Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	Zero	VT	Player
10576	2023-08-17 18:24	RZWETLQaBpNeo.exe f7ebf2e8c35abc0b9bede5448f9c4b38 NSIS Malicious Library UPX ASPack PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Windows Browser Email ComputerName DNS Software crashed keylogger		3		8.2	M	28	ZeroCERT

10577	2023-08-17 18:23	dasHost.exe 30971ee638ec6185289994daae14730a Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows DNS Cryptographic key crashed		1		3.2	M	46	ZeroCERT

10578	2023-08-17 18:22	update.exe 392495c31f590a0a04b0c0f1cb0e06a9 Malicious Library UPX Malicious Packer OS Processor Check PE File PE64 VirusTotal Malware Check virtual network interfaces DNS		1		2.6	M	24	ZeroCERT

10579	2023-08-17 18:22	Logged_2.2.2.exe 8196727df623b4a40a248835878ffbac Gen1 Emotet Generic Malware Malicious Library UPX OS Processor Check PE File PE64 DLL ZIP Format VirusTotal Malware Check memory Creates executable files Ransomware				2.2	M	26	ZeroCERT

10580	2023-08-17 18:21	ghostzx.doc e6ec31abd924dd83e5829624c8400bfe MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic ICMP traffic exploit crash unpack itself Exploit DNS crashed	8 Keyword trend analysis Info http://www.belatofo.com/m6vg/?3e4VFiK=zU2i1DyrLTvj8GmsZ3o7R6kW1xY2b3weixFFYEzXXEr/gEIBiemlOi0xftl7Tao5JEAa7dRSygfLZB5gXWVWN+Vv06aLmgNr2ZdGEQw=&FFb=fqnK4mKb5F http://www.sonokiz.xyz/m6vg/?3e4VFiK=OU8I4t4PJh7jLwKM8g7zNLnIXKzFYO4EOKNLYn2/07El/+gDHE38bA7ufp76Z7q9f8ZNVj+wQy/7gIPBvltigVtQEDdIb2L6NYl27Fw=&FFb=fqnK4mKb5F http://www.belatofo.com/m6vg/ http://www.local-masterfab.pro/m6vg/ http://2.59.254.18/_errorpages/ghostzx.exe http://www.sonokiz.xyz/m6vg/ http://www.local-masterfab.pro/m6vg/?3e4VFiK=qlsSz55dMEDh80zakVPbHjaF8j4oNypzrjIj/nO5OsiiIMQ4OCb3eb3/aciAfJPzlTtsA232D702JdziOuhcEJIUeFVyn6zrybpmvBo=&FFb=fqnK4mKb5F http://www.sqlite.org/2017/sqlite-dll-win32-x86-3190000.zip	11		5.6	M	29	ZeroCERT

10581	2023-08-17 18:19	ghostzx.exe 52299a26c9143bd246e0b9daf6d0788c AntiDebug AntiVM PE File .NET EXE PE32 PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted ICMP traffic unpack itself suspicious TLD	7 Keyword trend analysis Info http://www.belatofo.com/m6vg/ http://www.local-masterfab.pro/m6vg/ http://www.sqlite.org/2018/sqlite-dll-win32-x86-3230000.zip http://www.belatofo.com/m6vg/?vTU=zU2i1DyrLTvj8GmsZ3o7R6kW1xY2b3weixFFYEzXXEr/gEIBiemlOi0xftl7Tao5JEAa7dRSygfLZB5gXWVWN+Vv06aLmgNr2ZdGEQw=&CTLgz=6NxpTxQDZ-IH http://www.sonokiz.xyz/m6vg/?vTU=OU8I4t4PJh7jLwKM8g7zNLnIXKzFYO4EOKNLYn2/07El/+gDHE38bA7ufp76Z7q9f8ZNVj+wQy/7gIPBvltigVtQEDdIb2L6NYl27Fw=&CTLgz=6NxpTxQDZ-IH http://www.local-masterfab.pro/m6vg/?vTU=qlsSz55dMEDh80zakVPbHjaF8j4oNypzrjIj/nO5OsiiIMQ4OCb3eb3/aciAfJPzlTtsA232D702JdziOuhcEJIUeFVyn6zrybpmvBo=&CTLgz=6NxpTxQDZ-IH http://www.sonokiz.xyz/m6vg/	10		9.6			ZeroCERT

10582	2023-08-17 16:09	4ce5f00cf44673e80fcdb462b15f1a... c9e6e4d394d7452b79351028c4da0cac Generic Malware PE File DLL PE64 VirusTotal Malware				1.2	M	40	yjw

