Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9571	2023-10-16 11:08	cred64.dll 7d6c819c7accbd9abe8f6c4eb087eea2 Browser Login Data Stealer Malicious Library UPX PE File DLL PE64 OS Processor Check VirusTotal Malware PDB Checks debugger installed browsers check Browser ComputerName crashed					2.4		49	ZeroCERT

9572	2023-10-16 11:06	timeSync.exe 03a76b21baa5f39e5f592ad2e11a6336 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself					2.0		36	ZeroCERT

9573	2023-10-16 11:05	humblezx.exe 9db0aa4d2c28205d89536de9244cb7e8 AgentTesla SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS crashed		2	4		9.6		56	ZeroCERT

9574	2023-10-16 11:04	gffdgfdgfdg.msi d5e7a19ebeaa041c09162cac95747cd1 Malicious Library MSOffice File CAB OS Processor Check VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName					2.8		38	ZeroCERT

9575	2023-10-16 11:03	source2.exe f7f4c10dd56dd175ed57b936d3ae87d1 UPX Admin Tool (Sysinternals etc ...) .NET framework(MSIL) Http API ScreenShot Internet API AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer Malware download VirusTotal Malware Cryptocurrency wallets Cryptocurrency PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications sandbox evasion installed browsers check Ransomware Lumma Stealer Windows Browser ComputerName Firmware Cryptographic key	1 Keyword trend analysis	2	2		14.8		48	ZeroCERT

9576	2023-10-16 11:01	treelatestprores.exe ff43aae7083352dc2d8251c1e622c737 Lumma Gen1 Emotet Malicious Library UPX Http API ScreenShot Internet API AntiDebug AntiVM PE File PE64 CAB OS Processor Check MSOffice File PNG Format PE32 .NET EXE JPEG Format Browser Info Stealer Malware download VirusTotal Malware Cryptocurrency wallets Cryptocurrency AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder sandbox evasion WriteConsoleW installed browsers check Tofsee Ransomware Lumma Stealer Windows Exploit Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key crashed	3 Keyword trend analysis	5	8 Info ET INFO HTTP Request to a .pw domain ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration ET MALWARE [ANY.RUN] Win32/Lumma Stealer Check-In ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET INFO TLS Handshake Failure ET DNS Query to a .pw domain - Likely Hostile	3	20.8	M	49	ZeroCERT

9577	2023-10-16 11:01	x9.x9.x9.x0.x0.x0.doc 4263e519252b6b43dd6901b64f05133d MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Exploit crashed					2.8		35	ZeroCERT

9578	2023-10-16 11:00	pablozx.exe be5084e351dfbf93ca2cc522907e4cc6 Formbook .NET framework(MSIL) AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	3 Keyword trend analysis Info http://www.qysdh1.xyz/o6g2/?w6A=XUg8FO+nVdlH42qXv6cQzVTq2CnZ0d6dCbTCSKxll3i1vjg3d0RwyGaC9/JEVpNUv7bz2nUz&-ZS=W6O83nah- http://www.hydrauliczny.online/o6g2/?w6A=8NW9x49tJV1H9qvd2CBk+oBG7l2hdO9qMKvqNWWs9eYHU8Mmj6uZZUB5FkBqZUv7ofCiF+Pz&-ZS=W6O83nah- http://www.educationacielouvert.com/o6g2/?w6A=eeE/5eXEYnavNnNDmshcqn1xSUo8zOrK/Ya4aXTZXUIFTrCuM6Tmu8ev7YaAflYE+piVwyda&-ZS=W6O83nah-	6	2		8.6		54	ZeroCERT

9579	2023-10-16 10:58	rc2.jpg 9727340e36156ec7295b019317a9c5d5 PE File DLL PE32 VirusTotal Malware crashed					2.2		44	ZeroCERT

9580	2023-10-16 10:57	sihost.exe 12e015f7ce3f2092a290eccf26de6889 Generic Malware Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed		2	4		12.6		53	ZeroCERT

