Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12316	2021-09-12 14:48	Habit_Blink.exe df46f7077499c629fda43a178a70d6a0 PE File OS Processor Check PE32 GIF Format VirusTotal Malware PDB Malicious Traffic Creates shortcut Creates executable files unpack itself AntiVM_Disk VM Disk Size Check	4 Keyword trend analysis	5			4.4	M	33	ZeroCERT

12317	2021-09-12 14:49	studio.exe 59b759497a138c44698bdbfeaa855e46 Generic Malware Malicious Packer UPX Malicious Library PE File OS Processor Check PE32 VirusTotal Malware AutoRuns Check memory Windows DNS		1			3.2	M	58	ZeroCERT

12318	2021-09-12 14:51	removesmbdeps0903.exe 4ed1ba2cb9ae7dbc8da5d9c1c0f4e29b UPX PE File PE32 VirusTotal Malware WriteConsoleW DNS		1			3.6	M	46	ZeroCERT

12319	2021-09-12 14:52	SmartPDF.exe e180347578de3564e7dea536a9af509b Emotet NPKI Gen2 Gen1 RAT PWS .NET framework Generic Malware UPX Malicious Library PE File PE32 PE64 OS Processor Check .NET EXE DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder AntiVM_Disk suspicious TLD WriteConsoleW IP Check VM Disk Size Check human activity check installed browsers check Tofsee Windows Browser ComputerName Amazon DNS Cryptographic key Software crashed	9 Keyword trend analysis Info http://ipinfo.io/country http://c115ccef-fcb1-4039-a9a5-8e09a6993f8d.s3.eu-west-2.amazonaws.com/SmartPDF.exe http://ipinfo.io/ip https://ipqualityscore.com/api/json/ip/gp65l99h87k3l1g0owh8fr8v99dme/175.208.134.150 https://jom.diregame.live/userf/2203/gdgame.exe - rule_id: 4962 https://d.dirdgame.live/userf/2203/6c5332b113e6f9bd83980c8858001543.exe https://api.ip.sb/geoip https://ipinfo.io/country https://2no.co/1E2Xu7	19 Info www.svanaturals.com(72.167.225.156) - malware platformsforyoutube.top(193.38.50.104) c115ccef-fcb1-4039-a9a5-8e09a6993f8d.s3.eu-west-2.amazonaws.com(52.95.149.118) - malware api.ip.sb(104.26.12.31) jom.diregame.live(104.21.65.45) - malware ipinfo.io(34.117.59.81) d.dirdgame.live(104.21.59.252) - malware ipqualityscore.com(104.26.2.60) 2no.co(88.99.66.31) - mailcious 172.67.186.79 - malware 72.167.225.156 - malware 104.21.65.45 - malware 88.99.66.31 - mailcious 193.38.50.104 18.118.84.99 34.117.59.81 172.67.72.12 52.95.149.2 104.26.13.31	7 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Executable served from Amazon S3 ET POLICY Possible External IP Lookup ipinfo.io ET POLICY PE EXE or DLL Windows file download HTTP ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET DNS Query to a *.top domain - Likely Hostile	1	19.0	M	28	ZeroCERT

12320	2021-09-12 14:52	hell.dll 8ee1081cdb755f8bdc9c6bc19d44bee4 RAT Generic Malware Malicious Packer PE File .NET DLL DLL PE32 VirusTotal Malware PDB					1.2	M	39	ZeroCERT

12321	2021-09-12 14:52	MinerXMR.exe 3b29fe3eb1892fa6e766bd039b88eeec RAT Generic Malware PE File OS Processor Check .NET EXE PE32 PE64 Malware download VirusTotal Malware suspicious TLD Ransomware crashed	2 Keyword trend analysis	2	1		2.8	M	44	ZeroCERT

12322	2021-09-12 14:53	instl27.exe 40812e1cb32c3aac85fa09d43a93cae2 Generic Malware Themida Packer PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1		11.0	M	27	ZeroCERT

12323	2021-09-12 14:55	35.exe 5e156516afb65dfa4b39ea1e5a1aaf24 Generic Malware Themida Packer UPX Antivirus PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	2		11.4	M	41	ZeroCERT

12324	2021-09-12 14:56	ptl_062540167003231.exe 7e016097a1123f48ba3d36b09b626190 RAT PWS .NET framework Generic Malware UPX Antivirus AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut ICMP traffic RWX flags setting unpack itself powershell.exe wrote suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key crashed		2			13.4	M	31	ZeroCERT

12325	2021-09-12 14:58	qtl_000027401622208.exe f1f7b6d3bc2c2d4c5b673d6fdcbdf04f RAT PWS .NET framework Generic Malware UPX Antivirus AntiDebug AntiVM PE File .NET EXE PE32 powershell Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key crashed					11.2	M		ZeroCERT

