Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12016	2023-06-22 17:40	1099-MISC.jar c1a10e84f73f716c09b346ff4208b39e ZIP Format VirusTotal Malware AutoRuns Check memory Checks debugger RWX flags setting unpack itself Windows utilities Check virtual network interfaces suspicious process Windows DNS crashed		1			4.4		18	guest

12017	2023-06-22 17:39	photo085.exe c3f6bfa5ad67642e7c540b458c375fbf Gen1 Emotet UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) OS Processor Check PE File PE32 DLL CAB Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName DNS Cryptographic key Software crashed	3 Keyword trend analysis	2	10 Info ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M1 ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	3	15.8	M	29	ZeroCERT

12018	2023-06-22 17:36	bira.exe 812117b53cdcb42545bf29d4de9c250e UPX .NET framework(MSIL) Confuser .NET OS Processor Check .NET EXE PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	3		6.2	M	50	ZeroCERT

12019	2023-06-22 17:36	cleanmgrse.exe b1a48b37d6eae92a63c51f1a6a26f604 .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself ComputerName					2.2	M	51	ZeroCERT

12020	2023-06-22 17:34	44yQ9dcOIkFHUOt.exe a7498599d114b42b2deba2b694f65eca UPX .NET framework(MSIL) OS Processor Check .NET EXE PE File PE32 Browser Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself Browser Email ComputerName crashed					5.2	M	53	ZeroCERT

12021	2023-06-22 17:34	sdesdesdesdsesdfsdfefsfsdssdse... eecdb787bdf7328b2ebcdc0ab2751e7b MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Exploit crashed					3.0	M	28	ZeroCERT

12022	2023-06-22 14:19	File_pass1234.7z 925bad98f5262b9221631e9a52312aa1 PWS Escalate priviledges KeyLogger AntiDebug AntiVM RedLine Malware download Amadey VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself suspicious TLD IP Check PrivateLoader Tofsee Fabookie Stealer Windows DNS	21 Keyword trend analysis Info http://208.67.104.60/api/firegate.php - rule_id: 34253 http://hugersi.com/dl/6523.exe - rule_id: 32660 http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://83.97.73.134/gallery/photo085.exe http://as.imgjeoigaa.com/check/safe - rule_id: 33483 http://94.142.138.131/api/tracemap.php - rule_id: 28311 http://www.maxmind.com/geoip/v2.1/city/me http://208.67.104.60/api/tracemap.php - rule_id: 28876 http://77.91.68.63/doma/net/index.php - rule_id: 34361 http://us.imgjeoigaa.com/sts/imagc.jpg - rule_id: 33482 http://ji.jahhaega2qq.com/m/p0aw25.exe - rule_id: 33779 http://194.169.175.132:3002/ - rule_id: 34588 http://as.imgjeoigaa.com/check/?sid=436008&key=c3798acabba9689bdbf070c2e2b747f1 - rule_id: 34487 https://sun6-21.userapi.com/c237131/u228185173/docs/d35/a44c6cc3cc9f/RisePro_0_1_mA7L5kJnTfFOiuHxQYaS.bmp?extra=_KtsJdTMV3aRx6uZmVOYzdnz_k-Ntyx6Z49MCaP-V0UlGwoUMvChn0a_vsN_qW0mgAM8QbP9-enp1BS-SUljSA77rN3xnxEQj6CDOUpufqiHjg6xJQWtDfWNxJNLEhymJCtJtSrV__c_aRf35g https://sun6-23.userapi.com/c909418/u228185173/docs/d27/c331d516fe10/WWW1.bmp?extra=2b8X7OYcStmbVWBDJ5PqBUvFN-LUgfcgrOqKx8roei0KxVoN1KIXSMT5INIGo0Etul7SeqRnxPcsSR6sHLUOvB_6jx3DCa7T2IbI35GaPzHBSF3y1Lr7stxt7rODR0lZPo6uX46R41D5HaGooA https://db-ip.com/demo/home.php?s=175.208.134.152 https://sun6-20.userapi.com/c237131/u808950829/docs/d4/9f4bd993f989/cosmicc.bmp?extra=b-T0v97qkSqPIll9jAgSjaZ38_R974JZEiGdUUoVAj1H5LBXBY__FAeS-JJjuHXq4G14JlSq_ody37o-NmD3WGwOxgCMbEsmWjPSYd3L75NwE2b6jkFO_UDn1TethZAyx-pASfrNaCsDZGPWMw https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://db-ip.com/ https://vk.com/doc808950829_663175378?hash=I29Eyccvik9W3sMTiQkMGRrmawPF3AUVge22Ez2sdQc&dl=CSMWKomjoZBnBwX0QjOb95MM0LIvJKsuh3hvz4d7znH&api=1&no_preview=1 https://sun6-22.userapi.com/c236331/u808950829/docs/d59/f83f18b9770d/PMmp.bmp?extra=5fxw28lXMGPmYgk24FQk9OxFELh20pDDGozgmzUAhEPXzCwwHVv5PV_CY24gl-UriByrMJ6A3ncux4jGBdjjtBs7b0TGRoxb61UmLYVCqmRCNCmi4clz2D0aQrsnQ6ncg-SjFF219Bd5rnCyDg	46 Info db-ip.com(104.26.5.15) as.imgjeoigaa.com(39.109.117.57) - mailcious api.myip.com(104.26.8.59) hugersi.com(91.215.85.147) - malware iplis.ru(148.251.234.93) - mailcious ji.jahhaega2qq.com(172.67.182.87) - malware iplogger.org(148.251.234.83) - mailcious sun6-23.userapi.com(95.142.206.3) sun6-21.userapi.com(95.142.206.1) - mailcious ipinfo.io(34.117.59.81) sun6-22.userapi.com(95.142.206.2) www.maxmind.com(104.17.215.67) sun6-20.userapi.com(95.142.206.0) - mailcious api.db-ip.com(172.67.75.166) vk.com(87.240.129.133) - mailcious us.imgjeoigaa.com(154.221.19.146) - mailcious 148.251.234.93 - mailcious 194.169.175.128 - mailcious 83.97.73.128 - malware 91.215.85.147 - malware 104.26.5.15 208.67.104.60 - mailcious 172.67.75.166 135.125.27.228 157.254.164.98 - mailcious 34.117.59.81 172.67.182.87 - malware 148.251.234.83 104.26.8.59 194.169.175.132 - mailcious 45.12.253.74 - malware 94.142.138.131 - mailcious 154.221.19.146 - mailcious 94.142.138.113 - mailcious 104.17.214.67 83.97.73.134 77.91.68.63 - malware 45.15.156.229 - mailcious 87.240.137.164 - mailcious 95.142.206.3 163.123.143.4 - mailcious 95.142.206.1 - mailcious 95.142.206.0 - mailcious 45.9.74.6 - malware 95.142.206.2 39.109.117.57 - mailcious	21 Info SURICATA Applayer Mismatch protocol both directions SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET DROP Spamhaus DROP Listed Traffic Inbound group 40 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET INFO EXE - Served Attached HTTP ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Win32/Fabookie.ek CnC Request M4 (GET) ET INFO TLS Handshake Failure ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M1 ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET POLICY IP Check Domain (iplogger .org in TLS SNI)	11 Info http://208.67.104.60/api/firegate.php http://hugersi.com/dl/6523.exe http://45.15.156.229/api/tracemap.php http://as.imgjeoigaa.com/check/safe http://94.142.138.131/api/tracemap.php http://208.67.104.60/api/tracemap.php http://77.91.68.63/doma/net/index.php http://us.imgjeoigaa.com/sts/imagc.jpg http://ji.jahhaega2qq.com/m/p0aw25.exe http://194.169.175.132:3002/ http://as.imgjeoigaa.com/check/	7.0	M	8	ZeroCERT

