Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
13141	2023-05-18 09:53	135.exe c3359aec2c64c031a1e9f65c6520ed0f UPX PE File PE32 Browser Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency Malicious Traffic Checks debugger buffers extracted unpack itself Collect installed applications sandbox evasion installed browsers check Ransomware Browser ComputerName Firmware DNS crashed	1 Keyword trend analysis	1	1		9.4	M	20	ZeroCERT

13142	2023-05-18 09:50	ASSS%23%23%23%23%23%23%23%23%2... 047fef24cc2235db39d3eb1551be28bf MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Windows Exploit DNS crashed Downloader	12 Keyword trend analysis Info http://www.mjsink.com/f619/?8h-zwsZ=QohnKbePrODEc2nRtJyzKv2nV7sTIQ5Qx9yDXgwt8Ie8gSFBAbmvCJj6zIyweYgDzy/0i+4z3xbiwRYsSsB8T6DnOWQEfeuCAQefg3Q=&XoCV09=Pw3IzxRA7ICfJT http://www.towfire.life/f619/ http://www.mjsink.com/f619/ http://www.ginbaochip.com/f619/?8h-zwsZ=J8+hP/zSxq0se/+LWXXRGMthd5MtqREYtVha/m82I85cLREj8S8ix7RpcjqSy8HBHkmEBC3cSxdy+flYH4rJd56MdeRk/rncEkBsCJA=&XoCV09=Pw3IzxRA7ICfJT http://www.marketing-solution.net/f619/?8h-zwsZ=7aEb1be+dODnXJS70ht2rOIyRE7tt83KP3MXokAl2sed9H5NqFjOq19haFrbwR5XS7xCcbMG4E83Por5kDVXeeM4WTNIDHd3Sc1+pdc=&XoCV09=Pw3IzxRA7ICfJT http://www.regnerjanet.xyz/f619/ http://www.sqlite.org/2018/sqlite-dll-win32-x86-3260000.zip http://www.marketing-solution.net/f619/ http://www.towfire.life/f619/?8h-zwsZ=Ehbg4LlyVMHP0pAFmIQxhDDkp6Kxs477sF6nDv0EaT5K8/1GH5wf1bgzqSKTUaDZXTnW9d28cNYQDMZcc5x0F8aQqyCdRYlsL10lLoU=&XoCV09=Pw3IzxRA7ICfJT http://www.regnerjanet.xyz/f619/?8h-zwsZ=6wuoF5Ocy4AJpvQBu7Oine5RwOGmLKsd0ov4HSbRQC4ETZ6v/roT0yDkqgD/NT0BDr09cLMaIgNt2KmG3oCiS9IXpK2jSgOlbsyy8aE=&XoCV09=Pw3IzxRA7ICfJT http://www.ginbaochip.com/f619/ http://195.201.147.116/422/vbc.exe	12 Info www.marketing-solution.net(91.195.240.45) www.towfire.life(67.223.117.160) www.mjsink.com(104.21.88.53) www.regnerjanet.xyz(109.123.121.243) www.ginbaochip.com(210.16.189.19) 109.123.121.243 - mailcious 67.223.117.160 210.16.189.19 195.201.147.116 - mailcious 91.195.240.45 - mailcious 172.67.173.11 45.33.6.223	12 Info ET INFO Executable Download from dotted-quad Host ET MALWARE MSIL/GenKryptik.FQRH Download Request ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO HTTP Request to Suspicious *.life Domain ET MALWARE FormBook CnC Checkin (POST) M2 ET INFO Observed DNS Query to .life TLD ET MALWARE FormBook CnC Checkin (GET) ET HUNTING Request to .XYZ Domain with Minimal Headers		5.4	M	30	ZeroCERT