12326	2021-09-12 14:59	PublicDwlBrowser155.exe efd2271a92f99161e7e5979606725272 Gen1 Generic Malware Malicious Library Malicious Packer UPX DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug AntiVM PE F Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key Software crashed	12 Keyword trend analysis Info https://startupmart.bar/?user_auth=p5_5 https://startupmart.bar/?user_auth=p5_4 https://startupmart.bar/?user_auth=p5_7 https://startupmart.bar/?user_auth=p5_6 https://startupmart.bar/?user_auth=p5_1 https://startupmart.bar/?user_auth=p5_3 https://startupmart.bar/?user_auth=p5_2 https://phonefix.bar/ https://phonefix.bar/api.php?getusers https://iplogger.org/1EWai7 https://wheelllc.bar/api.php https://iplogger.org/1aHEa7	10	1		15.0	M	23	ZeroCERT

12327	2021-09-12 14:59	1.exe acd21a7406f672cff08dd839e32c996d Emotet Gen1 Malicious Library UPX DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug AntiVM PE File PE32 OS Malware download VirusTotal Malware Buffer PE AutoRuns PDB Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check SectopRAT Windows ComputerName Remote Code Execution DNS		2	1		14.2	M	21	ZeroCERT

12328	2021-09-12 15:00	c808d765c682f1c26f06e0891b8037... c808d765c682f1c26f06e0891b803750 Darkside Ransomware Cobalt Strike Admin Tool (Sysinternals etc ...) Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.0	M	30	ZeroCERT

12329	2021-09-12 15:01	NexusRAT.exe e60b189b5dfae48fa8cfa7e63acdd25a Generic Malware Malicious Packer Malicious Library Antivirus AntiDebug AntiVM PE File PE32 VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					7.4	M	31	ZeroCERT

12330	2021-09-12 15:03	shipping%20doc.exe e3ce454bea0677f6fe837524bb992be7 RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key	8 Keyword trend analysis Info http://www.atozpinnacle.com/t6de/?EzrxUr=u+ZN05sGL3biitsf95bPnJGG9ha9giSEdOjXrIEfwSaMp7KWCVkhuJl5YK4+GHjSrSpD2tH7&anM=TXFDwpLpWr84F http://www.pinkbirchadministration.com/t6de/?EzrxUr=KLM3z5DCBVJCqoTqF82QnlTxxA5wKeeTYlScVFjrYK6Zg/VmrKhKU3oqgFJaqoRsyf1v5nHb&anM=TXFDwpLpWr84F http://www.nowfitnessreviews.com/t6de/?EzrxUr=WlWKsViF8z8mIrEbVlxTkyjSeZFbLrNZLSwVoCLGHFUfNOnCWsjxzYp8QtN8Q2GoWs6CwxiC&anM=TXFDwpLpWr84F http://www.cayugaantifrackingalliance.com/t6de/?EzrxUr=eyqCknexafsHDcCVTz6YJkYS1hSMx9ZvVpAcxCQJctPv1WoglCHsPqUE1cV0ioCMeMDeV5Xn&anM=TXFDwpLpWr84F http://www.tcnode.net/t6de/?EzrxUr=Jc5YvgwFsCFkwItuTH8v4hZw3DWPaTM928iTL+q4V2YZxvoTNEKNNK4WdHC2roUIq8QuJf5C&anM=TXFDwpLpWr84F http://www.skiljasonline.com/t6de/?EzrxUr=Um+Ky1E65J3M37xTxPh4yA+pE6fhFsOekcoCtE4HGmERYSykjS9+gZ7tSO096z0XTAr9nz9j&anM=TXFDwpLpWr84F http://www.dayswepray.com/t6de/?EzrxUr=pmBejh7/D0uUmrrpXIDSkNMZOlBiaghi02JMuCqkzTO4IE5CrLg9wBbMBMvphSLEqWsNzGCK&anM=TXFDwpLpWr84F http://www.luvihe.com/t6de/?EzrxUr=JL05gMR40xEcQlyy9pa/jzm/vHaW2v9DguGz4pzxg9KeUKiarzZwi1He8DRl9OaMrUwxHlJO&anM=TXFDwpLpWr84F	18 Info www.atozpinnacle.com(209.99.40.222) www.trysget.icu() www.medicarehealthenroll.com() www.tcnode.net(216.58.220.147) www.cayugaantifrackingalliance.com(103.72.144.19) www.dayswepray.com(74.220.199.6) www.nowfitnessreviews.com(91.195.240.87) www.skiljasonline.com(3.139.183.122) www.luvihe.com(216.239.36.21) www.pinkbirchadministration.com(34.102.136.180) 172.217.31.179 - suspicious 91.195.240.87 - mailcious 209.99.40.222 - mailcious 216.239.32.21 - mailcious 34.102.136.180 - mailcious 103.72.144.19 74.220.199.6 - mailcious 3.133.163.136	2		8.4	M	35	ZeroCERT