Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1381	2024-08-09 15:16	random.exe 486b72c59c13d478f33938c5c25d7e98 Themida Packer PE File PE32 VirusTotal Malware AutoRuns Checks debugger unpack itself Windows utilities Checks Bios Detects VMWare suspicious process WriteConsoleW VMware anti-virtualization Windows ComputerName DNS crashed		1			10.2	M	45	guest

1382	2024-08-09 11:28	mingh.exe 2c15e22aea92ccabc62205aebc53e314 Malicious Library PE File PE64						M		ZeroCERT

1383	2024-08-09 11:21	Filemy.exe 850a43e323656b86ae665d8b4fd71369 Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware					0.4		1	ZeroCERT

1384	2024-08-09 11:12	Umar.exe bc3e076ec6527a8bf74e9293be24630e Generic Malware Admin Tool (Sysinternals etc ...) UPX PE File PE32 Browser Info Stealer Malware download VirusTotal Malware Malicious Traffic Check memory buffers extracted unpack itself Collect installed applications suspicious TLD anti-virtualization installed browsers check CryptBot Browser ComputerName DNS	1 Keyword trend analysis	2	3		6.4		31	ZeroCERT

1385	2024-08-09 10:52	FILE2233.exe 03fe60596aa8f9b633ac360fd9ec42d8 Vidar PE File PE64 VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself					1.8		17	ZeroCERT

1386	2024-08-09 10:49	Run112.exe 85a9287c26148788deff9c77bab244b3 Emotet Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows		2	1		3.6	M	41	ZeroCERT

1387	2024-08-09 10:48	sostener.vbs 23cef0c9c3e02cc2bdc8516b889d1191 Generic Malware Antivirus Hide_URL PowerShell Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1		10.0			ZeroCERT

1388	2024-08-09 10:48	envifa.vbs 23cef0c9c3e02cc2bdc8516b889d1191 Generic Malware Antivirus Hide_URL PowerShell Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1		10.0			ZeroCERT

1389	2024-08-09 10:47	89.hta f904e8a5141b08f3f8e2121459f539fe Generic Malware Downloader Antivirus AntiDebug AntiVM PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	3		11.4	M	18	ZeroCERT

1390	2024-08-09 10:06	file3333.exe 978623ad6b4d9385c047d9315423c754 Vidar PE File PE64 VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself					2.4	M	46	r0d

1391	2024-08-09 09:32	setup2.exe 098621a8fa13fdfd4ce2d9c3dc010092 Malicious Library Malicious Packer Antivirus UPX AntiDebug AntiVM PE File PE64 OS Processor Check PE32 VirusTotal Malware AutoRuns PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces malicious URLs Tofsee Windows Discord Remote Code Execution DNS	7 Keyword trend analysis Info http://cacerts.digicert.com/DigiCertGlobalRootG2.crt http://194.58.114.223/d/385104 https://pastebin.com/raw/E0rY26ni - rule_id: 37702 https://yip.su/RNWPd.exe - rule_id: 37623 https://github.com/evan9908/Setup/raw/main/Umar.exe https://cdn.discordapp.com/attachments/1271038807315185718/1271141416722235504/setup.exe?ex=66b64232&is=66b4f0b2&hm=54ce8f39d23ca603ff6f30c94a6a47d0c4b423d21c32cc49cdd2dfd3da22283e& https://iplogger.com/1lyxz	17 Info cacerts.digicert.com(152.195.38.76) iplogger.com(104.21.76.57) - mailcious github.com(20.200.245.247) - mailcious pastebin.com(172.67.19.24) - mailcious yip.su(104.21.79.77) - mailcious cdn.discordapp.com(162.159.129.233) - malware raw.githubusercontent.com(185.199.111.133) - malware ironmanrecycling.com(147.45.60.44) - malware 104.20.3.235 - malware 162.159.134.233 - malware 147.45.60.44 - malware 152.195.38.76 172.67.188.178 - mailcious 185.199.110.133 - malware 194.58.114.223 - mailcious 172.67.169.89 20.200.245.247 - malware	10 Info ET DNS Query for .su TLD (Soviet Union) Often Malware Related SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING Redirect to Discord Attachment Download ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET INFO Packed Executable Download ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	2	12.2	M	54	ZeroCERT

