Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
11536	2023-07-14 07:44	HHH1.exe 2e29ca797a270d08c074968bd8c42649 Generic Malware UPX Antivirus AntiDebug AntiVM PE64 PE File OS Processor Check VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Auto service Check virtual network interfaces malicious URLs Tofsee Windows DNS Cryptographic key	1 Keyword trend analysis	3	1		9.4	M	23	ZeroCERT

11537	2023-07-14 07:42	app64.dll 4aa7e4b29ba9c9c9a44ed8c096758956 Malicious Library DLL PE64 PE File VirusTotal Malware Malicious Traffic Checks debugger Remote Code Execution DNS	1 Keyword trend analysis	2			3.2	M	29	ZeroCERT

11538	2023-07-14 07:40	Ads.exe fcb679b0de5f4f8ac6758087df0eea4b Generic Malware UPX Antivirus ScreenShot KeyLogger AntiDebug AntiVM PE64 PE File OS Processor Check VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Auto service Check virtual network interfaces malicious URLs Tofsee Windows Cryptographic key	1 Keyword trend analysis	2	1		8.8	M	29	ZeroCERT

11539	2023-07-14 07:37	ijijhgijsifjsidjiwjeijijijijif... 84f81dca8965bec393cdc9af3a564545 MS_RTF_Obfuscation_Objects RTF File doc Vulnerability VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Exploit DNS crashed	1 Keyword trend analysis	1	3		4.4	M	29	ZeroCERT

11540	2023-07-14 07:36	olor.exe 8dfdbc3a8f598f002a270eefd09b5162 AgentTesla .NET framework(MSIL) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed		2	2		10.6	M	44	ZeroCERT

11541	2023-07-14 07:35	websm.exe e716168756c85d9652baae798f94bdfa UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself Remote Code Execution DNS		1			2.8	M	46	ZeroCERT

11542	2023-07-14 07:34	pubmixazed.exe 4d9408686911e97c20712070a341fe60 Generic Malware UPX Antivirus PE64 PE File OS Processor Check VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Auto service Check virtual network interfaces Tofsee Windows Cryptographic key	1 Keyword trend analysis	2	1		7.8		28	ZeroCERT

11543	2023-07-14 07:33	csrssmd.exe af17c05e85e4e33359ccab3e6d4a3de2 Generic Malware Antivirus PWS SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed		2	2		13.4	M	54	ZeroCERT

11544	2023-07-14 07:32	65.hta c424aa5b9e44cdfa876c24c898bd1205 Generic Malware Antivirus Hide_URL VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					5.2	M	6	ZeroCERT

11545	2023-07-14 07:31	APSLoader.exe 751dd472c61b174351d8f98ce5619a7d SmokeLoader PE File PE32 VirusTotal Malware					2.2	M	54	ZeroCERT

11546	2023-07-13 18:57	cc.exe ebadf0b0222d1fbda47585fee0a067fd UPX Malicious Library AntiDebug AntiVM OS Processor Check PE File PE32 Browser Info Stealer RedLine Malware download VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key crashed		1	3		10.8		19	ZeroCERT

11547	2023-07-13 18:54	sixlocation.exe c210363cbccbc72e12118622bbbc7083 Gen1 Emotet Malicious Library CAB PE64 PE File .NET EXE PE32 VirusTotal Malware AutoRuns PDB Check memory Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName Remote Code Execution					4.4		15	ZeroCERT

