Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
12031	2023-06-22 10:07	MEMOVACATIONLIST7548100283DH47... 4954636fe876459d1a8654235bec6f3c UPX Malicious Library MZP Format PE File PE32 VirusTotal Malware RWX flags setting unpack itself				2.8		40	ZeroCERT

12032	2023-06-22 10:06	wedrwedrwedrwedrwedrwedrwedrwe... 4208d961a2d6b6c77f5b2df38ba17308 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware buffers extracted RWX flags setting exploit crash Exploit crashed				3.6	M	36	ZeroCERT

12033	2023-06-22 09:48	4496yMXOMEFWjdcymtyixXGwFNHj.e... edf82914f3ce5c02d8d22ada9c14cdac UPX Malicious Library Malicious Packer OS Processor Check PE64 PE File VirusTotal Malware				1.4	M	42	ZeroCERT

12034	2023-06-22 09:46	Order_form_KLS2301_07095501400... 67274e089d17fcbdb0a31877d7155622 Hide_EXE Anti_VM AntiDebug AntiVM PE64 PE File VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key DDNS		2	2	8.0	M	23	ZeroCERT

12035	2023-06-22 09:44	rererereererererererererereree... 8c694cf91420a9ff5ebb6d52c05d30c6 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Windows Discord Exploit DNS crashed	2 Keyword trend analysis	5	8 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed Discord Domain (discordapp .com in TLS SNI) ET INFO Executable Download from dotted-quad Host ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.6	M	36	ZeroCERT

12036	2023-06-22 09:43	d892f170764e99dae34d7dded5da59... aa68044e16a115af4ea1de3d062c4e41 AntiDebug AntiVM CHM Format VirusTotal Malware MachineGuid Code Injection Check memory RWX flags setting unpack itself suspicious process Interception ComputerName DNS crashed	1 Keyword trend analysis	1		6.6		24	ZeroCERT

12037	2023-06-22 09:07	DaHost.exe 7c93d0dd185ced28f3308d11090c7b6e .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself crashed				2.0		39	ZeroCERT

12038	2023-06-22 09:05	ChromeDrivers23-061.exe d24a37cda54268557443774b2a714799 PE64 PE File VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key				3.4		52	ZeroCERT

12039	2023-06-22 09:04	DaHost.exe 0b359f7313105869be34d6abe847c38b NSIS UPX Malicious Library PE File PE32 DLL GIF Format VirusTotal Malware Check memory Creates shortcut Creates executable files unpack itself AppData folder anti-virtualization Tofsee Discord DNS crashed		2	3	4.8		45	ZeroCERT

12040	2023-06-22 08:59	Builddd.exe b9676777f6b152c028969287f42931a0 UPX .NET framework(MSIL) Confuser .NET OS Processor Check .NET EXE PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	3	6.2	M	48	ZeroCERT

12041	2023-06-22 08:59	build.exe 53c3c141b89b777bb8d9827e31e59802 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself Remote Code Execution				2.0	M	29	ZeroCERT

12042	2023-06-21 17:08	tst.xls bce13902533947cb73decdacecdbf12c MSOffice File unpack itself				0.4			guest

12043	2023-06-21 17:05	TGSS-60HVI3 ODU- EXP-GCHV-D160... bce13902533947cb73decdacecdbf12c MSOffice File unpack itself				0.4			guest

12044	2023-06-21 16:09	data64_1.exe 3f8f5177e8907b126f2575b67aea9db1 RedLine stealer UPX Admin Tool (Sysinternals etc ...) AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	3	11.6	M	32	ZeroCERT

12045	2023-06-21 16:06	SetUpLyla1906.exe 83ef65a424e1baf1d7b861acec54ecb4 UPX Admin Tool (Sysinternals etc ...) Socket DNS AntiDebug AntiVM .NET EXE PE File PE32 PNG Format PE64 JPEG Format VirusTotal Malware Buffer PE PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Tofsee Interception	10 Keyword trend analysis Info http://tokoi45.beget.tech/server.txt http://tokoi45.beget.tech/server1.txt http://tokoi45.beget.tech/server2.txt http://mynsd2u.com/1/data64_1.exe http://mynsd2u.com/1/data64_2.exe http://mynsd2u.com/1/data64_3.exe http://mynsd2u.com/1/data64_4.exe http://mynsd2u.com/1/data64_5.exe http://mynsd2u.com/1/data64_6.exe http://mynsd2u.com/webArg1.txt	6	2	11.8	M	33	ZeroCERT