Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
11206	2023-07-26 17:30	INV-Details-JUL2023(224).exe 68def46fcf9076181826880b68a40191 PE64 PE File IcedID Malware download Malware Malicious Traffic unpack itself DNS	1 Keyword trend analysis	2	2		1.6			ZeroCERT

11207	2023-07-26 17:29	xvid123456.exe 9b3e3201e17442a58e6ff7de9a19f2a8 UPX OS Processor Check .NET EXE PE File PE32 VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI unpack itself Windows ComputerName DNS Cryptographic key		1			4.6		39	ZeroCERT

11208	2023-07-26 17:28	INV-Details-JUL2023(228).exe 7606cb661c19b880bb13e39502660c25 PE64 PE File IcedID Malware download Malware Malicious Traffic unpack itself DNS	1 Keyword trend analysis	2	2		1.6			ZeroCERT

11209	2023-07-26 17:26	c2build.exe 20f0bdb1c1b0fc48e7923a5e9fc65c50 .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows Cryptographic key		2	2		3.8		28	ZeroCERT

11210	2023-07-26 17:25	UpdateProfile.exe a3336fcf021e1fb4a7465b4294e4baa7 RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) Confuser .NET OS Processor Check .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key		1			3.8		47	ZeroCERT

11211	2023-07-26 17:24	chrome.exe d50a781e825e40363b5dec38d4ec39e2 UPX Antivirus Malicious Library AntiDebug AntiVM .NET EXE PE File PE32 OS Processor Check VirusTotal Malware AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk VM Disk Size Check Windows ComputerName keylogger					13.0		35	ZeroCERT

11212	2023-07-26 17:24	task.exe 97b1b260abb2e35d57edcca826c9ba9b UPX Malicious Library AntiDebug AntiVM OS Processor Check PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications WriteConsoleW installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	4		12.4		46	ZeroCERT

11213	2023-07-26 17:22	TWENTYTWENTYWRWNTWENYWTWNYTWN%... efdcd2259b00d25f5eda777e77e6e393 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself IP Check Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.0		32	ZeroCERT