9581	2023-10-16 09:56	foto2552.exe c7523bca22d87a152b8c10c02736a335 Amadey RedLine stealer Gen1 Emotet Generic Malware Malicious Library UPX Antivirus Admin Tool (Sysinternals etc ...) Malicious Packer ScreenShot PWS AntiDebug AntiVM PE File PE32 CAB PNG Format MSOffice File OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Microsoft AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Collect installed applications powershell.exe wrote suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Tofsee Stealc Stealer Windows Exploit Browser Email ComputerName Remote Code Execution DNS Cryptographic key Software crashed Downloader	49 Keyword trend analysis Info http://5.42.92.88/loghub/master http://77.91.124.1/theme/Plugins/cred64.dll - rule_id: 37037 http://77.91.68.52/fuza/foto2552.exe http://77.91.124.1/theme/Plugins/clip64.dll - rule_id: 37036 http://77.91.124.1/theme/index.php - rule_id: 37040 https://facebook.com/security/hsts-pixel.gif?c=3.2.5 https://www.facebook.com/favicon.ico https://www.facebook.com/login https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeywqvzTXJCBjF9Krz5UewUtmNlhIo1BS8-fexhnyRwXiKcYoKisy5fbyeo0_7MMbPVvKQe3s https://static.xx.fbcdn.net/rsrc.php/v3/yB/l/0,cross/qz5m5ZNj4YA.css?_nc_x=Ij3Wp8lg5Kz https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png https://fonts.googleapis.com/css?family=Roboto:400,500 https://fbsbx.com/security/hsts-pixel.gif?c=5 https://connect.facebook.net/security/hsts-pixel.gif https://accounts.google.com/generate_204?QoZb0Q https://www.youtube.com/ https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyzBQFfM-zgimivF77SXFn_CtNlk_Zx-KTSJ1hmwlPAI3lcCA3Htt7SepazY5A750yWTYAOAag https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2F https://fonts.googleapis.com/css?family=YouTube+Sans:500 https://www.youtube.com/img/desktop/supported_browsers/chrome.png https://static.xx.fbcdn.net/rsrc.php/v3imQ-4/yl/l/ko_KR/CdEEViHRUhC.js?_nc_x=Ij3Wp8lg5Kz https://static.xx.fbcdn.net/rsrc.php/v3/yc/l/0,cross/1FPNULrhhBJ.css?_nc_x=Ij3Wp8lg5Kz https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/O7nelmd9XSI.png https://www.youtube.com/img/desktop/supported_browsers/firefox.png https://accounts.google.com/generate_204?6JaKqw https://www.youtube.com/img/desktop/supported_browsers/edgium.png https://static.xx.fbcdn.net/rsrc.php/v3/yr/l/0,cross/u4xvA0Tw-4L.css?_nc_x=Ij3Wp8lg5Kz https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyyvqedP1KTGaespiPNNUuOOhhlNIWdRWejAZmR61I2VV-ku55l7L8gdnH1EC5fauuzoF1J2fA&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S504171679%3A1697417176414722 https://static.xx.fbcdn.net/rsrc.php/v3/yi/l/0,cross/s3epWMBo1FX.css?_nc_x=Ij3Wp8lg5Kz https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyz6pDefJyKshYFsDLzJUIYEkQBxjlzW7Psw7k8R--D2gwUfEF8gBSj8fOPfztqQKz1zgy7RqQ&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-419032450%3A1697417189597662 https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeywF-mDMSOkEjswyonfbOEtS8T9hact2vcwHgZZt-ZnDN2gujzOMIGtK2wUeYYtVpRN3jXclQg&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S50465221%3A1697417225539467 https://static.xx.fbcdn.net/rsrc.php/v3/yH/l/0,cross/zDdQsF0sOjp.css?_nc_x=Ij3Wp8lg5Kz https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc-.woff https://static.xx.fbcdn.net/rsrc.php/yI/r/4aAhOWlwaXf.svg https://fbcdn.net/security/hsts-pixel.gif?c=2.5 https://static.xx.fbcdn.net/rsrc.php/v3/yV/l/0,cross/om552iOCRxJ.css?_nc_x=Ij3Wp8lg5Kz https://static.xx.fbcdn.net/rsrc.php/v3/yG/r/rAl2Hl1fQTa.js?_nc_x=Ij3Wp8lg5Kz https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/Y0L6f5sxdIV.png https://static.xx.fbcdn.net/rsrc.php/v3/ya/r/v2fcQEWFLez.js?_nc_x=Ij3Wp8lg5Kz https://www.youtube.com/img/desktop/supported_browsers/yt_logo_rgb_light.png https://static.xx.fbcdn.net/rsrc.php/v3/ye/l/0,cross/seCHURQhRK2.css?_nc_x=Ij3Wp8lg5Kz https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxM.woff https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyw4RWVwonSQV9wc-sJ0hblW9eUgDp1jATZxto4xsZPzcpyg4ePyDYNLFo8tESUhKgBEKv4xqw https://www.youtube.com/img/desktop/supported_browsers/dinosaur.png https://accounts.google.com/generate_204?hKrxwg https://www.youtube.com/img/desktop/supported_browsers/opera.png https://fonts.gstatic.com/s/youtubesans/v19/Qw3hZQNGEDjaO2m6tqIqX5E-AVS5_rSejo46_PCTRspJ0OosolrBEJL3HMXfxQASluL2m_dANVawBpSF.woff	26 Info static.xx.fbcdn.net(157.240.215.14) www.facebook.com(157.240.215.35) fbsbx.com(157.240.215.35) www.google.com(142.250.76.132) connect.facebook.net(157.240.215.14) www.youtube.com(142.250.198.14) - mailcious ssl.gstatic.com(142.250.206.227) fbcdn.net(157.240.215.35) accounts.google.com(142.250.206.205) facebook.com(157.240.215.35) fonts.gstatic.com(142.250.207.99) fonts.googleapis.com(142.250.207.106) 142.250.207.67 142.251.222.206 157.240.215.14 172.217.24.67 5.42.92.88 77.91.124.55 - mailcious 77.91.68.52 - mailcious 77.91.124.1 - malware 172.217.25.13 172.217.24.227 216.58.200.228 157.240.215.35 142.250.66.67 142.250.199.74	19 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET INFO PS1 Powershell File Request ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Dotted Quad Host DLL Request ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	3	26.4	M	45	ZeroCERT

