Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
14101	2023-04-02 08:52	foto0169.exe e162570e19e5b7b60bdea41e4aee9b46 Gen1 Emotet UPX Malicious Library CAB PE32 PE File Browser Info Stealer FTP Client Info Stealer AutoRuns PDB suspicious privilege Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		1			8.2			ZeroCERT

14102	2023-04-01 11:11	https://www.facebook.com/recov... 00838a8cb21d38ac2ec93f8e6003f1d8 Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM MSOffice File icon PNG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	9 Keyword trend analysis Info https://m.facebook.com/favicon.ico https://fbsbx.com/security/hsts-pixel.gif https://facebook.com/security/hsts-pixel.gif?c=3.2 https://m.facebook.com/login/identify/?ctx=recover&c&multiple_results=0&from_login_screen=0&_rdr https://static.xx.fbcdn.net/rsrc.php/v3/y0/r/2xs6jaqwoaL.png https://www.facebook.com/recover/initiate/?ldata=AWdu9jOm_Vz9oxOyhcWwMT2sAbKJiix516xWvQ4nCxFV1S37siY3l3C6S3u4xp-ztme4ivBgdnsyWh9jVQyB5w4KqwpqCyrmf8PDliykkZ5tePO9XNgJoRexoC3Ux8seM3jcdm2gAR4E-JVJCU4MlYZ0ku5pkQ6e_COFE6k8BEMgzy8QIaNicxWpg5S6WGS50j5WBeDImWd6dBo12z5gW4MSVVFColbWx1xyDdVmG6kYG8YXmOnjOEzzUfTI-TBF9wRufqc-LFgmNiuR7Yo6Zl23 https://fbcdn.net/security/hsts-pixel.gif?c=2 https://m.facebook.com/recover/initiate/?ldata=AWdu9jOm_Vz9oxOyhcWwMT2sAbKJiix516xWvQ4nCxFV1S37siY3l3C6S3u4xp-ztme4ivBgdnsyWh9jVQyB5w4KqwpqCyrmf8PDliykkZ5tePO9XNgJoRexoC3Ux8seM3jcdm2gAR4E-JVJCU4MlYZ0ku5pkQ6e_COFE6k8BEMgzy8QIaNicxWpg5S6WGS50j5WBeDImWd6dBo12z5gW4MSVVFColbWx1xyDdVmG6kYG8YXmOnjOEzzUfTI-TBF9wRufqc-LFgmNiuR7Yo6Zl23&_rdr https://static.xx.fbcdn.net/rsrc.php/v3/y8/r/k97pj8-or6s.png	8	2		4.2			guest

14103	2023-04-01 10:43	https://www.facebook.com/recov... 707a75561797d7d3a6bb50eeaa0798cd Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM MSOffice File icon PNG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	9 Keyword trend analysis Info https://m.facebook.com/favicon.ico https://fbsbx.com/security/hsts-pixel.gif https://facebook.com/security/hsts-pixel.gif?c=3.2 https://m.facebook.com/login/identify/?ctx=recover&c&multiple_results=0&from_login_screen=0&_rdr https://static.xx.fbcdn.net/rsrc.php/v3/y0/r/2xs6jaqwoaL.png https://www.facebook.com/recover/initiate/?ldata=AWdu9jOm_Vz9oxOyhcWwMT2sAbKJiix516xWvQ4nCxFV1S37siY3l3C6S3u4xp-ztme4ivBgdnsyWh9jVQyB5w4KqwpqCyrmf8PDliykkZ5tePO9XNgJoRexoC3Ux8seM3jcdm2gAR4E-JVJCU4MlYZ0ku5pkQ6e_COFE6k8BEMgzy8QIaNicxWpg5S6WGS50j5WBeDImWd6dBo12z5gW4MSVVFColbWx1xyDdVmG6kYG8YXmOnjOEzzUfTI-TBF9wRufqc-LFgmNiuR7Yo6Zl23 https://fbcdn.net/security/hsts-pixel.gif?c=2 https://m.facebook.com/recover/initiate/?ldata=AWdu9jOm_Vz9oxOyhcWwMT2sAbKJiix516xWvQ4nCxFV1S37siY3l3C6S3u4xp-ztme4ivBgdnsyWh9jVQyB5w4KqwpqCyrmf8PDliykkZ5tePO9XNgJoRexoC3Ux8seM3jcdm2gAR4E-JVJCU4MlYZ0ku5pkQ6e_COFE6k8BEMgzy8QIaNicxWpg5S6WGS50j5WBeDImWd6dBo12z5gW4MSVVFColbWx1xyDdVmG6kYG8YXmOnjOEzzUfTI-TBF9wRufqc-LFgmNiuR7Yo6Zl23&_rdr https://static.xx.fbcdn.net/rsrc.php/v3/y8/r/k97pj8-or6s.png	8	2		4.2			guest

