Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	Zero	VT	Player
10546	2023-08-18 18:10	s28a1f.exe 97ae7169e56c372a7d45996303c06d45 Malicious Library PE File PE32 Browser Info Stealer FTP Client Info Stealer suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1		5.4			ZeroCERT

10547	2023-08-18 18:10	1ds3y.exe b78141a544759e1a07740aa28b35584c Generic Malware Malicious Library UPX Antivirus AntiDebug AntiVM OS Processor Check PE File PE32 PowerShell VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process WriteConsoleW IP Check Windows ComputerName DNS Cryptographic key crashed	5 Keyword trend analysis Info http://www.microsoft.com/ http://ip-api.com/json/?fields=query,status,countryCode,city,timezone http://46.29.235.84/clpr/OWUsN2UsODMsOWIsOWUsODIsOTAsOTEsNjQsN2Ys - rule_id: 35599 http://pastebin.com/raw/r0KhEEzi - rule_id: 35402 https://pastebin.com/raw/r0KhEEzi - rule_id: 35401	10	3	14.4	M	52	ZeroCERT

10548	2023-08-18 18:04	PolicyChanges.pdf.lnk 60696fce8c5e2d338afd213a0147d63b Generic Malware Hide_EXE Suspicious_Script_Bin Downloader Malicious Library UPX Malicious Packer Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API FTP KeyLogger Ant VirusTotal Malware Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW ComputerName		7		4.4		8	ZeroCERT

10549	2023-08-18 18:01	pass1234_setup.7z cd129faa117216c35156304670140b06 Escalate priviledges PWS KeyLogger AntiDebug AntiVM Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check DNS	23 Keyword trend analysis Info http://94.142.138.131/api/firegate.php - rule_id: 32650 http://208.67.104.60/api/tracemap.php - rule_id: 28876 http://193.233.254.61/loghub/master - rule_id: 35736 http://zzz.fhauiehgha.com/m/okka25.exe - rule_id: 34705 http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://87.121.221.58/g.exe - rule_id: 35764 http://apps.identrust.com/roots/dstrootcax3.p7c http://94.142.138.131/api/tracemap.php - rule_id: 28311 http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=GPe3xmuleVDaoOMEldmdr3MP.exe&platform=0009&osver=5&isServer=0 http://77.91.124.231/info/photo551.exe - rule_id: 35889 http://194.169.175.233:3002/file.exe - rule_id: 35890 http://www.maxmind.com/geoip/v2.1/city/me https://busell.store/setup294.exe - rule_id: 35772 https://transfer.sh/get/S8wmOYi1yh/s28a1f.exe https://transfer.sh/get/Els5w2XD23/1ds3y.exe https://sun6-22.userapi.com/c237231/u647736509/docs/d56/ff6bde39d062/WWW1.bmp?extra=s__W1ni87TI6Duoswc_5WTp-ZIO2Qd59SKzhEqRFcQl-k1J4KAcBfVMo-bPsw0dFD9VXVx7H98KchsBhY5pJ34s_2Pecy9ZUMezwbbMr7285OlnifZTf678xl_FtoUV2KZ57GsxX98HPQN8_MQ https://db-ip.com/demo/home.php?s=175.208.134.152 https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://db-ip.com/ https://sun6-21.userapi.com/c909628/u647736509/docs/d12/fd5c7be24aa4/PMmp.bmp?extra=QnkMoPcHh8Pcl9kFUIDvMGE9HrYxZTxMWrVO2SS1Sx4yHP5Q5kT-e7Goat-vWaxmZ-PrrfXp6boVtQQQstdn1i8BSip7NETyr912uQxRlY6BUbMA12qEMoVwuodJKRgPCPb3fkIKpOycnGY0kg https://sun6-21.userapi.com/c235131/u647736509/docs/d12/1252c115442f/nudik.bmp?extra=DGoaqLEDsZ3vggeRfdmskz6ZM5azb77zzwL--59fZ45MDdw0qPOQf4y41LDFhStRPPoi2amvgrWPc6qnVp05BabutIeih26aH5tGiyYUTSF4JVORJU74v-DDmHCRMMAC6I3T2FLrjzABvjQEBQ https://sun6-23.userapi.com/c909628/u647736509/docs/d6/739bc3acf24e/RisePro.bmp?extra=4CuDyfIZuYP0bK3ZthEhDyIY7JTcPdNDWB-xWugKYKMzm7GYkAaCWBmMPL-CeiDi5CKnAyxfeLzY30Q5g8hsgJz_kOpQ4VpvA10LWfEQdi1KZEwr-PlrVfsWuYLypMmNjbUlSwPqmc2w3ipuOQ https://vk.com/doc647736509_665789779?hash=apIBNy1YzIlgOTOme2DjZEPMlC8mQMOrnNK6KuFrvTc&dl=KncEUWyJtdzd8EZ0lpauSTMDceKmPJX1qASzGUdtBnw&api=1&no_preview=1#nudik	48 Info db-ip.com(172.67.75.166) learn.microsoft.com(23.200.154.53) z.nnnaajjjgc.com(156.236.72.121) - malware api.myip.com(104.26.9.59) www.maxmind.com(104.17.214.67) iplis.ru(148.251.234.93) - mailcious sun6-22.userapi.com(95.142.206.2) busell.store(172.67.159.178) - malware zzz.fhauiehgha.com(103.100.211.218) - mailcious sun6-21.userapi.com(95.142.206.1) - mailcious ipinfo.io(34.117.59.81) bitbucket.org(104.192.141.1) - malware sun6-23.userapi.com(95.142.206.3) vk.com(87.240.132.78) - mailcious iplogger.org(148.251.234.83) - mailcious api.db-ip.com(172.67.75.166) transfer.sh(144.76.136.153) - malware 148.251.234.93 - mailcious 194.169.175.128 - mailcious 93.186.225.194 - mailcious 104.192.141.1 - mailcious 208.67.104.60 - mailcious 87.121.221.58 - malware 61.111.58.34 - malware 172.67.75.166 172.67.75.163 193.233.254.61 - mailcious 194.26.135.162 - mailcious 23.219.70.2 148.251.234.83 104.21.9.89 - malware 34.117.59.81 45.15.156.229 - mailcious 194.169.175.233 - malware 94.142.138.131 - mailcious 144.76.136.153 - mailcious 77.91.124.231 - malware 104.17.214.67 149.202.0.242 156.236.72.121 - mailcious 23.67.53.17 95.142.206.3 163.123.143.4 - mailcious 95.142.206.1 - mailcious 77.91.124.54 - mailcious 95.142.206.2 103.100.211.218 - malware 185.244.181.112	10 Info http://94.142.138.131/api/firegate.php http://208.67.104.60/api/tracemap.php http://193.233.254.61/loghub/master http://zzz.fhauiehgha.com/m/okka25.exe http://45.15.156.229/api/tracemap.php http://87.121.221.58/g.exe http://94.142.138.131/api/tracemap.php http://77.91.124.231/info/photo551.exe http://194.169.175.233:3002/file.exe https://busell.store/setup294.exe	6.2	M		ZeroCERT