9582	2023-10-16 09:47	newrock.exe 5678c3a93dafcd5ba94fd33528c62276 Amadey Malicious Library UPX Malicious Packer AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check PE64 Malware download Amadey VirusTotal Cryptocurrency Miner Malware AutoRuns Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW human activity check Kelihos Windows ComputerName Trojan DNS crashed CoinMiner	5 Keyword trend analysis Info http://galandskiyher5.com/downloads/toolspub2.exe http://95.214.27.254/getfile/msedge.exe - rule_id: 36103 http://95.214.27.254/getfile/winlog.exe - rule_id: 36102 http://95.214.27.254/getfile/taskhost.exe - rule_id: 36133 http://5.42.65.80/8bmeVwqx/index.php - rule_id: 36023	10	14 Info ET MALWARE Amadey Bot Activity (POST) ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M1 ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET HUNTING SUSPICIOUS winlog.exe in URI Probable Process Dump/Trojan Download ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Possible Kelihos.F EXE Download Common Structure ET INFO Packed Executable Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner)	4	14.6	M	49	ZeroCERT

9583	2023-10-16 09:45	sihost.exe 7d53ef9b324f31e4258e85abff6b3024 Malicious Library UPX PE File PE32 OS Processor Check unpack itself					0.6	M		ZeroCERT

9584	2023-10-14 12:59	AppaltQD.exe 1a687a4c22bfcb3fcf4c19a05d6da9e5 Malicious Library UPX Malicious Packer Antivirus PE File PE32 OS Processor Check VirusTotal Malware PDB Tofsee Remote Code Execution		2	2		1.8	M	13	ZeroCERT

9585	2023-10-14 12:58	file.exe fac282b834711d71edb59aa5fcfa3466 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself					2.0	M	39	ZeroCERT