13143	2023-05-18 09:48	llaa25.exe aec63ca0e90ee3b2f811656ae8747e9e Gen2 Gen1 Generic Malware Malicious Packer PE64 PE File Browser Info Stealer VirusTotal Malware PDB MachineGuid buffers extracted unpack itself Check virtual network interfaces Tofsee Browser Remote Code Execution crashed	4 Keyword trend analysis Info http://as.imgjeoigaa.com/check/safe http://us.imgjeoigaa.com/sts/imagc.jpg https://www.facebook.com/login.php?next=https%3A%2F%2Fadsmanager.facebook.com%2Fads%2Fmanager%2Faccount_settings%2Faccount_billing%2F https://adsmanager.facebook.com/ads/manager/account_settings/account_billing/	8	2		4.4	M	16	ZeroCERT

13144	2023-05-18 09:47	build.exe c82632236e77359b2aaa32e0cc38cd99 Loki_b Loki_m Gen1 Suspicious_Script_Bin Generic Malware UPX Malicious Library Malicious Packer DGA Socket DNS PWS[m] Http API Internet API ScreenShot Code injection AntiDebug AntiVM OS Processor Check PE File PE32 DLL Browser Info Stealer Malware download FTP Client Info Stealer Dridex VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Microsoft Telegram AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications AppData folder malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser Email ComputerName DNS Software	8 Keyword trend analysis Info http://colisumy.com/dl/build2.exe - rule_id: 31026 http://zexeq.com/raud/get.php?pid=06280D9CD13939E9B7E95CDCAA6A83CC&first=true - rule_id: 31029 http://116.203.165.188/9dfa7ee730fa2f1efb5ed51dbbec22f5 http://116.203.165.188/ http://zexeq.com/files/1/build3.exe - rule_id: 27913 http://116.203.165.188/config.zip https://steamcommunity.com/profiles/76561199263069598 - rule_id: 32753 https://t.me/cybehost	11 Info t.me(149.154.167.99) - mailcious colisumy.com(175.119.10.231) - malware api.2ip.ua(162.0.217.254) steamcommunity.com(69.192.92.139) - mailcious zexeq.com(201.124.218.111) - malware 149.154.167.99 - mailcious 23.37.146.163 123.140.161.243 - mailcious 162.0.217.254 116.203.165.188 222.236.49.124	12 Info ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET INFO TLS Handshake Failure ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET MALWARE Win32/Filecoder.STOP Variant Public Key Download ET MALWARE Potential Dridex.Maldoc Minimal Executable Request ET MALWARE Win32/Vodkagats Loader Requesting Payload ET INFO Observed Telegram Domain (t .me in TLS SNI) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Dotted Quad Host ZIP Request	4	18.8	M	22	ZeroCERT