11548	2023-07-13 13:19	File_pass1234.7z 40058f3b772f34b08e4de41ce5975864 Escalate priviledges PWS KeyLogger AntiDebug AntiVM RedLine Malware download Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check PrivateLoader Tofsee Fabookie Stealer Windows Trojan DNS Downloader	24 Keyword trend analysis Info http://94.142.138.131/api/firegate.php - rule_id: 32650 http://aa.imgjeoogbb.com/check/?sid=450708&key=ba2d5ff6ab8de1774d12bbe8f58b5f80 - rule_id: 34651 http://hugersi.com/dl/6523.exe - rule_id: 32660 http://zzz.fhauiehgha.com/m/okka25.exe - rule_id: 34705 http://aa.imgjeoogbb.com/check/safe - rule_id: 34652 http://apps.identrust.com/roots/dstrootcax3.p7c http://94.142.138.131/api/tracemap.php - rule_id: 28311 http://45.66.230.164/g.exe - rule_id: 34813 http://www.maxmind.com/geoip/v2.1/city/me http://us.imgjeoigaa.com/sts/imagc.jpg - rule_id: 33482 http://45.15.156.229/api/tracemap.php - rule_id: 33783 https://camoverde.pw/setup294.exe - rule_id: 34973 https://sun6-20.userapi.com/c909518/u808950829/docs/d27/7e44ee901e11/RisePro_0_2_9OlnHESIYJe6q7VK6ha9.bmp?extra=mFRh8hRuIL4PQbqjQpKrFn-yk8q7e2BWnJcqbaqBfpWrw12CSNwXPiydpOm7fdZW-VkLBpEDSQCAh9N4wgX73nDTC4QfkafUuRdE_zB6PAkYt8WkLxrZWRCZYzL9R1d-09JMTc0rjx7nTc8Ejw https://vk.com/doc808950829_663871412?hash=8ehIwnmHBe3gPQFQr33m9RxU44AQihyQbijm4RaLc48&dl=Mq7velIvPVVgNnqKI27x77nmBa5DkTDs5e4oXZ7UFF8&api=1&no_preview=1 https://vk.com/doc808950829_664186552?hash=1s9iE5Kgt9FANPHVKZA2SevYzVjMVZoFv12OonZIzaT&dl=BQIZXKyYvEtMx9159XykdFJl2YsvYGygHeUBECzJOOX&api=1&no_preview=1#grey https://vk.com/doc808950829_664179824?hash=7y975z01doW0l1g0cI8z6K8SmxVd0YYXHDhMKKaBTZz&dl=XbJyBV6ZufZQ2A2vwUeIeNZ42zKjemc02v0szs3TE6z&api=1&no_preview=1#rise_test https://sun6-21.userapi.com/c237331/u808950829/docs/d45/9e7526772d0a/Grey_MAsttre03.bmp?extra=8T3GVnRSHkbnOoamPgnW-Cv4xANxtyuLJC8y0QjDtpRD-bEhN0Uh8mhU3WHYrtyD-5SBhAokPpIvJ7QfT1aoGL667fCB4gXDv6A4mFx_xqyCDYuGNBN5ZlDyNeZUV-cCTGua33902_8YFarU7A https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://db-ip.com/ https://sun6-20.userapi.com/c235031/u808950829/docs/d20/7255882231b8/PMmp.bmp?extra=y_OyY7INsH6aj7-dRXOZMRg8E7fAVBvEPjv-ZYd1fS-NIL0_vUy0d6mwXew80qrwMnqyLGSBlfN7EDlJ08NCr224j8-e2KmiUheMEur5pNv8keQ7mF88gBsWX9iPegCBlecJOMIS7-Vb41JftQ https://sun6-21.userapi.com/c235131/u808950829/docs/d53/768dda3e213b/31bhpef20u5o7.bmp?extra=dgmz4H72H5rvy_EBF4On77fbct5UBiCHg6aSLsmzFCBhDfvNnlr2E6WPbQDljvi-waBkmv0xSg8yRpLQO23hZ-sRBEpulUOykXPpY1Ka14ypP4q2TKzaWXBzUVGWmHL24zjTWqVEfilJLyVB5Q https://vk.com/doc808950829_663933421?hash=ioG5QB3qvIws86ott1cKJe6Pb7yplHVFXBwsSvr5HZs&dl=mmMqy1dNgzrQdMHtVCaer8XyZ5fyDV65DqKrscCiZKT&api=1&no_preview=1 https://sun6-23.userapi.com/c240331/u808950829/docs/d25/053a5d3ab851/5.bmp?extra=MgPqKvSpJRVzdc1sy4MhZh-5VcUgelLtlp5JQWONauDmpOLNKT3Dn1g342miQlipJZwQuz-T04bTlW8_-12eYUYB4gplokbQobMBlLGgw595euXc82IPMSrVok_cNx30Fk4rpmdNs2flQOg0wA