10550	2023-08-18 17:24	dasHost.exe f226785987c5b4c128d4785c6a2d413d PE File PE64 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Windows Cryptographic key				2.4	M	23	ZeroCERT

10551	2023-08-18 17:22	ChromeSetup.exe e092af3320c668d973ca003e7ecc387f Generic Malware Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed				11.8	M	45	ZeroCERT

10552	2023-08-18 17:22	isHost.exe 700dfeedaf6d739064bdc295eabe23bf PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself				2.4	M	36	ZeroCERT

10553	2023-08-18 16:09	sqlite3.dll 1f44d4d3087c2b202cf9c90ee9d04b0f UPX PE File DLL PE32							yjw

10554	2023-08-18 15:53	sqlite3.dll 1f44d4d3087c2b202cf9c90ee9d04b0f UPX PE File DLL PE32							yjw

10555	2023-08-18 15:48	sqlite3.dll 1f44d4d3087c2b202cf9c90ee9d04b0f UPX PE File DLL PE32							yjw

10556	2023-08-18 15:40	sqlite3.dll 1f44d4d3087c2b202cf9c90ee9d04b0f UPX PE File DLL PE32							yjw

10557	2023-08-18 15:35	sqlite3.dll 1f44d4d3087c2b202cf9c90ee9d04b0f UPX PE File DLL PE32							yjw

10558	2023-08-18 15:26	11f88c287b501abb341631221d59ef... 48514490face0a58cd5ea063e7de28e0 Malicious Library VMProtect PE File DLL PE64 VirusTotal Malware				2.2	M	51	yjw

10559	2023-08-18 15:18	11f88c287b501abb341631221d59ef... 48514490face0a58cd5ea063e7de28e0 Malicious Library VMProtect PE File DLL PE64 VirusTotal Malware				2.2	M	51	yjw

10560	2023-08-18 15:16	11f88c287b501abb341631221d59ef... 48514490face0a58cd5ea063e7de28e0 Malicious Library VMProtect PE File DLL PE64 VirusTotal Malware				2.2	M	51	yjw