Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
11056	2023-08-02 16:56	Guendengf.exe 6e5ca3cddbfdd665aa1789800d0963b2 EnigmaProtector UPX Malicious Library Malicious Packer Antivirus OS Processor Check PE File PE32 DLL VirusTotal Malware suspicious privilege Creates executable files sandbox evasion ComputerName					3.0	M	38	ZeroCERT

11057	2023-08-02 16:53	nqwi.vbs 7b921f547bf78eaeee0b67712518b5a9 Generic Malware Antivirus PowerShell VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key					5.8	M	16	ZeroCERT

11058	2023-08-02 16:51	nigazxbb.vbs d3e7b78476a9e3a9275a26549ff8d845 Generic Malware Antivirus PowerShell powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key					4.8	M		ZeroCERT

11059	2023-08-02 16:51	update.exe 5057042b2949c60f1d598845c26a2a18 UPX PE File PE32 VirusTotal Malware Check virtual network interfaces Tofsee	2 Keyword trend analysis	3	1		3.0	M	26	ZeroCERT

11060	2023-08-02 16:46	c9f02f547a430b15b6ba7fdafc8850... c467fc9aafa3b840fd94d27e697649b8 PhysicalDrive Generic Malware NSIS UPX Malicious Library Malicious Packer Downloader Http API HTTP Code injection Internet API Anti_VM AntiDebug AntiVM PE File PE32 CAB OS Processor Check DLL MSOffice File VirusTotal Malware Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces AppData folder AntiVM_Disk China VM Disk Size Check Interception crashed	3 Keyword trend analysis	18 Info clients3.google.com(172.217.161.238) www.gstatic.com(142.250.76.131) s0.ssl.qhres.com() update.theworld.cn(101.198.0.21) dl.360tpcdn.com(104.192.108.19) hao.ssl.dhrest.com(104.192.110.245) s1.ssl.qhres.com() s.360.cn(180.163.251.230) hao.360.cn(180.163.237.169) s0.ssl.qhimg.com(18.67.51.16) p0.ssl.qhimg.com(99.86.207.82) show-g.mediav.com(180.163.247.134) p1.ssl.qhimg.com(99.86.207.4) 142.251.220.67 180.163.237.169 172.217.27.14 101.198.0.21 101.198.192.13			12.6		35	guest

11061	2023-08-02 13:33	C3VB.exe a32e1510eaf70c772b81fc4e9f4c46f3 Redline RedLine stealer LokiBot Emotet Generic Malware Downloader UPX WinRAR Malicious Library .NET framework(MSIL) Admin Tool (Sysinternals etc ...) Antivirus PWS Create Service Socket P2P DGA Steal credential Http API Escalate priviledges Sniff Audio HT Browser Info Stealer RedLine FTP Client Info Stealer VirusTotal Malware powershell AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder WriteConsoleW Firewall state off installed browsers check Tofsee Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	2 Keyword trend analysis	6	5 Info ET POLICY External IP Lookup Domain (myip .opendns .com in DNS lookup) ET ATTACK_RESPONSE RedLine Stealer - CheckConnect Response ET ATTACK_RESPONSE Win32/LeftHook Stealer Browser Extension Config Inbound SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA HTTP unable to match response to request	1	22.6	M	47	guest

11062	2023-08-02 10:18	asca1ex.exe 3a59053c06f32e8400c600c3424da34a UPX Malicious Library Malicious Packer OS Processor Check PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5		6.2	M	28	ZeroCERT