14104	2023-04-01 10:21	https://www.google.com/search?... 29b78806a6c5b7e11cc66628a3aa33eb Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis Info https://www.google.com/images/branding/searchlogo/1x/googlelogo_desk_heirloom_color_150x55dp.gif https://www.google.com/search?q=t+mobile+login&source=hp&ei=jWInZICdLYLQkPIPlrCG8AQ&oq=tmobile+lo&gs_lcp=ChFtb2JpbGUtZ3dzLXdpei1ocBABGAAyBwgAEIAEEAoyCAgAEIAEEMkDMggIABCKBRCSAzILCAAQgAQQsQMQgwEyBQgAEIAEMgUIABCABDIFCAAQgAQyBQgAEIAEOgsIKRCABBCxAxCDAToCCCk6DggAEI8BEOoCEIwDEOUCOg4ILhCPARDqAhCMAxDlAjoICAAQgAQQsQM6DgguEIAEELEDEIMBENQCOgsILhCABBDHARCvAToNCC4QgAQQxwEQ0QMQCjoKCAAQgAQQyQMQCjoKCAAQgAQQkgMQCjoQCC4QgAQQsQMQxwEQ0QMQClDWDFiRZ2CLb2gAcAB4AIAB5AGIAa4NkgEFMC44LjKYAQCgAQGwARQ&sclient=mobile-gws-wiz-hp	2	2		4.2			guest

14105	2023-04-01 10:00	Cha-Ching.ogg 6a9a2240cd15abb6a9359e7561f594e5 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.4			guest

14106	2023-04-01 09:54	handdiy_3.exe d5cddebc785771e1db6dd5a0a64438aa AgentTesla Gen2 Trojan_PWS_Stealer browser info stealer Credential User Data Generic Malware Google Chrome Downloader UPX Malicious Library SQLite Cookie Malicious Packer Create Service DGA Socket DNS BitCoin Code injection HTTP PWS[m] Sniff Aud Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Checks debugger WMI Creates executable files exploit crash unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW installed browsers check Tofsee Windows Exploit Browser ComputerName Remote Code Execution DNS crashed	1 Keyword trend analysis	4	5		10.4	M	55	guest

14107	2023-04-01 04:45	security-sysdiagnose.txt 96100b0a36473988dacac84b13d5ceca AgentTesla browser info stealer Generic Malware Google Chrome User Data Downloader Create Service DGA Socket DNS BitCoin Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger Scree Browser Info Stealer Code Injection Checks debugger exploit crash unpack itself malicious URLs installed browsers check Exploit Browser crashed					4.8			guest

14108	2023-03-31 18:30	File_pass1234.7z 92ca1fb37f27d4f68e36a48db3ddd7f0 PWS[m] Escalate priviledges KeyLogger AntiDebug AntiVM Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check Tofsee DNS	4 Keyword trend analysis	11	2		4.2	M		ZeroCERT

14109	2023-03-31 17:01	24....................24......... 409e6c1dd82691daeb9823579810efde MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed Downloader	1 Keyword trend analysis	1	3		4.6	M	34	ZeroCERT

14110	2023-03-31 16:59	handdiy_3.exe d5cddebc785771e1db6dd5a0a64438aa Gen2 Trojan_PWS_Stealer Credential User Data UPX Malicious Library SQLite Cookie Malicious Packer Anti_VM OS Processor Check PE32 PE File PNG Format Browser Info Stealer VirusTotal Malware suspicious privilege MachineGuid Code Injection Checks debugger WMI Creates executable files ICMP traffic exploit crash Windows utilities suspicious process WriteConsoleW installed browsers check Tofsee Windows Exploit Browser ComputerName Remote Code Execution DNS crashed	1 Keyword trend analysis	4	5		9.8	M	53	ZeroCERT

14111	2023-03-31 16:58	handdiy_4.exe b3b0d7c0ef99da62f4528b2e2b835575 Gen2 Trojan_PWS_Stealer Credential User Data Generic Malware UPX Malicious Library SQLite Cookie Malicious Packer Anti_VM OS Processor Check PE32 PE File PNG Format Browser Info Stealer VirusTotal Malware suspicious privilege MachineGuid Code Injection Checks debugger WMI Creates executable files exploit crash Windows utilities suspicious process WriteConsoleW installed browsers check Tofsee Windows Exploit Browser ComputerName Remote Code Execution DNS crashed	1 Keyword trend analysis	4	5		9.4	M	53	ZeroCERT

14112	2023-03-31 16:35	RedHat.exe 684b2bdbe523cd89846944b6814f4de3 Gen2 Generic Malware UPX Malicious Library Antivirus OS Processor Check PE32 PE File VirusTotal Malware Malicious Traffic unpack itself ComputerName DNS	1 Keyword trend analysis	1		1	4.2	M	43	r0d

14113	2023-03-31 16:33	white.exe 89a133e7158e8bb6e2614a7c9bd7ff5d NPKI UPX Malicious Packer PE32 PE File VirusTotal Malware Malicious Traffic unpack itself ComputerName DNS	1 Keyword trend analysis	1		1	3.4	M	30	r0d

14114	2023-03-31 09:53	officesync.exe 09cfacee6efb98efa511bb377b1d0b14 UPX Malicious Library OS Processor Check PE32 PE File unpack itself Remote Code Execution					1.0	M		ZeroCERT

14115	2023-03-31 09:51	50.........................50.... 7b4d587f0d734bdf9e506c89d95f1dd4 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed Downloader	2 Keyword trend analysis	3	8 Info ET INFO Executable Download from dotted-quad Host ET MALWARE MSIL/GenKryptik.FQRH Download Request ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.0	M	33	ZeroCERT