11214	2023-07-26 14:52	File_pass1234.7z dd48d433b225a68e26ca5b6446f0e5f9 Vidar Escalate priviledges PWS KeyLogger AntiDebug AntiVM RedLine Malware download Amadey Malware Microsoft Telegram suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself suspicious TLD IP Check PrivateLoader Kelihos Tofsee Fabookie Stealer Windows Trojan DNS Downloader	59 Keyword trend analysis Info http://hugersi.com/dl/6523.exe - rule_id: 32660 http://hugersi.com/dl/6523.exe http://aa.imgjeoogbb.com/check/safe - rule_id: 34652 http://aa.imgjeoogbb.com/check/safe http://87.120.88.198/g.exe - rule_id: 35229 http://87.120.88.198/g.exe http://85.208.136.10/api/tracemap.php - rule_id: 32662 http://85.208.136.10/api/tracemap.php http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://45.15.156.229/api/tracemap.php http://77.91.124.31/anon/an.exe - rule_id: 35218 http://77.91.124.31/anon/an.exe http://77.91.124.47/info/photo220.exe - rule_id: 35384 http://77.91.124.47/info/photo220.exe http://aa.imgjeoogbb.com/check/?sid=470378&key=a6fb0512a805190d888c34454cccd8b3 - rule_id: 34651 http://aa.imgjeoogbb.com/check/?sid=470378&key=a6fb0512a805190d888c34454cccd8b3 http://77.91.124.31/new/foto135.exe - rule_id: 35216 http://77.91.124.31/new/foto135.exe http://195.201.45.115/6edd27566a7696bd52cf86ffe3fbf739 http://195.201.45.115/085b5e6cac62c7d3e546c8fe976524a2 http://www.maxmind.com/geoip/v2.1/city/me http://95.214.25.207:3002/file.exe http://85.208.136.10/api/firegate.php - rule_id: 32663 http://85.208.136.10/api/firegate.php http://94.142.138.131/api/tracemap.php - rule_id: 28311 http://94.142.138.131/api/tracemap.php http://us.imgjeoigaa.com/sts/imagc.jpg - rule_id: 33482 http://us.imgjeoigaa.com/sts/imagc.jpg http://zzz.fhauiehgha.com/m/okka25.exe - rule_id: 34705 http://zzz.fhauiehgha.com/m/okka25.exe http://77.91.124.31/new/fotod25.exe - rule_id: 35217 http://77.91.124.31/new/fotod25.exe http://77.91.68.61/rock/index.php http://195.201.45.115/pack.zip - rule_id: 35411 http://195.201.45.115/pack.zip http://apps.identrust.com/roots/dstrootcax3.p7c http://195.201.45.115/ - rule_id: 35410 http://195.201.45.115/ https://hooligapps.site/setup294.exe - rule_id: 35386 https://hooligapps.site/setup294.exe https://sun6-22.userapi.com/c235131/u801981293/docs/d11/9e2217128eec/siddharthabuddh4_4.bmp?extra=5OcEE1Zjlyn6XGoGBjQ0LBroHhLq6wrCqEbjh6HmaumIinBIncRoHZUxQElN5gsHntrY17rjogp5c1PrQkipGfYvAyLX6BjIwuv-p1BSNm3F0Uj8w5HavJVlyotDFktAAv2iAdTnTdjj3-Zjhw https://vk.com/doc801981293_666823296?hash=IkJXfnuRw7ihxGiXRSyiY2Z66FKnxYargchJZwaWxKw&dl=zHJ4ClZYwxBgGwgirt2pehVBbUfVD7lazG0pZS1wCZ8&api=1&no_preview=1 https://vk.com/doc801981293_666972760?hash=gfReCWEH49Z6MClofQOdIxXFhpXXeU6d8rpjwmdewz4&dl=bs1IaRz40N3Rp1aZOq5ZzrZkdXiBefdMoio0ZRHy8X0&api=1&no_preview=1#vdr https://vk.com/doc791620691_663065029?hash=Efubo9FQtw3Bdj42XJVcJwymfIH3PazMKz8g5wJ0dZX&dl=G44TCNRSGA3DSMI:1682787066:QgrgzF33wDt9bwmmOgWCYTv61J7HwhLVZOXGaEdWiKP&api=1&no_preview=1#test https://sun6-22.userapi.com/c909218/u801981293/docs/d17/9c68faead5a5/PMmp.bmp?extra=UGNLoFDpKKVsUxNc5Hw3mDScjSPNHUjBrdr2lvhcJMPRnoxs4tl6L_QhDLEEluinE9PF1yIpvvK30fHjFpRXai-2aJdXxr52tHyf1QHXev5lDqAeiUWPDwmjVdq8wfVw31EOL_cqzzs-IFxmQw https://vk.com/doc801981293_666986760?hash=EypQ6vpS4yPTswMnb00CPFmQwfBfZDMhAjgFZFCigPT&dl=SKEDcaMZbN1h0P6yDU29Z3X8TntLoXxXj4TKBWAkIJD&api=1&no_preview=1#scjeen https://sun6-21.userapi.com/c237031/u801981293/docs/d45/32252d9b5eef/WWW1.bmp?extra=rXCW6muvJbVacDtMEzr5kBE_VxyhFcf8iXsc4OhJZYw1fgfQ26tKklrQOLwv7hP7JVIAKYvPDh6t5yBky_c0CjDHxso6RCQMl1vnqddvK_LGddlQAXHJbcnrnF-RFOmGswiH1GaeEnoQw0i02A https://sun6-23.userapi.com/c909228/u801981293/docs/d21/6b6982cc9a3c/vdr.bmp?extra=bHMlqwisVxmil6qKbRXVdbLCtE6eW2Lb9fMf5hG2zBTwGhUYhaGsyiakLYMEfRWFQGdcDzeSWOb1THMhVuczyuz2oziEJ8syytvGYOQbWfS-soij5azb0p5kZAOAJ7_YwLI_R6ipPjabcHHlHQ https://sun6-21.userapi.com/c240331/u801981293/docs/d27/d32d502e82e6/vdr_new.bmp?extra=a5EUFb3Gu8qFNOIrrNr6N9sSAoUpVjQBb1wGOubvrA3PVSgXwPcJdg7yMjBh6DwOBk6_bHkVl9IzU01dZMpbjDKbBQWbRaDp1LsydI7GUSo8dW7EVv1_lR2JzJdzK2AmkyJiXnQh7ciezADwnA https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://db-ip.com/ https://vk.com/doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJRGQ2TANA:1661413520:uZNj68vRUvQaydRD8wpAK8zluN0I7otw5AHbA1ZlN9T&api=1&no_preview=1 