TLD sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check installed browsers check PrivateLoader Tofsee Ransomware Stealer Windows Update Browser RisePro Email ComputerName Remote Code Execution DNS Cryptographic key Software crashed	35 Keyword trend analysis Info http://94.142.138.131/api/firegate.php - rule_id: 32650 http://45.15.156.229/api/firegate.php - rule_id: 36052 http://171.22.28.226/download/Services.exe - rule_id: 37064 http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://194.169.175.232/autorun.exe - rule_id: 36817 http://171.22.28.226/download/WWW14_64.exe - rule_id: 36907 http://45.9.74.80/zinda.exe - rule_id: 37063 http://193.42.32.118/api/firecom.php - rule_id: 36700 http://94.142.138.131/api/tracemap.php - rule_id: 28311 http://193.42.32.118/api/tracemap.php - rule_id: 36180 http://www.maxmind.com/geoip/v2.1/city/me http://77.91.68.249/navi/kur90.exe - rule_id: 37069 https://sun6-20.userapi.com/c909418/u52355237/docs/d49/167def964d1d/Bot_Clien.bmp?extra=u226KRhFNKTwHJMooCCPzPmniPztLgViu_UdzG-VjX2Hdo2VQ_csORN4_Q0LZziy1wB-axwEO9JNYx174ntsePx0FuTMM0e_GCG405SNGpQvMEhf73KuF7vrvBeRTnAAwZp-CVmWviwj4x0M https://db-ip.com/demo/home.php?s=175.208.134.152 https://sun6-23.userapi.com/c909228/u52355237/docs/d38/fa41d55bfcd2/d3h782af.bmp?extra=x2wWuvzLp9U9MFpMuHZvNeDGbtRLE0wlF7xXDQEgYuMpz0YX4nSn8o70AXGDKhvOM9YscK1wrIJ3gioKVHDTS71MBi-kHvMK6C3w00FHmTA2gPyAb3GAalPr1Iq8MFdFriiC1VsUCrdiBBIt https://vk.com/doc52355237_666953453?hash=NVFeHD1X6xxwiPyDZ4kbilHig693YsIH5g6X9HkS69s&dl=dzQeH4YkPFmuRHRZXunNV4NBh3hv5ZLppdno3QUFjqD&api=1&no_preview=1#rise https://vk.com/doc52355237_666962194?hash=6q38NEAvszC9RaRujZr6ZVjib9zBVZremmdPy8csKIw&dl=vi5dQPwpzhvYIPezYQtsimILAKZctT0T5feFndBaxT8&api=1&no_preview=1#55 https://schematize.pw/setup294.exe - rule_id: 37138 https://sun6-23.userapi.com/c909518/u52355237/docs/d48/03ed792486f2/WWW11_32.bmp?extra=BDTRbaczcnbNzBo0BOe-ypzZEprOU10IkpkSzte4_V8G371fkmp_shttiZOFe2G1ASGDl-WPX9fz5UxXrtRJAgBkbTqjDYOK0KXnwLo7S-B1oMpIKEG-z8PCsBkFTg520y7LBkTmUfiZSrtb https://sun6-23.userapi.com/c909418/u52355237/docs/d18/6dea2083151c/crypted.bmp?extra=fsba2zHpXvqaKaIs2cqbeh5vyBbuwJUz1GDJrKswAJIhi-uQ6bVTt1ZthUMWNp4RKY7PjMjHY4Ma_mmFnBFnz8T2TeqY1eHF6BqoZPrQTE5hBFV2aHat9V0upNqQz5qlhcM1Nx2yUiz1RdD4 https://db-ip.com/ https://sun6-22.userapi.com/c909218/u52355237/docs/d2/0ad6080636be/RisePro.bmp?extra=PqUzNShtdQ-VVGbOsb_U5PPXWQnmOykXCr2fivqUjiKkJwon0GTt09KEwh_9I68Dc5f0DQX1ply0EcnMJc9OgcjXAI8IkIAS0jKP-35agrJxkRrVKKABaH75pGdH6_DdpAnsxm5a-uDanq3h https://sun6-21.userapi.com/c237231/u52355237/docs/d27/febee9ba14ad/tmvwr.bmp?extra=KGmYpPVPqL1gWi9xyYdQGc9kE9zKzbY56JcAJV9iuZtoaTKYIdPjQcwEJi0bbYZccEU8xrKK9HW6FyaWz3VwbVmZxYG_2qmXrDvnZSdHp0boKwH__hcxkzXGDY-cpDrcR3ByVwRXBGUFBCA6 https://vk.com/doc52355237_667000543?hash=eKOuemWuRCZmXal2YVj4QW37gepCmLzd9U7bLDKtdnX&dl=Le3z6AAKjnE7RlnXRnVZJtvMGIu3iOAwG2df2VZCSfz&api=1&no_preview=1#test22 https://dzen.ru/?yredirect=true https://sso.passport.yandex.ru/push?uuid=0db9eca3-374f-45c1-8887-36a74b181ed4&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue https://vk.com/doc52355237_666904463?hash=UxTczsuPw9hubob0BlwxReQuXuRVMu7K4lkIHd53nfc&dl=pL6TKclvjp9CpzQWGzva7G0EpGDeSydWo0xKWmJnj6o&api=1&no_preview=1#WW11 https://api.2ip.ua/geo.json https://sun6-23.userapi.com/c909228/u52355237/docs/d47/bcda7d7ba2d6/test222.bmp?extra=GzyOtEQtKTC3VoTX4BnD-XTSQBc84p66dFqVHCs6w0VNIzwoEOOArPYB4Kra3QYsCY6Q5lJRsdsoheUUeiOTRdVzlgMBxM95pEXkuMRNKZKeX0Vv4pn-zyZtwt586DxQGHtIi7RMD4sCd6BW