12023	2023-06-22 11:13	n0cjd0kc.exe f09c7cd38fbc8b59264301db9c2d3991 Generic Malware UPX Malicious Library Antivirus AntiDebug AntiVM OS Processor Check PE File PE32 PowerShell VirusTotal Malware Microsoft Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process WriteConsoleW IP Check Windows ComputerName DNS Cryptographic key crashed	3 Keyword trend analysis	5	2	1	12.8	M	51	ZeroCERT

12024	2023-06-22 11:10	123.exe 0a37c2dbf12101e1f082e345c76fd594 Browser Login Data Stealer Generic Malware UPX PE File PE32 icon Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger exploit crash unpack itself Check virtual network interfaces installed browsers check Windows Exploit Browser Remote Code Execution Cryptographic key crashed					8.0	M	56	ZeroCERT

12025	2023-06-22 10:37	qqsrv.exe f1bf04ac46c4a9fd55f902d495461147 UPX Malicious Library Malicious Packer OS Processor Check PE File PE32 VirusTotal Malware Remote Code Execution					1.6	M	48	ZeroCERT

12026	2023-06-22 10:36	postmon.exe f7d6bd06f96439787aa170983ab55c3e Gen2 Generic Malware UPX Malicious Library Malicious Packer Antivirus OS Processor Check PE File PE32 PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName Remote Code Execution DNS Cryptographic key	10 Keyword trend analysis Info http://195.123.226.82/index.php?id=017bd04f-b3bf-45b6-8167-9e8f41ff87bf&subid=6MdhbTcM https://sungeomatics.com/css/colors/cc2.exe https://sungeomatics.com/css/colors/cc1.php https://sungeomatics.com/css/colors/cc4.exe https://sungeomatics.com/css/colors/debug2.ps1 https://sungeomatics.com/css/colors/cc5.exe https://sungeomatics.com/css/colors/dd_64.exe https://sungeomatics.com/css/colors/cc3.exe https://sungeomatics.com/css/colors/cc2.php https://sungeomatics.com/css/colors/cc3.php	3	1		10.0		48	ZeroCERT

12027	2023-06-22 10:34	debug4.ps1 01038f84dcf04933d65c1377a99b98a8 Generic Malware Antivirus Malware powershell Malicious Traffic Check memory unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	1			4.6			ZeroCERT

12028	2023-06-22 10:33	debug2.ps1 d903920d63cbfa12a1f2118ef9c3529d Generic Malware Antivirus VirusTotal Malware powershell Malicious Traffic Check memory unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	1			5.0		6	ZeroCERT

12029	2023-06-22 10:32	Kaspersky Premium.msi 7c242798e9aa870339219e2a32540ef7 Gen2 Generic Malware Malicious Library UPX Malicious Packer AntiDebug AntiVM OS Processor Check CAB MSOffice File DLL PE File PE32 Browser Info Stealer VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut exploit crash unpack itself Windows utilities AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Exploit Browser ComputerName crashed					8.2		17	ZeroCERT

12030	2023-06-22 10:10	3052c15a0e5926da6706d7bc1440d1... 67b3201085b9b59d58c4a71c8b539bb0 UPX Malicious Library OS Processor Check DLL PE64 PE File VirusTotal Malware PDB Checks debugger unpack itself crashed					1.4		7	ZeroCERT