Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10111	2024-05-03 08:03	amert.exe b47bc18496fcf0de153317af360b3020 Amadey Client SW User Data Stealer Craxs RAT Emotet RedLine stealer RedlineStealer ftp Client info stealer Generic Malware Downloader Malicious Library Antivirus UPX Malicious Packer MPRESS .NET framework(MSIL) VMProtect PWS Create Servi Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency powershell Microsoft Telegram Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces suspicious process AppData folder malicious URLs suspicious TLD sandbox evasion WriteConsoleW VMware anti-virtualization human activity check installed browsers check Kelihos Tofsee Stealer Windows Browser Email ComputerName DNS Cryptographic key Software crashed Downloader	25 Keyword trend analysis Info http://193.233.132.234/files/setup.exe http://193.233.132.56/lend/jfesawdr.exe http://nic-it.nl/games/index.php http://193.233.132.56/Pneh2sXQk0/Plugins/cred64.dll - rule_id: 39573 http://193.233.132.56/lend/gold.exe http://193.233.132.56/Pneh2sXQk0/index.php - rule_id: 39572 http://193.233.132.56/lend/jok.exe http://185.172.128.19/ghsdh39s/index.php - rule_id: 38300 http://193.233.132.56/lend/swiiiii.exe http://193.233.132.56/lend/alexxxxxxxx.exe http://apps.identrust.com/roots/dstrootcax3.p7c http://193.233.132.56/Pneh2sXQk0/Plugins/clip64.dll - rule_id: 39574 http://193.233.132.56/lend/swiiii.exe http://193.233.132.234/files/loader-2841.exe http://file-file-host6.com/downloads/toolspub1.exe https://realdeepai.org/6779d89b7a368f4f3f340b50a9d18d71.exe https://pastebin.com/raw/E0rY26ni - rule_id: 37702 https://bitbucket.org/testerrrrrrrrrrr888/retsettttttt522222/downloads/en.exe https://iplogger.com/1lyxz https://bbuseruploads.s3.amazonaws.com/e121190f-0147-44a2-9224-0f5d52a7cce0/downloads/63aad01e-f180-459d-b740-c6d732381d87/en.exe?response-content-disposition=attachment%3B%20filename%3D%22en.exe%22&AWSAccessKeyId=ASIA6KOSE3BNLIMOONM7&Signature=34B2nKagLOo2jgD9ot7JqmWRso4%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEA8aCXVzLWVhc3QtMSJHMEUCIHnsdFKdLno7P%2BAtCPv9qB1PAaTS7quKdRJ5g2%2Bc305XAiEAp5eRUu7T48XnZLNLEc8i%2BA3x%2BH%2B9oAmY6CZfdLFYqjYqpwIIaBAAGgw5ODQ1MjUxMDExNDYiDCv8oIujdYNAYfnERiqEArNGg7uYx76ffvkclZGp5Vgokk71Sx%2BNF1W%2FmoEpo%2FCsIfI9h9Ajg%2F%2FPY6%2B305J9ZUo8w6RZsmFpuvdH4b6i9915JgmBcI2a8qV5Dt8WeFvXvewNry5hdSEPpDyEUUSWgn%2ForfCo25HUx8BQPo6X6ie%2FCHmNLQhqELtilumjgOmqZSRVdcEFA5AtjaQlHgYAQ2gf8t35v37GANXYpKPAnpjyrn6V0xJd%2BQ8HikT0DvD870leqlEoYDywLpSVaPQAEv4tb7H%2BEoEBQRDDQ69EkEKb%2F3iYsUYZb%2FAgCGs7uLUwyxHAN15quE6wC%2FBulTSOAxNnwntzn77Ke3yHqH43cME1OOjZMJ%2By0LEGOp0B7EPLd6VczdUsGDlkkACLyiL9yzadW9J9GNI9QXu1ITfusE0TG1LW9fkhdYtqbteTreF2DGJLCHSutHr5fRjP7dB97vXKCu9QVMsGFANODIZPB2c090EMpXoo2plO5AHbdzaN6xYs76BRNte51J7eZzVWXKoN4BTiIGXP0b1E7lbDzHYDzdbJys8bl9IaP2OhHZPJ8q9jzfJHNLGAFQ%3D%3D&Expires=1714692135 https://steamcommunity.com/profiles/76561199680449169 https://skategirls.org/baf14778c246e15550645e30ba78ce1c.exe https://yip.su/RNWPd.exe - rule_id: 37623 https://junglethomas.com/12f9ebdfdbff10402be2408e18dd1dd7/4767d2e713f2021e8fe856e3ea638b58.exe https://parrotflight.com/4767d2e713f2021e8fe856e3ea638b58.exe	37 Info skategirls.org(172.67.172.161) jonathantwo.com(172.67.176.131) iplogger.com(172.67.188.178) - mailcious parrotflight.com(104.21.84.71) file-file-host6.com(188.119.67.73) - malware junglethomas.com(172.67.197.33) steamcommunity.com(104.76.78.101) - mailcious realdeepai.org(104.21.90.14) bbuseruploads.s3.amazonaws.com(3.5.10.150) - malware t.me(149.154.167.99) - mailcious pastebin.com(104.20.3.235) - mailcious bitbucket.org(104.192.141.1) - malware nic-it.nl(189.163.142.13) yip.su(104.21.79.77) - mailcious 52.143.157.84 - mailcious 193.233.132.56 - malware 172.67.188.178 - mailcious 185.172.128.59 - malware 185.215.113.67 - mailcious 149.154.167.99 - mailcious 172.67.197.33 185.172.128.19 - mailcious 104.21.79.77 - phishing 193.233.132.234 - mailcious 193.233.132.175 - malware 188.119.67.73 104.20.4.235 - mailcious 52.216.37.129 175.138.146.92 104.21.55.197 104.192.141.1 - mailcious 61.111.58.35 - malware 172.67.193.79 95.217.245.42 104.21.84.71 - malware 104.21.31.124 - phishing 104.76.78.101 - mailcious	24 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 37 ET DROP Spamhaus DROP Listed Traffic Inbound group 32 ET MALWARE Possible Kelihos.F EXE Download Common Structure ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) ET INFO Dotted Quad Host DLL Request ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET INFO EXE - Served Attached HTTP ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) ET INFO TLS Handshake Failure ET INFO Observed Telegram Domain (t .me in TLS SNI)	6	33.4	M	44	ZeroCERT