13145	2023-05-18 09:45	vbc.exe 2e84d5556bb37fcecb8cf7942a70606a PWS .NET framework Generic Malware Antivirus PWS[m] Anti_VM AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download VirusTotal Malware powershell PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	13 Keyword trend analysis Info http://www.regnerjanet.xyz/f619/?umuRf1-z=6wuoF5Ocy4AJpvQBu7Oine5RwOGmLKsd0ov4HSbRQC4ETZ6v/roT0yDkqgD/NT0BDr09cLMaIgNt2KmG3oCiS9IXpK2jSgOlbsyy8aE=&dn=Hu_4 http://www.marketing-solution.net/f619/?umuRf1-z=7aEb1be+dODnXJS70ht2rOIyRE7tt83KP3MXokAl2sed9H5NqFjOq19haFrbwR5XS7xCcbMG4E83Por5kDVXeeM4WTNIDHd3Sc1+pdc=&dn=Hu_4 http://www.energytransfer.online/f619/?umuRf1-z=imAs1hkpHrLTTkkyOgnH89N/E9bMOyYXgY//e0ZAWIltUe1JjhRFlIwaBCyG3+J8qMS7wCwKaJDJAhWlf84Z7A+nWgiGhVr1qYjHL9w=&dn=Hu_4 http://www.towfire.life/f619/ http://www.mjsink.com/f619/ http://www.energytransfer.online/f619/ http://www.sqlite.org/2022/sqlite-dll-win32-x86-3390000.zip http://www.regnerjanet.xyz/f619/ http://www.marketing-solution.net/f619/ http://www.ginbaochip.com/f619/ http://www.mjsink.com/f619/?umuRf1-z=QohnKbePrODEc2nRtJyzKv2nV7sTIQ5Qx9yDXgwt8Ie8gSFBAbmvCJj6zIyweYgDzy/0i+4z3xbiwRYsSsB8T6DnOWQEfeuCAQefg3Q=&dn=Hu_4 http://www.towfire.life/f619/?umuRf1-z=Ehbg4LlyVMHP0pAFmIQxhDDkp6Kxs477sF6nDv0EaT5K8/1GH5wf1bgzqSKTUaDZXTnW9d28cNYQDMZcc5x0F8aQqyCdRYlsL10lLoU=&dn=Hu_4 http://www.ginbaochip.com/f619/?umuRf1-z=J8+hP/zSxq0se/+LWXXRGMthd5MtqREYtVha/m82I85cLREj8S8ix7RpcjqSy8HBHkmEBC3cSxdy+flYH4rJd56MdeRk/rncEkBsCJA=&dn=Hu_4	13 Info www.marketing-solution.net(91.195.240.45) www.towfire.life(67.223.117.160) www.energytransfer.online(84.32.84.32) www.mjsink.com(172.67.173.11) www.regnerjanet.xyz(109.123.121.243) www.ginbaochip.com(210.16.189.19) 109.123.121.243 - mailcious 84.32.84.32 - mailcious 67.223.117.160 210.16.189.19 91.195.240.45 - mailcious 172.67.173.11 45.33.6.223	4		12.4	M	48	ZeroCERT

13146	2023-05-18 09:43	setupcode.exe 28aa586922822ebcfd3254bb9bae053a UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself					1.6	M	29	ZeroCERT

13147	2023-05-18 09:41	buildnew.exe 15e49c65d2ec8fa2294fa13b91550a0a UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself					1.8	M	30	ZeroCERT

13148	2023-05-18 09:41	fred.exe 49fb581e3d3ed6fbd834aff980244e36 PWS .NET framework Anti_VM .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.6	M	43	ZeroCERT

13149	2023-05-18 09:39	Financials-05-16-23-PDF.exe 03c3f979feffbf02e7ab9a66f9a1f7b4 RAT .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces WriteConsoleW Tofsee ComputerName	1 Keyword trend analysis	3	1		3.6	M	30	ZeroCERT

13150	2023-05-18 09:38	file2.ps1 3185d0e0c60786bcbdf7b6f23bc97448 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					5.0	M	14	ZeroCERT

13151	2023-05-18 09:37	RFQ.exe 2ee458e3d3211bcf3b5862cae82409c1 PWS .NET framework Generic Malware Antivirus KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Telegram Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	1 Keyword trend analysis	4	4		17.6	M	19	ZeroCERT

13152	2023-05-18 09:36	Firefox.exe c0ff2a9d710fc2f524d781dbf2d89e21 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself WriteConsoleW DNS		1			2.6	M	30	ZeroCERT

13153	2023-05-18 09:35	pay.exe 9cf450fc0f69cccd0aa1e7059ff464c6 NSIS UPX Malicious Library PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1		8.6	M	47	ZeroCERT

13154	2023-05-18 09:34	62118a05bd8a77a022e12e983a5bac... ace375d381a92baa5577d8d95f0164c6 RAT UPX .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows		2	1		3.4	M	35	ZeroCERT

13155	2023-05-18 09:30	Xpksf.js 5e2971bf4b1665562d4977c003f1187e Generic Malware Admin Tool (Sysinternals etc ...) Antivirus Hide_URL AntiDebug AntiVM PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis				7.0		16	ZeroCERT