Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12136	2021-09-07 09:50	https://mail.hoteloscar.in/ima... 7546581523b86a9d2b4e60254573e57c AntiDebug AntiVM PNG Format MSOffice File JPEG Format VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed		2	2		4.2			ZeroCERT

12137	2021-09-07 10:16	http://mail.hoteloscar.in/imag... bba2051c265239a1e1c303da381b316f AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed	2 Keyword trend analysis	2			4.2			ZeroCERT

12138	2021-09-07 11:20	reestr.exe e369a4ae59ce3b82b5ed8054f0597341 Malicious Packer PE File PE32 VirusTotal Malware					2.2	M	48	r0d

12139	2021-09-07 11:42	1.html 7546581523b86a9d2b4e60254573e57c AntiDebug AntiVM Code Injection RWX flags setting unpack itself Windows utilities Windows					2.2	M		ZeroCERT

12140	2021-09-07 11:42	1.html b158eeca25cafb1c4f708acc3a3e4124 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		3.8	M		ZeroCERT

12141	2021-09-07 11:44	kayzx.exe a23fe7df14ede5c0b9f51cbd58bcd27b Generic Malware PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows Cryptographic key					4.6	M	18	ZeroCERT

12142	2021-09-07 11:45	frundll32.exe 0425240f08e4a9d06e77a32f3f3b4ab7 RAT Generic Malware PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces WriteConsoleW Tofsee ComputerName		2	1		3.8	M	18	ZeroCERT

12143	2021-09-07 11:57	clr.exe be8b9976bbf090bc23facc50a90273d6 NPKI Generic Malware UPX Malicious Library Malicious Packer PE File PE64 VirusTotal Malware unpack itself DNS		4			2.6		28	ZeroCERT

12144	2021-09-07 11:57	ojbabas.exe 04980596d66951166fa2ebfd96c84d22 PE File OS Processor Check PE32 VirusTotal Malware unpack itself Tofsee crashed	1 Keyword trend analysis	2	2		1.4	M	26	ZeroCERT

12145	2021-09-07 12:00	proliv6.exe ef5b5d09bfd51074604ec0c622ad7052 Generic Malware Themida Packer PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1		9.8	M		ZeroCERT

12146	2021-09-07 12:01	wef.exe 9008f0b5ea0867bbeda8161d183e7a3d RAT PWS .NET framework Generic Malware Malicious Library PE File OS Processor Check .NET EXE PE32 VirusTotal Malware Check memory Checks debugger ICMP traffic unpack itself DNS		5			4.4	M	50	ZeroCERT

12147	2021-09-07 12:02	SmartPDF.exe 5578b9ee762d52576c11b01f004fc6ad Gen2 RAT Emotet Gen1 Generic Malware UPX Malicious Library Malicious Packer Antivirus PE File PE32 OS Processor Check DLL .NET EXE PE64 MSOffice File VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files ICMP traffic unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW IP Check VM Disk Size Check installed browsers check Tofsee Windows Browser ComputerName Amazon DNS	14 Keyword trend analysis Info http://crl.identrust.com/DSTROOTCAX3CRL.crl http://ipinfo.io/ip http://ip-api.com/json/?fields=8198 http://ipinfo.io/country https://d.dirdgame.live/userf/2203/3cc0e0be954dc849581f9ff1817647de.exe https://iplogger.com/1ESxy7 https://ipqualityscore.com/api/json/ip/gp65l99h87k3l1g0owh8fr8v99dme/175.208.134.150 https://jom.diregame.live/userf/2203/gdgame.exe https://iplis.ru/1S2Qs7 https://a.upstloans.net/report7.4.php - rule_id: 4649 https://collect.installeranalytics.com/ https://bitbucket.org/Sanctam/sanctam/raw/6886fdce0f0a2bb81eece107d8acbd20b349ca2f/includes/ethminer - rule_id: 4430 https://iplis.ru/favicon.ico https://ipinfo.io/country	33 Info iplogger.com(88.99.66.31) b.upstloans.net(172.67.179.248) - mailcious 2551889d-a2db-4908-a9a2-6b0fab0a7a78.s3.eu-west-2.amazonaws.com(52.95.149.146) - malware crl.identrust.com(23.67.53.58) a.upstloans.net(104.21.31.210) - mailcious www.svanaturals.com(72.167.225.156) iplis.ru(88.99.66.31) - mailcious source7.boys4dayz.com(172.67.148.61) jom.diregame.live(172.67.158.82) - malware ipinfo.io(34.117.59.81) collect.installeranalytics.com(3.232.36.43) sanctam.net(185.65.135.234) - mailcious bitbucket.org(104.192.141.1) - malware ip-api.com(208.95.112.1) d.dirdgame.live(172.67.186.79) - malware ipqualityscore.com(104.26.3.60) google.vrthcobj.com(34.97.69.225) - mailcious 23.67.53.58 72.167.225.156 172.67.186.79 - malware 185.65.135.234 104.21.65.45 - malware 104.192.141.1 - mailcious 88.99.66.31 - mailcious 52.95.148.158 3.232.36.43 172.67.148.61 104.26.3.60 34.97.69.225 - mailcious 34.117.59.81 208.95.112.1 172.67.179.248 - mailcious 104.21.31.210 - mailcious	8 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET POLICY Executable served from Amazon S3 ET POLICY PE EXE or DLL Windows file download HTTP ET POLICY Possible External IP Lookup ipinfo.io ET INFO TLS Handshake Failure ET POLICY External IP Lookup ip-api.com	2	14.6	M	22	ZeroCERT

12148	2021-09-07 12:21	3cc0e0be954dc849581f9ff1817647... adfe31c40569ca5b0b403f0ba3f7b24c Gen2 Gen1 Generic Malware Malicious Library PE File OS Processor Check PE32 DLL VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files ICMP traffic unpack itself AppData folder sandbox evasion IP Check ComputerName	3 Keyword trend analysis	9	1	1	8.4	M	51	ZeroCERT

12149	2021-09-07 14:38	Purchase Inquiry.ppt 72fbb1892420f4727710ea0f7a324834 Generic Malware VBA_macro MSOffice File VirusTotal Malware RWX flags setting unpack itself Tofsee	1 Keyword trend analysis	2	1		1.6		26	ZeroCERT

12150	2021-09-07 14:59	faster4upusa.exe 9eff1fa203474d2c90d490415fd380c9 PE File PE64 VirusTotal Malware crashed					1.4	M	13	r0d