https://vk.com/doc52355237_666996873?hash=DTmX6GpQzg0mSZJ3QBf9KMyoAQLjAN2VneVoP2TiOB8&dl=3T0LCAZCJSJEhCRk9I2GHnvey9MXQk00H3a77N9btwD&api=1&no_preview=1 https://vk.com/doc52355237_666990393?hash=FTORQeSjuGQM3QZ0VZVmUaPzzMTjiHgVozgZL1VKkLs&dl=WHDNqvgddqa5sNEafsQGa9H9myfZRZuS1RHM37yysD8&api=1&no_preview=1 https://sun6-20.userapi.com/c909228/u52355237/docs/d55/a0f4bd8121f1/PL_Client.bmp?extra=gHHzZgmQ2ix-eyDuXWWUkcOvwwyUCy5E3P9WTu6vphlfKcCiFbxuGjvCO_1EJxvkfs2bGFSfr_9PlZsRCq65LOri_c51dD0gx807OeObF3eM6u1R8XpQ0HJzY5ESz-7d2hCuHgwJqj6q2qx6 https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://sun6-23.userapi.com/c909628/u52355237/docs/d45/362847a669f2/44.bmp?extra=HTogS9Udy-zScPsV8Lv4flcVw5qsSLuY9mdyAh5RRn5xhDPI8DfW9wtYF2X9SS9jhOM-3_rypQvzo-pT4vmB5SI_QdmT89HOjHvIcqqjQ3qOU-NfnB8XQLZDws7kGj9EbiGU5OrFcamzfHKn https://vk.com/doc52355237_666985371?hash=xUCdQotbw4FtZlATzAL4qnHpx7ewB6dgNtlbn7gwXm4&dl=xZf2pdqcEKVJkPKzgfXwyOhSAkzUukUObYzCFT4qurw&api=1&no_preview=1#1	54 Info api.2ip.ua(172.67.139.220) db-ip.com(104.26.4.15) telegram.org(149.154.167.99) schematize.pw(172.67.152.98) - malware iplis.ru(148.251.234.93) - mailcious www.maxmind.com(104.18.146.235) ipinfo.io(34.117.59.81) iplogger.org(148.251.234.83) - mailcious jackantonio.top(45.132.1.20) - malware onualituyrs.org(91.215.85.209) - malware sun6-22.userapi.com(95.142.206.2) - mailcious twitter.com(104.244.42.193) api.myip.com(104.26.8.59) sun6-23.userapi.com(95.142.206.3) - mailcious sun6-20.userapi.com(95.142.206.0) - mailcious yandex.ru(77.88.55.60) vk.com(87.240.132.72) - mailcious sso.passport.yandex.ru(213.180.204.24) sun6-21.userapi.com(95.142.206.1) - mailcious api.db-ip.com(104.26.5.15) dzen.ru(62.217.160.2) 148.251.234.93 - mailcious 194.169.175.128 - mailcious 104.18.146.235 87.240.129.133 - mailcious 62.217.160.2 104.244.42.1 - suspicious 104.26.5.15 149.154.167.99 - mailcious 193.42.32.118 - mailcious 172.67.75.166 91.215.85.209 - mailcious 171.22.28.226 - malware 87.240.132.67 - mailcious 34.117.59.81 77.88.55.60 148.251.234.83 185.225.75.171 - mailcious 213.180.204.24 45.132.1.20 45.9.74.80 - malware 194.169.175.232 - malware 176.123.9.142 - mailcious 77.91.68.249 - malware 104.26.9.59 45.15.156.229 - mailcious 172.67.152.98 - malware 104.26.4.15 95.142.206.3 - mailcious 95.142.206.2 - mailcious 172.67.139.220 95.142.206.0 - mailcious 95.142.206.1 - mailcious 94.142.138.131 - mailcious	31 Info SURICATA Applayer Mismatch protocol both directions SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) ET DNS Query to a .top domain - Likely Hostile ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET DNS Query to a .pw domain - Likely Hostile ET DROP Spamhaus DROP Listed Traffic Inbound group 7 ET INFO Executable Download from dotted-quad Host ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET INFO HTTP Request to a *.top domain ET HUNTING Suspicious services.exe in URI ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Packed Executable Download ET HUNTING Possible EXE Download From Suspicious TLD ET INFO TLS Handshake Failure ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP) ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer Activity (Response) ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI)	30.4	M	31	ZeroCERT