https://sun6-21.userapi.com/c909228/u801981293/docs/d17/40dc64278851/Lylawork_0721.bmp?extra=AJT6kLcPrgHuC3UUkbEzOZYApZ-0CPCfcwrOy8Lj2M72D9bqLHo5-er1hnOWbBNIpcfODIupk7b6jbUdT4IKLPTvsJrde9woBpYM9uPS7B9Yfuod6NTqNyWYmbhyK7pLfpL4RYpElM_nhgeTag https://vk.com/doc801981293_666878057?hash=1cohXPp9aLK2Xz7H2hezj89drs50PYuLRBoirKPj3B8&dl=vMZbPrQFZIXfQgzBVvuUmx7NUXxKHs9ZVFMOgU7roi0&api=1&no_preview=1#WW1 https://vk.com/doc801981293_666823290?hash=C40VUqDqCeh9PmntwYoL5pVZTrUVqPDt6gbkO0YPVBz&dl=5eyzOvvEImXidOsKxS45wfidN1CDlCKKPGBOYBev5Ag&api=1&no_preview=1 https://vk.com/doc791620691_663065029?hash=Efubo9FQtw3Bdj42XJVcJwymfIH3PazMKz8g5wJ0dZX&dl=G44TCNRSGA3DSMI:1682787066:QgrgzF33wDt9bwmmOgWCYTv61J7HwhLVZOXGaEdWiKP&api=1&no_preview=1#stats https://steamcommunity.com/profiles/76561199529242058 - rule_id: 35413 https://steamcommunity.com/profiles/76561199529242058 https://vk.com/doc801981293_666940494?hash=uSavslZirzWbQ0kzonC9SnoJn3rtqSRcOdEQ260gUB0&dl=R2BfVhkZKvL1zLlYCmFHftW0Q2PwIoh6NzkRg3wkNkc&api=1&no_preview=1#lyla	61 Info watson.microsoft.com(104.208.16.93) - db-ip.com(104.26.5.15) - zzz.fhauiehgha.com(156.236.72.121) - t.me(149.154.167.99) - ipinfo.io(34.117.59.81) - sun6-23.userapi.com(95.142.206.3) - hooligapps.site(104.21.6.229) - steamcommunity.com(23.206.58.148) - iplogger.org(148.251.234.83) - aa.imgjeoogbb.com(154.221.26.108) - api.db-ip.com(104.26.5.15) - sun6-21.userapi.com(95.142.206.1) - us.imgjeoigaa.com(103.100.211.218) - transfer.sh(144.76.136.153) - files.catbox.moe(108.181.20.35) - api.myip.com(104.26.9.59) - hugersi.com(91.215.85.147) - sun6-22.userapi.com(95.142.206.2) - www.maxmind.com(104.17.215.67) - vk.com(87.240.129.133) - iplis.ru(148.251.234.93) - 87.120.88.198 - 148.251.234.93 - 51.89.201.49 - 154.221.26.108 - 91.215.85.147 - 195.201.45.115 - 104.26.5.15 - 95.214.25.207 - 149.154.167.99 - 172.67.75.166 - 104.88.222.199 - 77.91.124.47 - 194.26.135.162 - 85.208.136.10 - 157.254.164.98 - 34.117.59.81 - 148.251.234.83 - 108.181.20.35 - 77.91.124.84 - 45.12.253.74 - 94.142.138.131 - 94.142.138.113 - 104.208.16.93 - 104.17.214.67 - 104.26.9.59 - 77.91.68.61 - 156.236.72.121 - 45.15.156.229 - 104.21.6.229 - 104.26.4.15 - 87.240.137.164 - 95.142.206.3 - 163.123.143.4 - 95.142.206.1 - 121.254.136.27 - 77.91.124.31 - 168.119.252.116 - 95.142.206.2 - 103.100.211.218 - 77.91.68.30 -	33 Info SURICATA Applayer Mismatch protocol both directions SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET INFO Executable Download from dotted-quad Host ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) ET DROP Spamhaus DROP Listed Traffic Inbound group 8 ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE Single char EXE direct download likely trojan (multiple families) ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET INFO EXE - Served Attached HTTP ET MALWARE Win32/Fabookie.ek CnC Request M4 (GET) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET INFO TLS Handshake Failure ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET INFO Dotted Quad Host ZIP Request ET MALWARE Redline Stealer Activity (Response) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Response) ET INFO Observed Telegram Domain (t .me in TLS SNI) ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET MALWARE Possible Kelihos.F EXE Download Common Structure ET POLICY Observed DNS Query to File Transfer Service Domain (transfer .sh) ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in DNS Lookup)	18 Info http://hugersi.com/dl/6523.exe http://aa.imgjeoogbb.com/check/safe http://87.120.88.198/g.exe http://85.208.136.10/api/tracemap.php http://45.15.156.229/api/tracemap.php http://77.91.124.31/anon/an.exe http://77.91.124.47/info/photo220.exe http://aa.imgjeoogbb.com/check/ http://77.91.124.31/new/foto135.exe http://85.208.136.10/api/firegate.php http://94.142.138.131/api/tracemap.php http://us.imgjeoigaa.com/sts/imagc.jpg http://zzz.fhauiehgha.com/m/okka25.exe http://77.91.124.31/new/fotod25.exe http://195.201.45.115/pack.zip http://195.201.45.115/ https://hooligapps.site/setup294.exe https://steamcommunity.com/profiles/76561199529242058	6.6			ZeroCERT

