Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12556	2023-06-07 07:43	88999.exe ee9f9565049005c3fc1dfd32db706ef8 UPX Malicious Library PE File PE32 VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Creates executable files unpack itself AppData folder Tofsee Windows Remote Code Execution DNS	3 Keyword trend analysis	4	3		8.0		57	ZeroCERT

12557	2023-06-07 07:41	ceshi.exe 25214ee067e1480fa57f0ffd143ebb03 Malicious Library PE File PE32 VirusTotal Malware AutoRuns PDB suspicious privilege Malicious Traffic Creates executable files unpack itself suspicious TLD Windows DNS	2 Keyword trend analysis	4	4		6.8		58	ZeroCERT

12558	2023-06-07 07:40	Installer.exe 38b258c567b378058ac5cad63ab59584 UPX OS Processor Check PE File PE32 VirusTotal Malware Checks debugger unpack itself	4 Keyword trend analysis Info http://apps.identrust.com/roots/dstrootcax3.p7c http://www.gstatic.com/generate_204 http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/n3xmszuzmcp4pxq3qhmant63nm_9.45.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.45.0_all_ecp3yewcq3fuvht5wyi7t7s37y.crx3 http://clients2.google.com/time/1/current?cup2key=4:3591542034&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855	18 Info edgedl.me.gvt1.com(34.104.35.123) www.google.com(142.250.207.100) www.gstatic.com(142.250.207.99) cdn.stubdownloader.services.mozilla.com(34.120.48.173) fonts.googleapis.com(142.250.206.202) accounts.google.com(172.217.25.173) _googlecast._tcp.local() fonts.gstatic.com(142.250.206.227) apis.google.com(142.250.76.142) 142.251.220.67 142.250.204.142 142.250.204.36 216.58.200.237 121.254.136.27 34.104.35.123 34.120.48.173 142.251.222.195 172.217.25.10			2.4		32	ZeroCERT

12559	2023-06-07 07:38	BBHhHhB.exe 543e32d9617d5851aef813fe77310a84 RAT .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee		2	1		3.0	M	43	ZeroCERT

12560	2023-06-07 07:37	H.exe a5a287e329d02dd5d3d7a33927f8c010 Formbook AntiDebug AntiVM PE64 PE File FormBook Malware download VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself suspicious TLD DNS	19 Keyword trend analysis Info http://www.kp69f.top/6huu/?YAqknid=c/0CEmjcp1qhbjrBdr7qFpTEdTMNmdGL+2G3nk26J8C5sXkvdYxGabdoDx2ERzE1q79WMkYCDIvd6DDSGqF5RzVKrD1kqEcaGqxbLU4=&u1E6=Oxybn - rule_id: 33944 http://www.0096061.com/6huu/ - rule_id: 33949 http://www.solarwachstum.com/6huu/?YAqknid=w02mQAblJWbyIo6ozgnxrIUPRxqR4gn//aKR4b4C2qQSYqcw3Vi29oLFIvtOIeXnZF+XC4+RsLS3HuGm7zRt9dlAuIsc4gbzWXQ9ldM=&u1E6=Oxybn - rule_id: 33943 http://www.14zhibo.work/6huu/ - rule_id: 33945 http://www.lancele.com/6huu/?YAqknid=lkPChsOgbmG6IllhHTLtf7ULj1acQ37do+96zoOFU1wEZ7Q3pDLdySJi8tX/LksgKKJ2zleSV8oD4OY5SI7MA2q2BuCSDDIq7z8yKSo=&u1E6=Oxybn - rule_id: 33947 http://www.kp69f.top/6huu/ - rule_id: 33944 http://www.lancele.com/6huu/ - rule_id: 33947 http://www.0096061.com/6huu/?YAqknid=cmX/07TqI3ZVBqSk8R867+hdp8bVOoL06AzKIpvdRFeyAj6hvaaJUHhkQ/toAIcVWWdRQEgjpGpGrDxsMG4sQneWN+dP3qrEhepv/3Q=&u1E6=Oxybn - rule_id: 33949 http://www.ticimmo.com/6huu/ - rule_id: 33951 http://www.sqlite.org/2018/sqlite-dll-win32-x86-3230000.zip http://www.terrenoscampestres.com/6huu/?YAqknid=vPEZFS80w83TR1ISai5AEG4cZjK/Z0sPVYJxvP0qkrafDKWjEP7E989Tf/65iA6Wv6B2G+FeAz/F94bTMl2+G2T5U6uSTMLdr8gHGso=&u1E6=Oxybn - rule_id: 33950 http://www.qfx88.com/6huu/?YAqknid=ai4Hj7VNL/eal8v50vngd1esaVL80O28AVhmObBuZqCvkNevFGLtvLG4llGxYwRMqic01nY12J0ERo7jbuO1GzAlXIwPB2kWrkts/2A=&u1E6=Oxybn - rule_id: 33948 http://www.tarolstroy.store/6huu/ - rule_id: 33946 http://www.terrenoscampestres.com/6huu/ - rule_id: 33950 http://www.tarolstroy.store/6huu/?YAqknid=En7LCrBqRDvhnDHpczrHWaIedYbeAgZr6OxVyCrdWihd6XEAizhpO0j/kkT3E0Ail4lmu+00ROJTwCbrXgrUq/0FdQ7yD2DHgTmcEH4=&u1E6=Oxybn - rule_id: 33946 http://www.ticimmo.com/6huu/?YAqknid=TigSyFlwP0RNpBbhC/rdMwC8b/Qg/Ivp2etxz330Y/wAN2mEJT4yMf4cHTRgrqo8FsDkyKZ/RDxnb9SkkKZ8CLMuGFsv81COs/EjZGo=&u1E6=Oxybn - rule_id: 33951 http://www.14zhibo.work/6huu/?YAqknid=DY82kxx300f8Ik70WvLdREOGU4sx5WmLPZ3/q1TGOtAA9/Gzsd9nceuxwkKKmb1RPsemirf5O/kWho3f6FGpO5KONInBcJ6F+ssJurA=&u1E6=Oxybn - rule_id: 33945 http://www.qfx88.com/6huu/ - rule_id: 33948 http://www.solarwachstum.com/6huu/ - rule_id: 33943	19 Info www.tarolstroy.store(91.106.207.17) - mailcious www.ticimmo.com(217.26.48.101) - mailcious www.kp69f.top(34.120.55.112) - mailcious www.14zhibo.work(43.154.196.178) - mailcious www.solarwachstum.com(89.31.143.1) - mailcious www.qfx88.com(120.48.139.92) - mailcious www.terrenoscampestres.com(109.106.251.102) - mailcious www.lancele.com(38.239.160.233) - mailcious www.0096061.com(154.55.172.139) - mailcious 43.154.196.178 - mailcious 38.239.160.233 - mailcious 154.55.172.139 - mailcious 109.106.251.102 - mailcious 120.48.139.92 - mailcious 34.149.198.43 - mailcious 89.31.143.1 - mailcious 217.26.48.101 - mailcious 45.33.6.223 91.106.207.17 - malware	7 Info ET DNS Query to a .top domain - Likely Hostile ET INFO HTTP Request to a .top domain ET INFO HTTP Request to Suspicious *.work Domain ET MALWARE FormBook CnC Checkin (POST) M2 ET INFO Observed DNS Query to .work TLD ET MALWARE FormBook CnC Checkin (GET) ET HUNTING Request to .TOP Domain with Minimal Headers	18 Info http://www.kp69f.top/6huu/ http://www.0096061.com/6huu/ http://www.solarwachstum.com/6huu/ http://www.14zhibo.work/6huu/ http://www.lancele.com/6huu/ http://www.kp69f.top/6huu/ http://www.lancele.com/6huu/ http://www.0096061.com/6huu/ http://www.ticimmo.com/6huu/ http://www.terrenoscampestres.com/6huu/ http://www.qfx88.com/6huu/ http://www.tarolstroy.store/6huu/ http://www.terrenoscampestres.com/6huu/ http://www.tarolstroy.store/6huu/ http://www.ticimmo.com/6huu/ http://www.14zhibo.work/6huu/ http://www.qfx88.com/6huu/ http://www.solarwachstum.com/6huu/	10.4	M	48	ZeroCERT

