Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12181	2023-06-16 07:31	Srveises.exe 863359773158308ac17b5340a3b76242 Malicious Library PE64 PE File Malware download VirusTotal Cryptocurrency Miner Malware Cryptocurrency Malicious Traffic Windows DNS CoinMiner	1 Keyword trend analysis	4	4		2.4		22	ZeroCERT

12182	2023-06-16 07:30	data64_3.exe 819ebb36bf053ef2d41eec6fc3433e0e Themida Packer UPX Anti_VM .NET EXE PE File PE32 VirusTotal Malware AutoRuns suspicious privilege Check memory Checks debugger Creates executable files unpack itself Checks Bios Detects VMWare Check virtual network interfaces AppData folder suspicious TLD VMware anti-virtualization Tofsee Windows Remote Code Execution Firmware crashed	3 Keyword trend analysis	6	1		9.0		28	ZeroCERT

12183	2023-06-16 07:28	data64_2.exe cdfefc725e90c867095fd13a040b684f RedLine stealer[m] Emotet RAT UPX AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		1	1		11.8	M	24	ZeroCERT

12184	2023-06-15 17:36	de2fd62fafe61f46ad967c84dd7fbc... f282875b9958bd3706f9063bf8c5bf14 VBA_macro Generic Malware MSOffice File VirusTotal Malware unpack itself					2.0		28	ZeroCERT

12185	2023-06-15 17:33	List of Compromised Systems.xl... fa595637dcb1d0dbaa41e928b1e59064 Downloader VBA_macro Generic Malware PWS[m] KeyLogger ScreenShot AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection unpack itself					2.8		25	ZeroCERT

12186	2023-06-15 17:14	build.exe d0b2f2f7a2287a11dd92ef89e792a41e UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself Remote Code Execution					2.0	M	28	ZeroCERT

12187	2023-06-15 16:11	新しいプロジェクトのリクエスト.exe... 1d8a14663c67671a02af59df183eb3b1 PWS .NET framework RAT UPX Admin Tool (Sysinternals etc ...) AntiDebug AntiVM OS Processor Check .NET EXE PE File PE32 FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName	10 Keyword trend analysis Info http://www.ladookhotnikov.pro/b0n2/ http://www.sqlite.org/2017/sqlite-dll-win32-x86-3180000.zip http://www.sdrongfei.com/b0n2/ http://www.geoffregsiu.com/b0n2/?y9=C+ffa5fIsPqpX/YjwiZCCYdwDlII4sg9Xg6ClcbCMMdG9WOkFnuyV4UEPSj2eq9dA37TJ/jYCfSNl3AfQBBAWI5iih0wk4QqY5CxYcY=&udp=hDpz http://www.tenistr.online/b0n2/ http://www.sqlite.org/2021/sqlite-dll-win32-x86-3340000.zip http://www.sdrongfei.com/b0n2/?y9=6rAhzxdjZwhumfSwHjeZhKNvwWilDFZg3FlFq9l5kFDYIxuGNfVhFNHJQ/+ZUBOV1gUdIESkP1VkLGU+T6X2I6iiw2u+SZW4hC7utV4=&udp=hDpz http://www.ladookhotnikov.pro/b0n2/?y9=UBEc/gOREsWhRjfgOCV+1+JiinyAdXbhHxe8y5u01Nzj6ZMeJfVpNRipiet0bNC5wtAmoEND3mJBcEe3MMZ+QNWkhcCvUZa871o6QsI=&udp=hDpz http://www.geoffregsiu.com/b0n2/ http://www.tenistr.online/b0n2/?y9=rC7kIEVZ0qKqcsF5W9Zc78Ysk5nyK1JjHvxIH1TDnG9VifSSTUNgzh8vNsx4puQzpZLlQJjC2uCXdG/uKW0vZdlAr2qsc6zN0YyLKKM=&udp=hDpz	9	2		11.6		22	guest

12188	2023-06-15 14:44	LUK.exe 8f488bf3643183b3e0eddfb0ee888083 NSIS Generic Malware UPX Malicious Library Antivirus PE File PE32 PowerShell JPEG Format VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName Cryptographic key crashed					8.0	M	34	ZeroCERT

12189	2023-06-15 14:44	main.exe 5c2176e209f257ce5f965f5b6c50af96 UPX Malicious Library Malicious Packer Antivirus Anti_VM OS Processor Check PE64 PE File VirusTotal Malware unpack itself crashed					1.8		11	ZeroCERT

12190	2023-06-15 14:44	spyr1xx_crypted_LAB.exe 25a9ce88fcac81aa271bbb34cedb1766 RedLine stealer[m] UPX Malicious Library Malicious Packer AntiDebug AntiVM OS Processor Check PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications WriteConsoleW installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	1		9.8		28	ZeroCERT

12191	2023-06-15 14:14	CalculationOfCosts-2055199829.... c480781f3fcfacd9d3794cb2a384854d unpack itself crashed					0.6			ZeroCERT

12192	2023-06-15 14:11	DZQCirIAcHMmDb.js 63fd837c2148074ef5d675f8f4158433 VirusTotal Malware unpack itself crashed					1.0		2	ZeroCERT

12193	2023-06-15 14:02	460.docx 38c51f84ed618dfeeeb9855f21f8415f Doc XML Downloader ZIP Format Word 2007 file format(docx) VirusTotal Malware exploit crash unpack itself suspicious TLD Exploit crashed		2			3.6		7	ZeroCERT

12194	2023-06-15 13:25	Rboat.exe 55f0225d58585d60d486a3cc7eb93de5 PE64 PE File VirusTotal Malware crashed					2.0		46	guest