11215	2023-07-26 14:43	lano2.hta 58f04a5ef090681704054640bf0f1b7c Generic Malware Antivirus AntiDebug AntiVM PowerShell MSOffice File VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed		4	2		9.2		15	ZeroCERT

11216	2023-07-26 14:41	system_root.vbs b623f2c106911f4e526aecce1eca1261 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	2 Keyword trend analysis	2	1		7.8		13	ZeroCERT

11217	2023-07-26 14:36	wininit.exe 73bbb2587a15c2e32d469cb3abe192c9 NSIS UPX Malicious Library PE File PE32 DLL Check memory Creates executable files unpack itself AppData folder					2.0			ZeroCERT

11218	2023-07-26 14:36	wininit.exe 614ef8a46ff7b0f353b6ce2540c30d8e NSIS UPX Malicious Library PE File PE32 DLL Check memory Creates executable files unpack itself AppData folder					2.0			ZeroCERT

11219	2023-07-26 14:30	File_pass1234.7z dd48d433b225a68e26ca5b6446f0e5f9 Escalate priviledges PWS KeyLogger AntiDebug AntiVM suspicious privilege Check memory Checks debugger unpack itself					1.6	M		ZeroCERT

11220	2023-07-26 13:25	IDBh.hta 42add60c5e71accdfbb0a16bd34515ae Generic Malware Antivirus AntiDebug AntiVM PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName Cryptographic key	1 Keyword trend analysis				7.0		5	ZeroCERT