10583	2023-08-17 16:01	pass1234_setup.7z 8155b0ec79e7e80cdab9b7fbdfac1a4c Escalate priviledges PWS KeyLogger AntiDebug AntiVM Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself suspicious TLD IP Check DNS	19 Keyword trend analysis Info http://94.142.138.131/api/firegate.php - rule_id: 32650 http://193.233.254.61/loghub/master - rule_id: 35736 http://zzz.fhauiehgha.com/m/okka25.exe - rule_id: 34705 http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://apps.identrust.com/roots/dstrootcax3.p7c http://94.142.138.131/api/tracemap.php - rule_id: 28311 http://www.maxmind.com/geoip/v2.1/city/me http://77.91.124.231/info/photo551.exe - rule_id: 35889 http://194.169.175.233:3002/file.exe - rule_id: 35890 https://busell.store/setup294.exe - rule_id: 35772 https://vk.com/doc647736509_665757351?hash=xRNMJvtBxeMy9F0ahVhVsVflJbZD3QhaFKB8SVYcH0D&dl=kYv4t3v9Ds2wZeYJd9j0pkiCfCSj0PVEWEjq6i56Xf0&api=1&no_preview=1 https://sun9-23.userapi.com/c909628/u647736509/docs/d6/2b03bce96a50/RisePro.bmp?extra=_gy9Fkc7ia4J1Y4oYNfs8Xa7wrsLFOGxt4OpQp8otyquVNDz4hADbtQtsCt1LZFzxYGMCCBgIFUNP94-Q7GaUH2Pr13mFrSm3KrQYFFsKlyok7wZHZ-2ou-7FIkAO62qCjGtmie1x6mRM3bQPw https://sun9-37.userapi.com/c237231/u647736509/docs/d56/8e14ffa72cce/WWW1.bmp?extra=78GAMabH9oO1WBAySv7MDUhIItpKOCZbdOgIVDBAp41hmtogaewY2Dn2y1klnfsi_O4JX1dijipA4Bwa5yFfR2XuCyc5QF5-PuLYXAr-ea11gOlGW160iI4-PeBt5y-9oontYoqQn9G2Fufs-A https://db-ip.com/demo/home.php?s=175.208.134.152 https://vk.com/doc647736509_665757320?hash=dfBBWeSNlNkIvHcK2uMdd2AbZmqfwD2ZZg0vYymBkR0&dl=gjNC6HkPkk10dAOYzHDYqNL4zQsWEaKk2Lm1A39kSP0&api=1&no_preview=1#rise https://sun9-55.userapi.com/c909628/u647736509/docs/d12/f72ab395cffd/PMmp.bmp?extra=NEaDTBOuefQ2B8QBX6xUPwZDSW8bnMhC2aUgngVAf_uXwfYqQgy3B8_v1uRdw3nm9FHqWDJJZ51JLJy1p_oZt7BBOpIXerIGYSLZhb-2FhjtQWvhh_mhLCglL67FNraydwtM9x7XMIvrTNawvA https://db-ip.com/ https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://vk.com/doc647736509_665757334?hash=BLle7vdX3iFMB4azpVJZYs9WrN6tEhp1wsHXrbQ6Ufz&dl=vr8PySakhGw7js63wfoBEncgnNsFZVbFO8czAHxd9Bk&api=1&no_preview=1#WW1	41 Info db-ip.com(104.26.4.15) z.nnnaajjjgc.com(156.236.72.121) - malware iplis.ru(148.251.234.93) - mailcious sun9-23.userapi.com(93.186.227.134) sun9-37.userapi.com(87.240.185.144) busell.store(172.67.159.178) - malware zzz.fhauiehgha.com(103.100.211.218) - mailcious sun9-55.userapi.com(87.240.185.158) ipinfo.io(34.117.59.81) api.myip.com(104.26.9.59) bitbucket.org(104.192.141.1) - malware www.maxmind.com(104.17.215.67) api.db-ip.com(104.26.4.15) iplogger.org(148.251.234.83) - mailcious vk.com(87.240.129.133) - mailcious 148.251.234.93 - mailcious 194.169.175.128 - mailcious 104.21.9.89 - malware 104.26.5.15 208.67.104.60 - mailcious 87.240.185.158 87.121.221.58 - malware 51.83.170.21 - mailcious 193.233.254.61 - mailcious 87.240.185.144 34.117.59.81 148.251.234.83 93.186.227.134 194.169.175.233 - malware 94.142.138.131 - mailcious 104.192.141.1 - mailcious 77.91.124.231 - malware 104.17.214.67 156.236.72.121 - mailcious 45.15.156.229 - mailcious 172.67.75.163 163.123.143.4 - mailcious 77.91.124.54 - mailcious 121.254.136.27 87.240.132.78 - mailcious 103.100.211.218 - malware	8 Info http://94.142.138.131/api/firegate.php http://193.233.254.61/loghub/master http://zzz.fhauiehgha.com/m/okka25.exe http://45.15.156.229/api/tracemap.php http://94.142.138.131/api/tracemap.php http://77.91.124.231/info/photo551.exe http://194.169.175.233:3002/file.exe https://busell.store/setup294.exe	6.2	M		ZeroCERT

10584	2023-08-17 13:07	com.apple.Music.2F1000D3-C3AD-... 4352c7f009793bfbc6c4f82b41bf679d Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Windows Exploit DNS crashed				4.2			guest

10585	2023-08-17 13:07	com.apple.dock.2F1000D3-C3AD-5... 17e0d781c46e575d7cd1a65102b096b5 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed				3.8			guest

10586	2023-08-17 13:06	com.apple.imservice.SMS.2F1000... 0b90b856a619d0c9c78143ad7630ae5c Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Windows Exploit DNS crashed				4.8			guest

10587	2023-08-17 13:05	._com.apple.settings.storage.2... ffb4d8eb9973259e382c7815301b9990 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed				3.8			guest

10588	2023-08-17 13:05	._com.apple.dock.extra.2F1000D... 9cfb3c75a7c454e60c65e1ed3a167859 Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Windows Exploit DNS crashed				4.2			guest

10589	2023-08-17 13:04	._com.apple.Music.2F1000D3-C3A... 244d40f935ec27eb26baf2e3845527a2 Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Windows Exploit DNS crashed				4.8			guest

10590	2023-08-17 13:02	._com.apple.FaceTime.2F1000D3-... 5e7039aa34d83640d808b521e80bd878 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed				3.8			guest