Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
13456	2023-05-08 09:20	black 3217930a87bf8b38ba8d474862548853 .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself				2.4	M	49	ZeroCERT

13457	2023-05-08 09:17	toolspub2.exe b0ef31b9867e97491ec9470333231730 UPX Malicious Library AntiDebug AntiVM OS Processor Check PE32 PE File VirusTotal Malware PDB Code Injection Checks debugger buffers extracted unpack itself				6.8	M	27	ZeroCERT

13458	2023-05-07 20:29	xmine.exe ed9088fcf850fbd6e6137a56a3a497c5 PE64 .NET EXE PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself				2.2	M	47	ZeroCERT

13459	2023-05-07 20:27	%23%23%23%23%23%23%23%23%23%23... b399ca1298c7cb77fe79901d11a28452 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS DDNS crashed Downloader	1 Keyword trend analysis	3	8 Info ET INFO Executable Download from dotted-quad Host ET MALWARE MSIL/GenKryptik.FQRH Download Request ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET POLICY DNS Query to DynDNS Domain *.ddns .net	7.0	M	30	ZeroCERT

13460	2023-05-06 13:10	OneDrive.png 743022328f955e2cbb5f2f375bd0ab72 Anti_VM PE64 PE File VirusTotal Cryptocurrency Miner Malware Cryptocurrency DNS CoinMiner		2	2	1.4		37	ZeroCERT

13461	2023-05-06 13:10	dllhost.png 08e3930a42197a422d064569c4778997 Themida Packer PE32 PE File VirusTotal Malware Checks debugger unpack itself Checks Bios Detects VirtualBox Detects VMWare VMware anti-virtualization Windows crashed				7.0		52	ZeroCERT

13462	2023-05-06 13:05	%23%23%23%23%23%23%23%23%23%23... 3f75b4fdca6b5faac7e268b2dbec9b62 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	1	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE MSIL/GenKryptik.FQRH Download Request ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.8	M	27	ZeroCERT

13463	2023-05-06 12:18	file.exe 0e4e3cdacfbe29fdc3e189e52ee8228e Emotet RAT Themida Packer EnigmaProtector Generic Malware Malicious Packer Antivirus Anti_VM .NET EXE PE32 PE File PE64 VirusTotal Cryptocurrency Miner Malware Cryptocurrency wallets Cryptocurrency powershell Buffer PE AutoRuns PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Checks Bios Detects VirtualBox Detects VMWare powershell.exe wrote Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW VMware anti-virtualization VM Disk Size Check Tofsee Ransomware Windows ComputerName Remote Code Execution DNS Cryptographic key crashed CoinMiner	6 Keyword trend analysis	5	11 Info ET DROP Dshield Block Listed Source group 1 ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING [TW] Likely Hex Executable String ET WEB_CLIENT DRIVEBY GENERIC ShellExecute in Hex No Seps ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) ET POLICY Cryptocurrency Miner Checkin ET POLICY IP Logger Redirect Domain in SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	20.4	M	29	ZeroCERT

13464	2023-05-06 12:14	vbc.exe 1d559db083653055d70931df9ba4386c AgentTesla PWS .NET framework browser info stealer Generic Malware Google Chrome User Data Downloader Antivirus Create Service Socket DNS PWS[m] Sniff Audio Internet API Escalate priviledges KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process Windows ComputerName DNS Cryptographic key DDNS keylogger		2	1	12.2	M	47	ZeroCERT

13465	2023-05-06 12:14	360.exe 288d1e8e1e9e0548b60e645f3c0c6a6b UPX PE32 PE File VirusTotal Malware Remote Code Execution				2.4	M	28	ZeroCERT

13466	2023-05-06 12:12	5_6232986114823555269.exe 454de28853ea54861c14acf6b2520bab RAT NSIS Generic Malware UPX Malicious Library AntiDebug AntiVM PE32 PE File PNG Format MSOffice File .NET DLL DLL .NET EXE JPEG Format VirusTotal Malware AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security Check virtual network interfaces AppData folder Tofsee Interception Windows Exploit Browser Google DNS Cryptographic key crashed	3 Keyword trend analysis	6	3	12.8	M	42	ZeroCERT

13467	2023-05-06 12:12	%23%23%23%23%23%23%23%23%23%23... 3f75b4fdca6b5faac7e268b2dbec9b62 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware buffers extracted RWX flags setting exploit crash Exploit crashed				3.4	M	27	ZeroCERT

13468	2023-05-06 12:12	RegSvcs.exe e1b05582f2b12c3f500160a0ec4da43b Loki_b PWS .NET framework RAT Generic Malware UPX Antivirus .NET EXE PE32 PE File PowerShell Malware download Malware powershell PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AntiVM_Disk anti-virtualization IP Check VM Disk Size Check Windows ComputerName Remote Code Execution Trojan DNS Cryptographic key	4 Keyword trend analysis	3	9 Info ET DROP Dshield Block Listed Source group 1 ET HUNTING [TW] Likely Hex Executable String ET POLICY External IP Lookup ipinfo.io ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE Trojan Generic - POST To gate.php with no accept headers ET WEB_CLIENT DRIVEBY GENERIC ShellExecute in Hex No Seps ET MALWARE Generic Request to gate.php Dotted-Quad ET MALWARE Win32/ModernLoader Activity (POST) ET INFO PowerShell Base64 Encoded Content Command Common In Powershell Stagers M1	10.2	M		ZeroCERT

13469	2023-05-06 12:11	KK.exe 435eb802f9f6804a0e702aab7d585b45 PE32 PE File VirusTotal Malware				2.2	M	33	ZeroCERT

13470	2023-05-06 12:08	portable.exe 8f05b8ea15b88c441219cf8310010df0 UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware unpack itself Remote Code Execution				2.4	M	48	ZeroCERT