https://vk.com/doc808950829_663974118?hash=dOMWUsvinJ2cpviUzz7vnxpsK8egTpcGetxzR7zZrlH&dl=jOHjRjzy9zAt3pzHP5nbHskFZI2CUKmKC4cOjJyWMzc&api=1&no_preview=1#5	48 Info www.maxmind.com(104.17.214.67) sun6-23.userapi.com(95.142.206.3) api.db-ip.com(104.26.4.15) api.myip.com(104.26.8.59) hugersi.com(91.215.85.147) - malware sun6-21.userapi.com(95.142.206.1) - mailcious db-ip.com(172.67.75.166) zzz.fhauiehgha.com(156.236.72.121) - mailcious ipinfo.io(34.117.59.81) aa.imgjeoogbb.com(154.221.26.108) - mailcious us.imgjeoigaa.com(103.100.211.218) - mailcious bitbucket.org(104.192.141.1) - malware camoverde.pw(172.67.128.35) - malware sun6-20.userapi.com(95.142.206.0) - mailcious vk.com(87.240.129.133) - mailcious iplogger.org(148.251.234.83) - mailcious iplis.ru(148.251.234.93) - mailcious 148.251.234.93 - mailcious 194.169.175.128 - mailcious 154.221.26.108 - mailcious 104.17.215.67 91.215.85.147 - malware 104.26.5.15 176.123.9.85 - mailcious 45.12.253.74 - malware 172.67.75.163 77.91.124.40 - malware 194.26.135.162 - mailcious 157.254.164.98 - mailcious 34.117.59.81 104.21.0.171 - malware 87.240.137.164 - mailcious 148.251.234.83 194.169.175.136 - malware 61.111.58.35 - malware 45.66.230.164 - malware 94.142.138.131 - mailcious 104.192.141.1 - mailcious 94.142.138.113 - mailcious 156.236.72.121 - mailcious 45.15.156.229 - mailcious 104.26.4.15 147.135.165.22 95.142.206.3 163.123.143.4 - mailcious 95.142.206.1 - mailcious 95.142.206.0 - mailcious 103.100.211.218 - malware	20 Info ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA Applayer Mismatch protocol both directions ET MALWARE Single char EXE direct download likely trojan (multiple families) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET DNS Query to a *.pw domain - Likely Hostile ET INFO TLS Handshake Failure ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) ET MALWARE Win32/Fabookie.ek CnC Request M4 (GET) ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET INFO EXE - Served Attached HTTP ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET DROP Spamhaus DROP Listed Traffic Inbound group 27	10 Info http://94.142.138.131/api/firegate.php http://aa.imgjeoogbb.com/check/ http://hugersi.com/dl/6523.exe http://zzz.fhauiehgha.com/m/okka25.exe http://aa.imgjeoogbb.com/check/safe http://94.142.138.131/api/tracemap.php http://45.66.230.164/g.exe http://us.imgjeoigaa.com/sts/imagc.jpg http://45.15.156.229/api/tracemap.php https://camoverde.pw/setup294.exe	6.2	M		ZeroCERT

11549	2023-07-13 13:18	b.jpg.ps1 92589da336f8a80a34a764cb763c7e01 Hide_EXE Generic Malware Antivirus VirusTotal Malware Check memory unpack itself WriteConsoleW Windows Cryptographic key					1.6	M	11	ZeroCERT

11550	2023-07-13 11:34	File.7z a59d6f347f0e85b174d3618a09037237 Escalate priviledges PWS KeyLogger AntiDebug AntiVM VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself					2.0	M	8	ZeroCERT