10112	2024-05-03 07:59	file.exe 5451fddd7b59b191df90b89a06ef1691 Generic Malware Malicious Library PE File PE32 VirusTotal Malware RCE					1.6	M	32	ZeroCERT

10113	2024-05-03 07:57	HSTS.exe f970eb941bf3666823b761cea657061c Malicious Packer UPX PE64 PE File VirusTotal Malware Checks debugger Check virtual network interfaces		2			2.6	M	45	ZeroCERT

10114	2024-05-03 07:55	random.exe 6b31dd4a6560603dfe9f833ca5dd4d7d Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer VirusTotal Malware Code Injection Check memory Checks debugger installed browsers check Browser					3.4	M	22	ZeroCERT

10115	2024-05-03 07:55	BackgroundRemover-Setup.exe 7e37f8c945d005226870e60aa2baea93 Generic Malware Malicious Library Malicious Packer UPX PE64 PE File DllRegisterServer dll OS Processor Check						M		ZeroCERT

10116	2024-05-03 07:53	mtls.exe 3b65343bff4c7397ed19ef22efaae899 Malicious Packer UPX PE64 PE File VirusTotal Malware Checks debugger Check virtual network interfaces		2			2.4	M	36	ZeroCERT

10117	2024-05-03 07:51	noa.exe ce55e5869c5b7274fdfee8145058a015 AgentTesla Generic Malware Malicious Library .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	3		14.0	M	38	ZeroCERT

10118	2024-05-03 07:50	sarra.exe 9108c53602981487b7b44c2729fbd5bc Anti_VM PE File PE32 Malware download VirusTotal Malware AutoRuns MachineGuid Checks debugger unpack itself Windows utilities Checks Bios Detects VMWare suspicious process WriteConsoleW VMware anti-virtualization IP Check Tofsee Windows RisePro ComputerName DNS crashed	1 Keyword trend analysis	6	4		10.8	M	40	ZeroCERT

10119	2024-05-03 07:49	mm2.exe 497d88a78d010a02672474e9cf67b5ff Malicious Packer UPX Anti_VM PE64 PE File VirusTotal Malware Checks debugger Check virtual network interfaces DNS		1			3.2	M	45	ZeroCERT

10120	2024-05-03 07:48	go.exe b8e5ad86c9e9b3aef46098f287e8b0ac Generic Malware Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check MSOffice File VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	8 Keyword trend analysis Info https://www.google.com/favicon.ico https://accounts.google.com/generate_204?iU4cJw https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AaSxoQxLNxI2HHlyxoGVcimqY4uM5LhzX4AaU3oCu3hm6douPS3R9_nXx_4seqaPnHWGVIcIYa-CcQ https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AaSxoQyzK7K9-0SpUK5Ty5V-P6hQ_biFIJfL9ccChY7BZx85vNPhi5nC5sdCfjIBNHPOk2d3ZxGBoQ&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-1073016254%3A1714689841540357 https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png	7	1		5.8	M	18	ZeroCERT

10121	2024-05-03 07:48	flash.cn.exe 49e2d38242e314cb72ff7a297dbf132f Malicious Library PE64 PE File VirusTotal Malware RWX flags setting unpack itself ComputerName DNS		1			5.2	M	55	ZeroCERT

10122	2024-05-03 07:46	sok.exe ec7154a50488ecfd5936b6fd10e0a8e3 SystemBC Malicious Library Antivirus PE File PE32 VirusTotal Malware powershell AutoRuns Windows DNS		1	1		4.4		56	ZeroCERT

10123	2024-05-03 07:45	GVV.exe fa3641c75d2beb68c01e8065eefc4707 Generic Malware Suspicious_Script_Bin Malicious Library UPX ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Remcos VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious process AppData folder AntiVM_Disk sandbox evasion VM Disk Size Check Windows Browser Email ComputerName DNS DDNS keylogger	1 Keyword trend analysis	4	2		13.8		22	ZeroCERT

10124	2024-05-03 07:44	lenin.exe 51eb099e680eb872a3619c63edcfdc5a UPX PE File PE32 ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows utilities Checks Bios Collect installed applications Detects VMWare suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed	1 Keyword trend analysis	5	8 Info ET MALWARE RisePro TCP Heartbeat Packet SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound)		16.0		37	ZeroCERT

10125	2024-05-03 07:42	build22.exe 06c758c576de9e18db3394f1044b27ae NSIS Generic Malware Malicious Library UPX Antivirus PE File PE32 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key					6.4	M	15	ZeroCERT