9544	2023-10-16 12:52	kenspa.txt.exe 5a41d36eb69dd4649d09163b8dd7e759 Malicious Packer PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory AntiVM_Disk suspicious TLD VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	9 Info ET DNS Query to a .top domain - Likely Hostile ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP Request to a .top domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	6.6			ZeroCERT

9545	2023-10-16 12:52	kenjkt.txt.exe f871241fffd3002353e3ed0eea50daa5 Malicious Library UPX Malicious Packer PE File PE32 .NET EXE OS Name Check OS Memory Check OS Processor Check Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed keylogger		3	4	6.8			ZeroCERT

9546	2023-10-16 12:50	bulak.txt.exe c630301e6fa6e55bbb4eedeafb870f83 PE File PE32 .NET EXE Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName	1 Keyword trend analysis	2	1	6.8			ZeroCERT

9547	2023-10-16 12:50	investorlokibase64.txt.exe 548a3fa91d4c14218f61e38fdffaebe7 Malicious Packer PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory AntiVM_Disk suspicious TLD VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	9 Info ET DNS Query to a .top domain - Likely Hostile ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET INFO HTTP Request to a .top domain ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	6.6			ZeroCERT

9548	2023-10-16 12:50	invkmc.jpg.vbs.exe 7d2913e9f825bd506141c69d609e50dd PE File DLL PE32 DNS		1		0.6			ZeroCERT

9549	2023-10-16 12:50	invkmc.jpg2.vbs.exe 4e6f8a41871bf79323253b90b9c938ff PE File PE32							ZeroCERT

9550	2023-10-16 12:50	My2.exe df280925e135481b26e921dd1221e359 PE File PE64 VirusTotal Cryptocurrency Miner Malware DNS CoinMiner		4	1	2.2		47	ZeroCERT

9551	2023-10-16 12:44	toolspub2.exe c054b59d8acd94091def95ac0eb1b21d Malicious Library Malicious Packer AntiDebug AntiVM PE File PE32 VirusTotal Malware PDB Code Injection Checks debugger buffers extracted unpack itself				7.0		32	ZeroCERT

9552	2023-10-16 12:38	x9.x9.x9.x0.x0.x0.doc 4263e519252b6b43dd6901b64f05133d MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash Exploit DNS crashed	1 Keyword trend analysis	1	1	3.8	M	35	ZeroCERT

9553	2023-10-16 12:04	looksoprettyundertheroof.vbs c6754754996c3347b6cafe44af0e7cdc Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	3	1	9.2		18	ZeroCERT

9554	2023-10-16 12:04	kenspa.vbs a32b1ecc7fc8c489e23976d324d5c4aa Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	3	1	8.6		18	ZeroCERT

9555	2023-10-16 12:04	kenjkt.vbs 5029c7922f007aee3bba22e60cab46c6 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	3	1	8.6		17	ZeroCERT