Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
13906	2023-04-12 11:37	jRuiQlItEQ.JS 6c5a8e4d9ba2f4ccb0ae3444473b3353 WriteConsoleW Windows	1 Keyword trend analysis	2			4.0			ZeroCERT

13907	2023-04-12 09:27	eU6ZAb44 2756a79655d41f63a0af6ff715a68637 PE64 PE File VirusTotal Malware crashed					1.2	M	6	ZeroCERT

13908	2023-04-12 09:25	LfhxrETRRGxerZerexgfCtex.exe 637e3496384188cc88c9de07f82dacce RAT Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName crashed					10.4	M	44	ZeroCERT

13909	2023-04-12 09:25	tmpF82D.tmp.exe 4f0402bf30445ece92c85cd3ee8240ac PWS .NET framework RAT .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself ComputerName					2.2	M	46	ZeroCERT

13910	2023-04-12 09:23	RegSvcs.exe f0e40af095d6cb50bd42713da5c21e4a .NET DLL DLL PE32 PE File PDB					0.2	M		ZeroCERT

13911	2023-04-12 09:23	clip64.dll ee69aeae2f96208fc3b11dfb70e07161 UPX Malicious Library Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE32 PE File VirusTotal Malware PDB Checks debugger unpack itself					2.0	M	54	ZeroCERT

13912	2023-04-12 09:23	bb2f2e6013f909a8d768138668cef6... ff8cf4e39cf12b67fdb346ec56af1666 RAT task schedule UPX Confuser .NET AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself DNS		1			7.6	M	47	ZeroCERT

13913	2023-04-12 09:21	lega.exe f6da6da3867f998ae4d9fdc3e92554d0 Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE32 PE File OS Processor Check DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Tofsee Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed Downloader	6 Keyword trend analysis Info http://80.66.79.86/joomla/index.php http://179.43.155.247/cc.exe - rule_id: 27942 http://80.66.79.86/joomla/Plugins/cred64.dll http://80.66.79.86/joomla/Plugins/clip64.dll https://transfer.sh/get/VI2XNN/t40qOrtfDw5JAOa.exe https://bitbucket.org/dushanbepromo/kingsoft/downloads/OriginalBuild.exe	8	13 Info ET MALWARE Amadey CnC Check-In ET INFO TLS Handshake Failure ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Observed DNS Query to File Transfer Service Domain (transfer .sh) ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in DNS Lookup) ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	1	15.8	M		ZeroCERT

13914	2023-04-12 09:20	Ruzvelt.exe cafc8351bc21c41083793db0f57b6aa8 UPX Malicious Library OS Processor Check PE32 PE File PDB unpack itself					1.0	M		ZeroCERT

13915	2023-04-12 09:19	fotocr17.exe 42d79839773ca4f55709c1a026a25914 Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE32 PE File OS Processor Check DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	2 Keyword trend analysis	2	6 Info ET MALWARE Amadey CnC Check-In ET INFO Dotted Quad Host DLL Request ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)		15.4	M		ZeroCERT

13916	2023-04-12 09:19	Hjkjhgue.ps1 9f2185dd58f001676cc084472c0d35b5 Generic Malware Antivirus powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis				4.4			ZeroCERT

13917	2023-04-12 09:18	OriginalBuild.exe 4851971e37ce8cd2b61a795780b7d4b5 RAT Generic Malware Antivirus .NET EXE PE32 PE File VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key		1			5.4	M	28	ZeroCERT

13918	2023-04-12 09:18	photo_112.exe 2d317d80cc4409532c86c8f117ad3617 Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE32 PE File OS Processor Check DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	5 Keyword trend analysis	2	7 Info ET MALWARE Amadey CnC Check-In ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)		15.4	M		ZeroCERT

13919	2023-04-12 09:16	clip64.dll dddb7f44df311203facdf9bb248f80ad UPX Malicious Library Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE32 PE File VirusTotal Malware PDB Checks debugger unpack itself					2.0	M	59	ZeroCERT

13920	2023-04-12 09:14	foto0154.exe 5752ce032f925d2294ef5abfe4b1360f Gen1 Emotet UPX Malicious Library CAB PE32 PE File Browser Info Stealer FTP Client Info Stealer AutoRuns PDB suspicious privilege Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		1			8.2	M		ZeroCERT