12195	2023-06-15 11:03	File_pass1234.7z 5d8247884739dbfa2355697f29dff1e5 PWS[m] Escalate priviledges KeyLogger AntiDebug AntiVM RedLine Malware download Amadey Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself suspicious TLD IP Check PrivateLoader Tofsee Stealer Windows Trojan DNS Downloader	19 Keyword trend analysis Info http://45.9.74.6/2.exe - rule_id: 34108 http://hugersi.com/dl/6523.exe - rule_id: 32660 http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://85.208.136.10/api/firegate.php - rule_id: 32663 http://77.91.68.63/doma/net/index.php - rule_id: 34361 http://www.maxmind.com/geoip/v2.1/city/me http://45.9.74.80/0bjdn2Z/index.php - rule_id: 26790 http://83.97.73.131/gallery/photo221.exe - rule_id: 34350 http://194.169.175.124:3002/ - rule_id: 34039 http://ji.jahhaega2qq.com/m/p0aw25.exe - rule_id: 33779 http://85.208.136.10/api/tracemap.php - rule_id: 32662 https://sun6-22.userapi.com/c237131/u228185173/docs/d24/068d27ed15ea/galaxzy.bmp?extra=5WS25bUnt7hhfd82piKfMIuJAEarqi6W80ozO1rSwDP6dxGBpl83BDEAk1Qiym2eaMFfOTEOJTvDiBsviyxjFBhkJyydOfoZrTdMsE3R5pnuF0-w74YDVmHteJEsgmSecQGk_6zRo_UwSBUVEw https://sun6-21.userapi.com/c909618/u228185173/docs/d54/c536b0f97a46/obinsp.bmp?extra=y_6YmFenZ3TeBbBIAjGgu0dCnyDuJdONxktFxT8w5ZTLxJHxCg6a0I9KxRS0I82aum4LgPGRO4KJV5Don7hJjDt948PSrfMdzYyxTBp1CAH686G0nl7Qwp-sBFtvSOE_Dq9TZAXBFANO55xKrw https://sun6-20.userapi.com/c909218/u228185173/docs/d11/02db03cb075f/StealerClient.bmp?extra=t8WyI9SkAam9u41RvsK96CNk0gbcUdG5PJM2icUmoNCnirMawOHq2QCRbwctgZuZA72tOxkLZGE6pUiq2Yf7rc75X-8KZJGDgJ-lPbWas0g17UOF-rx2Lk9-pZeo6Bq4rIdn8JrzHInF6rNwjA https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://db-ip.com/ https://db-ip.com/demo/home.php?s=175.208.134.152 https://sun6-22.userapi.com/c909328/u228185173/docs/d16/c8cc813e12d3/PMmp.bmp?extra=480dtO-2aXWnjkkB-sN3lAsGHzq-QmvKA5zoRVZNatvQf3edkaqVeKinhoXeUQGSrMAiTOhNv7o_3rU_FLF5EmTlahrmiXVZK8c_-ihaxlW8av85adZyqzkOYmu2IZ4JF3xZSBwpsyGwIaTsGg https://vk.com/doc228185173_661568847?hash=Efu8yF5UIsNbtz7EhQwlIdz4CnTUmcE0ALcSIVCKfA8&dl=CJeqi5k6Jx9Wtuooq1G3u45FKZcQPZqefXCX5TdnmCo&api=1&no_preview=1	42 Info db-ip.com(172.67.75.166) iplis.ru(148.251.234.93) - mailcious hugersi.com(91.215.85.147) - malware ji.jahhaega2qq.com(172.67.182.87) - malware iplogger.org(148.251.234.83) - mailcious sun6-21.userapi.com(95.142.206.1) - mailcious ipinfo.io(34.117.59.81) api.myip.com(104.26.9.59) www.maxmind.com(104.17.215.67) sun6-20.userapi.com(95.142.206.0) - mailcious sun6-22.userapi.com(95.142.206.2) vk.com(87.240.132.72) - mailcious api.db-ip.com(172.67.75.166) 148.251.234.93 - mailcious 194.169.175.128 - mailcious 179.43.162.23 95.142.206.2 194.169.175.124 - mailcious 91.215.85.147 - malware 45.9.74.80 - malware 172.67.75.163 157.254.164.98 - mailcious 34.117.59.81 148.251.234.83 77.105.146.74 - malware 45.12.253.74 - malware 185.81.68.115 - mailcious 83.97.73.131 - malware 83.97.73.130 - malware 104.17.214.67 77.91.68.63 - malware 45.15.156.229 - mailcious 104.26.4.15 147.135.231.58 - mailcious 163.123.143.4 - mailcious 95.142.206.1 - mailcious 95.142.206.0 - mailcious 85.208.136.10 - mailcious 45.9.74.6 - malware 176.113.115.239 - malware 87.240.132.72 - mailcious 104.21.18.146	21 Info ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) SURICATA Applayer Mismatch protocol both directions SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Single char EXE direct download likely trojan (multiple families) ET INFO Executable Download from dotted-quad Host ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET INFO EXE - Served Attached HTTP ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO TLS Handshake Failure ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M1	10 Info http://45.9.74.6/2.exe http://hugersi.com/dl/6523.exe http://45.15.156.229/api/tracemap.php http://85.208.136.10/api/firegate.php http://77.91.68.63/doma/net/index.php http://45.9.74.80/0bjdn2Z/index.php http://83.97.73.131/gallery/photo221.exe http://194.169.175.124:3002/ http://ji.jahhaega2qq.com/m/p0aw25.exe http://85.208.136.10/api/tracemap.php	6.6	M		ZeroCERT