12561	2023-06-07 07:36	A.exe 706c4e397de8260d889cf83ba6707e7c SMTP PWS[m] KeyLogger AntiDebug AntiVM PE64 PE File Browser Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Browser Email ComputerName DNS DDNS crashed keylogger	1 Keyword trend analysis	2	3		10.4	M	50	ZeroCERT

12562	2023-06-07 07:34	NA.exe 6c432a8b26bc0e068f23e88f69c0f565 DNS AntiDebug AntiVM PE64 PE File VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself human activity check Windows DNS DDNS		3	1		13.4	M	50	ZeroCERT

12563	2023-06-07 07:32	BHHh.exe 96b0ccf071277093a2e02fd89ae05dcb RAT .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee	1 Keyword trend analysis	3	1		3.4		51	ZeroCERT

12564	2023-06-07 07:30	wininit.exe d39050a4b6ef3f4aaa5808d30501d4fd RAT PE64 PE File VirusTotal Malware Check memory Checks debugger unpack itself crashed					1.8		20	ZeroCERT

12565	2023-06-07 07:28	Brickbats.exe 821823659183e8ca89f7d90cb55cae55 PWS .NET framework RAT UPX Confuser .NET OS Processor Check .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger ICMP traffic unpack itself Windows Cryptographic key		2			3.8		34	ZeroCERT

12566	2023-06-07 05:38	ddsc.exe 6156028337e0510bd3535c891ed15029 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB Code Injection buffers extracted unpack itself Windows utilities sandbox evasion Windows Browser		2			9.2	M	46	guest

12567	2023-06-05 21:24	ddsc.exe 6156028337e0510bd3535c891ed15029 UPX Malicious Library OS Processor Check PE File PE32 Malware download Remcos VirusTotal Malware PDB Code Injection Malicious Traffic Check memory buffers extracted unpack itself Windows utilities sandbox evasion Windows Browser	1 Keyword trend analysis	4	2		8.0		36	ZeroCERT

12568	2023-06-05 18:02	c64.exe b1e73ee6b76cdb99e5fcde09936de056 Gen2 Gen1 Emotet Generic Malware Downloader UPX Malicious Library Malicious Packer Antivirus Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenShot Anti VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Creates executable files unpack itself Windows utilities Auto service suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization VM Disk Size Check Windows ComputerName Remote Code Execution		4			14.6		52	ZeroCERT

12569	2023-06-05 17:56	iexplore.exe a3d8b7059f0a4108d38144586fd63ee0 Generic Malware UPX Antivirus Malicious Library Malicious Packer PE File PE32 PE64 OS Processor Check VirusTotal Cryptocurrency Miner Malware Cryptocurrency powershell AutoRuns suspicious privilege Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW anti-virtualization Windows ComputerName Remote Code Execution crashed		2	1		13.0	M	56	ZeroCERT

12570	2023-06-05 17:55	86.exe ff8a7fe058166ccb1d7822fa873cdca5 UPX Malicious Library Malicious Packer PE File PE32 OS Processor Check DLL VirusTotal Malware AutoRuns Check memory Creates executable files Windows utilities suspicious process AppData folder sandbox evasion WriteConsoleW Windows Remote Code Execution		2			7.6	M	51	ZeroCERT