11063	2023-08-02 10:16	fffffff.exe1 12e493f7a5f1d8487239d477631457b9 Gozi UPX OS Processor Check PE File PE32 Malware download Cobalt Strike Ursnif VirusTotal Malware Malicious Traffic Check memory unpack itself Interception Windows ComputerName DNS	5 Keyword trend analysis Info http://79.132.130.230/zerotohero/K3vk9WJHpEMX6hbZw9tQyo5/AMBJbLu6tj/I4dyyPRvEIc_2Bo5I/2NUNLIkQqXoM/4CLXycYanau/8WFUZdkBqHxj0k/G1Dz8Bb1qnisHoMvqFItJ/4wfCjdP1Gf4MD015/_2Fjg_2BwAknLxt/5g2XdSihMUmd7kf0Vf/ZYb5g5bV4/ib0vVzu4C_2FW6ak5OEU/GWK9iVTriGnuRYnmHaa/jVg20muCMLk3bbDqYb9K4b/WNo_2BGUwzd9k/NzS1SsLQ/d6CTTcaEu36FGNawX2R0Kqo/C38zpv3wa/W12SJCNS.asi - rule_id: 35359 http://78.138.9.136/zerotohero/BOMG5brBej/W6MNwYSFq4lSlX9tT/x4Y3Omef7UGN/WZhhSM2s5vi/V1FDzyIOh5EpoI/CWWIkqKkrw75RSUzXr7ex/W1RxkTyF3m2S3f2E/Y99btwsIJQuuhmN/lw3cuoTnNFNiXX7cu0/2whafmQx2/EkaF2FKoKeqHPMNHsEAQ/keKvvr9l1uzq8oU96Le/2jrUUusg_2B0I6xcr09dJj/XFvFn_2Fm4A8m/UqxdWdhP/VRi2h91sbdwC8lBB_2FDjJW/U_2ButnyPo/M3ehIUmus7lD5zNNn/gajTaRAeV8b6/0zF8WivYdTr/uC4wDLoi/v.asi - rule_id: 35357 http://79.132.130.230/zerotohero/DVrxwIAQMgsf7onOLh/XV75B5oFA/y1vXWahjjQZVMDH_2FiQ/4PZa4sHCsckUL377wx1/ZWvRgGdffXeg9iPEYWZ0h_/2BhA96Rc7xe4R/qby1FhUA/D3J5ocbPv6vcjAoxDEpqdg_/2BxvziDIQC/aLCB4AL9AMx8ac_2B/QNhLbiQcgZin/EpRbwzEa4e4/D_2BKwsvigFCN_/2FBg_2Fw3ZaNSpM8fK07N/yXdvG0NodEjK6LFi/2ZnEMcjmx0YgxZI/dLH_2BvcUmTIQFitsY/hIm1muN9Q/YX6gqoj0w/GcFQn4vTy/4.asi - rule_id: 35359 http://185.212.47.65/zerotohero/cdXm_2FVJxK0LegSF/qWrY8fts8Fcq/0NYojf5UlKt/8DhxFr0B_2FsfH/yh95t8o1NlDiZvluicJ4e/y3s9rzRcxmXrVVJ7/Ka_2BqSUQBoccRO/pPeTmlMcibaZ1A8GB4/_2FCWWzpa/5CmD7rRKRlIWq5D4qu77/BGDeyVKNAc3pBFiPPX0/ncnmY9UmOi2ZepGuelaMz6/Fs7cUQ3jbJA0N/WaIYzdmN/W999YPszzQ3zvI2rKp8ilbI/G0MSN_2FTg/61lr6bk_2FfsZ31Jt/feVTEck3UWfb/5ZQcZoVE/Sy48y.asi - rule_id: 35353 http://45.155.249.172/zerotohero/_2BNfe26Q_2BhpzcY80eoW/2IbQqms219ain/8xo_2BRo/O79HFwawAOqR1xwy3PGyFgp/h2FreaMQGU/PghXl8ePxYt85SSHr/L_2B7SHWLYe8/Jvu0omXw0U8/B2o2reD4ai5rDs/W5ZivSf7_2FvcBaSlziH8/2oaBAztGA6DuRQnj/fby_2FNeLRkfUIG/Tb9pBn4LDJSKpggRop/2yOnyRMrq/hGr0R03Qs2AMMI3QMxF8/DcYedNwEbb0WMiSm2cz/GpYewdMSs8Cd7hz_2FvN34/4B_2By8bGbelM/gBrumlN3/yo9.asi - rule_id: 35355	6	2	5	4.6	M	25	ZeroCERT

11064	2023-08-02 10:13	dufs.exe 20a308e65c20ff7de1f2a1cd047464b5 UPX Malicious Library Malicious Packer OS Processor Check PE File PE32 VirusTotal Malware Check virtual network interfaces WriteConsoleW					1.4	M	3	ZeroCERT

11065	2023-08-02 10:11	taskhostclp.exe 3258deefff3ca70f3dfa3e67067ca611 UPX MPRESS PE64 PE File VirusTotal Malware Remote Code Execution crashed					2.4	M	37	ZeroCERT

11066	2023-08-02 10:09	Invoice.vbs 0a480ee9046d242cbd66e5865dabdec3 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1		8.0	M	6	ZeroCERT

11067	2023-08-02 10:07	000000000000%23%23%23%23%23%23... 44d2677ca322541c52dd751454873340 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed	1 Keyword trend analysis	2	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		4.6	M	30	ZeroCERT

11068	2023-08-02 10:07	setup.dll f799870809fc731deadbf22963fc79e7 Malicious Library DLL PE64 PE File VirusTotal Malware Checks debugger unpack itself DNS		1			3.8	M	19	ZeroCERT

11069	2023-08-02 10:05	wininit.exe 00b0d25748447094c22e11aaa1f8d0a0 UPX Malicious Library PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Windows crashed					3.4	M	32	ZeroCERT

11070	2023-08-02 10:05	000000000000%23%23%23%23%23%23... 94340ec5c5d586f335f2d9076e802b4e MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Windows Exploit DNS crashed	3 Keyword trend analysis	5	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET MALWARE FormBook CnC Checkin (GET) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Generic .bin download from Dotted Quad		4.0	M	29	ZeroCERT