Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9961	2023-10-03 12:51	3M3aKymzmQuUeFP.exe 0a8f8a168999ac1549335feb6ad87cfe PE File PE32 .NET EXE Browser Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName crashed					4.2	M	38	ZeroCERT

9962	2023-10-03 12:51	loki.exe f125944b096766c72464bd730ca095d3 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB Remote Code Execution					1.8		39	ZeroCERT

9963	2023-10-02 14:29	kk.html 88d13ec3e5baafd8327b514d4a5a947d Antivirus AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		3.8			ZeroCERT

9964	2023-10-02 14:27	Demo.dotx 1584bacd2e30ac9f584eb9cf8f843312 ZIP Format Word 2007 file format(docx) Vulnerability Malware Microsoft MachineGuid Malicious Traffic Check memory RWX flags setting exploit crash unpack itself Tofsee GameoverP2P Zeus Exploit ComputerName Trojan Banking DNS crashed	3 Keyword trend analysis	3	8 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible HTA Application Download ET INFO Dotted Quad Host HTA Request ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199) ET WEB_CLIENT Office Requesting .HTA File Likely CVE-2017-0199 Request ET USER_AGENTS Microsoft Office Existence Discovery User-Agent ET WEB_CLIENT Office Discovery HTA file Likely CVE-2017-0199 Request M2		5.6			ZeroCERT

9965	2023-10-02 14:27	x.x.x.xx.x.xx.x.x.x.doc a4b026c2274bcf2ffe1d343d2eb3ff24 MS_RTF_Obfuscation_Objects RTF File doc exploit crash unpack itself Tofsee Exploit crashed		2	1		1.8			ZeroCERT

9966	2023-10-02 09:49	agodzx.exe c6b273f6ee83992a80b997a132258f45 PE File PE32 .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.2	M	23	ZeroCERT

9967	2023-10-02 09:39	WWW14_64.exe a7ee1f4bf11bdfab2327d098c6583af1 Malicious Library UPX PE File PE64 VirusTotal Malware unpack itself Windows crashed					4.0	M	46	ZeroCERT

9968	2023-10-02 09:19	Msvsrlgkmzkynw.exe 24c8ce3fb8ef860ffbc2d6bb270e06f6 Malicious Library UPX Anti_VM PE File PE32 MZP Format Code Injection RWX flags setting unpack itself Check virtual network interfaces Tofsee Interception crashed	1 Keyword trend analysis	4	1		4.6			ZeroCERT

9969	2023-10-02 09:04	information.exe 71f9ded48585b9bf3b813a3eadd5cd5d UPX PWS SMTP AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 7 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer Activity (Response) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Response)		11.0		40	ZeroCERT

9970	2023-10-02 09:00	ngown.vbs 26f3597835ff527070e150aef52f7fb5 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	3	1		8.4		2	ZeroCERT

9971	2023-10-02 08:59	rFXRoh.exe 6cfc8a19911d2a4401c1c362587e83ce Generic Malware Malicious Library UPX Malicious Packer Anti_VM PE File PE64 OS Processor Check VirusTotal Malware crashed					2.2	M	36	ZeroCERT

9972	2023-10-02 08:57	kur90.exe 4c131b2d4436b786ff484576934a79b8 RedLine stealer Gen1 Emotet Browser Login Data Stealer Malicious Library UPX .NET framework(MSIL) Confuser .NET ScreenShot PWS AntiDebug AntiVM PE File PE32 CAB PNG Format MSOffice File .NET EXE OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Tofsee Stealc Stealer Windows Exploit Browser Email ComputerName Remote Code Execution DNS Cryptographic key Software crashed	21 Keyword trend analysis Info http://5.42.92.211/loghub/master - rule_id: 36282 https://fbcdn.net/security/hsts-pixel.gif?c=2.5 https://static.xx.fbcdn.net/rsrc.php/v3/yd/l/0,cross/ogW1H5O-17r.css?_nc_x=Ij3Wp8lg5Kz https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/Y0L6f5sxdIV.png https://www.facebook.com/favicon.ico https://connect.facebook.net/security/hsts-pixel.gif https://www.facebook.com/login https://static.xx.fbcdn.net/rsrc.php/v3/y3/l/0,cross/ikFECARVllV.css?_nc_x=Ij3Wp8lg5Kz https://static.xx.fbcdn.net/rsrc.php/v3/yH/r/SccipWfTlTT.js?_nc_x=Ij3Wp8lg5Kz https://facebook.com/security/hsts-pixel.gif?c=3.2.5 https://static.xx.fbcdn.net/rsrc.php/v3/yT/r/Ovcfo1SlXij.js?_nc_x=Ij3Wp8lg5Kz https://static.xx.fbcdn.net/rsrc.php/yI/r/4aAhOWlwaXf.svg https://static.xx.fbcdn.net/rsrc.php/v3/yP/l/0,cross/OioQXAqgNbJ.css?_nc_x=Ij3Wp8lg5Kz https://static.xx.fbcdn.net/rsrc.php/v3/yH/l/0,cross/zDdQsF0sOjp.css?_nc_x=Ij3Wp8lg5Kz https://static.xx.fbcdn.net/rsrc.php/v3/ya/l/0,cross/QeMN1LLnAEZ.css?_nc_x=Ij3Wp8lg5Kz https://static.xx.fbcdn.net/rsrc.php/v3/yD/l/0,cross/dEOkGH79P3Y.css?_nc_x=Ij3Wp8lg5Kz https://static.xx.fbcdn.net/rsrc.php/v3/yd/l/0,cross/kwzs_5FMU9g.css?_nc_x=Ij3Wp8lg5Kz https://fbsbx.com/security/hsts-pixel.gif?c=5 https://static.xx.fbcdn.net/rsrc.php/v3/yc/l/0,cross/1FPNULrhhBJ.css?_nc_x=Ij3Wp8lg5Kz https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/O7nelmd9XSI.png https://static.xx.fbcdn.net/rsrc.php/v3/yg/r/tzWkwLNK4bI.js?_nc_x=Ij3Wp8lg5Kz	12 Info www.facebook.com(157.240.215.35) fbsbx.com(157.240.215.35) static.xx.fbcdn.net(157.240.215.14) fbcdn.net(157.240.215.35) accounts.google.com(172.217.25.173) connect.facebook.net(157.240.215.14) facebook.com(157.240.215.35) 157.240.215.14 77.91.124.55 157.240.215.35 172.217.25.13 5.42.92.211 - mailcious	8 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET MALWARE Redline Stealer Activity (Response)	1	20.6	M	30	ZeroCERT

9973	2023-10-02 08:51	redlol.exe f874356ddee152fcdb366283fbb70d86 Generic Malware UPX Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File PE32 VirusTotal Malware Buffer PE Code Injection buffers extracted RWX flags setting unpack itself DNS crashed		1			7.4	M	47	ZeroCERT

9974	2023-10-02 08:50	netTime.exe 8186758bf8fadd534337f4724ffb2e10 Emotet UPX Malicious Packer Anti_VM PE File PE64 OS Processor Check VirusTotal Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself Remote Code Execution					3.8		32	ZeroCERT

9975	2023-10-02 08:49	chinazx.exe 9d5e7753334bb508fb29a34122099524 LokiBot UPX .NET framework(MSIL) Socket PWS DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk suspicious TLD VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	9 Info ET DNS Query to a .top domain - Likely Hostile ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP Request to a .top domain ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2		14.0	M	49	ZeroCERT