Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
11626	2023-07-11 09:39	h.html 1c87f3cd6fb4a0197977a9d7365a5e09 Generic Malware Antivirus AntiDebug AntiVM PowerShell powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1	10.0			ZeroCERT

11627	2023-07-11 09:38	bv6.jpg.ps1 8f1d7cb8f3b9b72dd69fc451fca11a64 Generic Malware Antivirus powershell Check memory unpack itself Check virtual network interfaces WriteConsoleW Tofsee Windows ComputerName Cryptographic key	2 Keyword trend analysis	2	1	3.0	M		ZeroCERT

11628	2023-07-11 09:36	schtasks.exe b32e6ee308372d87ba59b9e851b35972 AsyncRAT UPX .NET framework(MSIL) Malicious Packer OS Processor Check .NET EXE PE File PE32 Malware download AsyncRAT NetWireRC Malware DNS		1	2	0.6			ZeroCERT

11629	2023-07-11 09:34	194.169.175.136:3002 beb8f75815003ffcee31bc2626bbe2d9 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB				1.8		26	ZeroCERT

11630	2023-07-11 09:33	h.html 1c87f3cd6fb4a0197977a9d7365a5e09 unpack itself crashed				0.6			ZeroCERT

11631	2023-07-11 07:59	csrssd.exe c415c178036686bf3a3fbd8dc296a686 .NET framework(MSIL) AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself suspicious TLD DNS crashed	18 Keyword trend analysis Info http://www.niubiseo158.top/8mwu/ http://www.framedeals.buzz/8mwu/ http://www.investmentmastr.com/8mwu/ http://www.date-store.info/8mwu/ http://www.uty186.com/8mwu/ http://www.framedeals.buzz/8mwu/?AtRS=VWM5CmNEXV0Wws5lOi41B/CT5DkRJBR63DKPnwmZQhPPNIeL3HbUg+RwDwZOLCkdO7WSUUICcQ5s3r8q/6yBYhvdm+7LZZAalqtbZFE=&L08E=VdmpZkW2d http://www.homesalerealtywi.com/8mwu/?AtRS=oINJ/gp/aJeJF1lmtDttIp5zYupEQ9+i41jy+2inlUmQPi8yQegxtF+73D7Viv9VJKhdmECNx8qtF80OZhRsVw7SvxMGhJ4ooOkNn5A=&L08E=VdmpZkW2d http://www.snazzy.top/8mwu/ http://www.effmkg.top/8mwu/ http://www.snazzy.top/8mwu/?AtRS=hq4LUNPbOJJ32NO4taYz6MbqZKFszgoxkz2vk6DroaZ2ot5/vFuGkg9TSETWpPkUvR5zvHY4W4/OsVbmF+Jpeu4hTeI286k5D1jdj0E=&L08E=VdmpZkW2d http://www.homesalerealtywi.com/8mwu/ http://www.niubiseo158.top/8mwu/?AtRS=DpBsY/EqeNdrZFzJBhJgkE6I4JhtuhKG/ihhRdK7+ZddsX/RTtTF+8Mul1ZbonjYts59d9bhAh3cEH3KC86wGfwsRy2myXMRgqa2uDs=&L08E=VdmpZkW2d http://www.effmkg.top/8mwu/?AtRS=cuz6fZ9rAQU+AblclZ0dz+AWyQnWqvDu1YxezGquJoJchTSyh9fWxECepA/LrKXAq+eZ/F2gxCu5cJ8yEGWuS25DvJh6mlleb3H+l3g=&L08E=VdmpZkW2d http://www.baotrang-jewelry.com/8mwu/ http://www.date-store.info/8mwu/?AtRS=QCWughoEBLNWlxoKJazXJvFVptHaudS5CtBHXaoHYx4YCXEq+K4liCb7WZlVD+RMuH5kCBUqy3mcV+3Nr6i4SxN+kY5cxzsbKOKS/94=&L08E=VdmpZkW2d http://www.sqlite.org/2017/sqlite-dll-win32-x86-3200000.zip http://www.investmentmastr.com/8mwu/?AtRS=PsH7VurMFQyD6ju4MnYVKLsngyhRF0i3kpEyk+bvF+v2WbyUoo2xQnfNKDF27FubHa/Uq1yd2iymJaC1K/rhLY6C/0yWRYEJmyt9xCA=&L08E=VdmpZkW2d http://www.baotrang-jewelry.com/8mwu/?AtRS=EU3iIBTa7/FiG89Zkn9giTIgWQjAgZeKQjtjqA56CDWeG/Y64M9bd0fUJ8VEDSTetbKxDk1W+HVeVL/Bv/O0oK42dWysymJF/Fz7e18=&L08E=VdmpZkW2d	21 Info www.effmkg.top(206.119.167.205) www.dinohoki85.online() www.homesalerealtywi.com(204.11.56.48) www.niubiseo158.top(192.250.196.82) www.snazzy.top(203.161.55.144) www.framedeals.buzz(104.21.73.200) www.investmentmastr.com(68.178.150.54) www.uty186.com(122.10.20.248) www.date-store.info(162.43.104.75) www.ansuzmedia.store() www.baotrang-jewelry.com(13.215.123.39) 206.119.167.205 68.178.150.54 162.43.104.75 192.250.196.82 172.67.165.207 54.179.30.8 45.33.6.223 204.11.56.48 - phishing 203.161.55.144 122.10.20.248	4	10.0	M	29	ZeroCERT

11632	2023-07-11 07:47	2.jpg 7416ede6924c85117720a8a9d158c67f .NET EXE PE File PE32 Malware download NetWireRC VirusTotal Malware PDB suspicious TLD IP Check RAT DNS	1 Keyword trend analysis	4	3	3.8		33	ZeroCERT

11633	2023-07-11 07:46	haitianzx.doc 39c47863ba1127bb0f46600ac15e2349 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	4	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SURICATA Applayer Detect protocol only one direction SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	5.2		31	ZeroCERT

11634	2023-07-11 07:45	photo540.exe 0b18dc187ed40a7a6310a6c4ba98ec91 Gen1 Emotet SmokeLoader UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger WMI Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed Downloader	5 Keyword trend analysis	3	13 Info ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Executable Download from dotted-quad Host ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	17.4	M		ZeroCERT

11635	2023-07-11 07:37	LUG.exe 467aa373b20db6d16cd7a3a5d9bab790 .NET framework(MSIL) .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger unpack itself				5.4	M	31	ZeroCERT

11636	2023-07-11 07:33	templezx.doc 96908698ef1a19e7b6c4cc2f52637d3b MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Exploit crashed				3.2		33	ZeroCERT

11637	2023-07-11 07:33	Your.exe 1344dd42f796869f3091e194b0d819da UPX .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself ComputerName				2.2		29	ZeroCERT

11638	2023-07-10 18:55	a.exe 1d35572dfa6a564b147bad355ad1be78 UPX Malicious Library Malicious Packer OS Processor Check PE File PE32 VirusTotal Malware				1.8	M	43	ZeroCERT

11639	2023-07-10 18:20	foto175.exe 2415dbdd83d587bd33b25678273cb84a Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer OS Processor Check PE File PE32 DLL .NET EXE CAB Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName DNS Cryptographic key Software crashed	3 Keyword trend analysis	2	10 Info ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Dotted Quad Host DLL Request ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	16.0	M		ZeroCERT

11640	2023-07-10 18:17	new64.dll e8adc07619649cf7775aca6366e44505 Malicious Library DLL PE64 PE File VirusTotal Malware Checks debugger unpack itself DNS		1		2.4		11	ZeroCERT