1392	2024-08-09 09:30	file200h.exe 5325fec9552fa277891e782b77a475ee Malicious Library Malicious Packer Antivirus UPX AntiDebug AntiVM PE File PE64 OS Processor Check PE32 VirusTotal Malware AutoRuns Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder malicious URLs Tofsee Windows Discord Remote Code Execution DNS	6 Keyword trend analysis Info http://cacerts.digicert.com/DigiCertGlobalRootG2.crt http://194.58.114.223/d/385104 https://pastebin.com/raw/E0rY26ni - rule_id: 37702 https://yip.su/RNWPd.exe - rule_id: 37623 https://github.com/evan9908/Setup/raw/main/Umar.exe https://cdn.discordapp.com/attachments/1271038807315185718/1271141416722235504/setup.exe?ex=66b64232&is=66b4f0b2&hm=54ce8f39d23ca603ff6f30c94a6a47d0c4b423d21c32cc49cdd2dfd3da22283e&	15 Info raw.githubusercontent.com(185.199.108.133) - malware github.com(20.200.245.247) - mailcious pastebin.com(104.20.4.235) - mailcious yip.su(172.67.169.89) - mailcious cdn.discordapp.com(162.159.130.233) - malware cacerts.digicert.com(152.195.38.76) ironmanrecycling.com(147.45.60.44) - malware 104.20.3.235 - malware 185.199.111.133 - mailcious 147.45.60.44 - malware 152.195.38.76 162.159.135.233 - malware 194.58.114.223 - mailcious 172.67.169.89 20.200.245.247 - malware	8 Info ET DNS Query for .su TLD (Soviet Union) Often Malware Related SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET INFO Observed Discord Domain (discordapp .com in TLS SNI) ET HUNTING Redirect to Discord Attachment Download ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	2	12.0	M	55	ZeroCERT

1393	2024-08-09 09:27	file234.exe def6f274c14351d9cf0f49798b5a833d Malicious Library Malicious Packer Antivirus UPX AntiDebug AntiVM PE File PE64 OS Processor Check PE32 VirusTotal Malware AutoRuns PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder malicious URLs suspicious TLD Tofsee Windows Discord Remote Code Execution DNS	6 Keyword trend analysis Info http://194.58.114.223/d/385121 https://pastebin.com/raw/xYhKBupz - rule_id: 36780 https://yip.su/RNWPd.exe - rule_id: 37623 https://iplogger.com/1uNwK4 https://cdn.discordapp.com/attachments/1271038807315185718/1271141520195715093/setup.exe?ex=66b6424b&is=66b4f0cb&hm=de560db8ff6dd3fa9ac31172f1bd3d348b35190c8d570ea98c882ca3b5c00fdd& https://github.com/evan9908/Setup/raw/main/Filemy.exe	15 Info yip.su(104.21.79.77) - mailcious github.com(20.200.245.247) - mailcious pastebin.com(172.67.19.24) - mailcious iplogger.com(172.67.188.178) - mailcious cdn.discordapp.com(162.159.135.233) - malware raw.githubusercontent.com(185.199.110.133) - malware ironmanrecycling.com(147.45.60.44) - malware 104.20.3.235 - malware 147.45.60.44 - malware 162.159.133.233 - malware 185.199.111.133 - mailcious 104.21.76.57 104.21.79.77 - phishing 194.58.114.223 - mailcious 20.200.245.247 - malware	10 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed Discord Domain (discordapp .com in TLS SNI) ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET HUNTING Redirect to Discord Attachment Download	2	12.0	M	49	ZeroCERT

1394	2024-08-09 09:27	S%D0%B5tup1.exe ea4d0c345eec97f8ec7174b210798a56 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself					2.6	M	37	ZeroCERT

1395	2024-08-09 09:25	file3333.exe 978623ad6b4d9385c047d9315423c754 PE File PE64 VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.2	M	46	ZeroCERT