Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
14161	2023-03-29 14:11	2.1.0ff.exe bc338e23e5411697561306eabb29bd9c Raccoon Stealer PE32 PE File VirusTotal Malware Windows crashed				2.0	M	45	r0d

14162	2023-03-29 13:41	XWorm.exe e5dacf4cce4083b88d8f229162800535 RAT UPX OS Processor Check .NET EXE PE32 PE File MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName DNS Cryptographic key DDNS		2	1	2.8			ZeroCERT

14163	2023-03-29 13:39	index.html 3eebb4f2eb87d262969874e1d4685717 AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	2	5 Info ET INFO TLS Handshake Failure ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Observed DNS Query to File Transfer Service Domain (transfer .sh) ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in DNS Lookup)	3.8			ZeroCERT

14164	2023-03-29 13:37	Taxpayer.pdf af333833c285ea114b841c4e8cde282f PDF VirusTotal Malware	1 Keyword trend analysis			1.0		13	ZeroCERT

14165	2023-03-29 13:33	Bna-invoice#149.pdf.hta 052a2a82953e9e96c0c84caffb694e67 Generic Malware Antivirus AntiDebug AntiVM MSOffice File powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis		2	8.4			ZeroCERT

14166	2023-03-29 13:13	da1942e2f5f58ee90618db1cfdbd75... 30bfba59058499f28d7f7de51d41a745 Gen1 UPX Malicious Packer PE32 PE File VirusTotal Malware Remote Code Execution				0.6		1	BRY

14167	2023-03-29 12:04	dbStr-2.map.data 9ffc9e085f430a13aed79ee745ff3084 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				3.4			BRY

14168	2023-03-29 11:09	vbc.exe 542ef4a811e2fa45e96efe1602acd737 UPX Malicious Library PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself Windows utilities AppData folder Windows	3 Keyword trend analysis Info http://www.rahilprakash.com/sa79/?T8kD=FQxM/LfEtsdNPd9lcQ3fHhWjGCP7SrZqu0I9GJfO6cOgbFH11N56o5A937py/xwkq6yJtR1f&Vnw0Z=-Z2hTbdPQ2dhN4y http://www.oliviahodges04.uk/sa79/?T8kD=3HmUkRFWstZ/xsvvXCVgYJLRrrcnJmgiwegIDeQwZYyLk7GSagwRMPBNdLuE3jtARa50r64A&Vnw0Z=-Z2hTbdPQ2dhN4y http://www.cloud-spartan.co.uk/sa79/?T8kD=jkxHAd9GAbQei4M5qdOAezShFl0g6rfkBT3I54TzQtwvhmYtcfZekS4RyxImys3XUoylJySQ&Vnw0Z=-Z2hTbdPQ2dhN4y	7	1	5.6	M	39	ZeroCERT

14169	2023-03-29 11:09	utd.exe 7c4e7dc9b73afae121b7f83004013971 PWS .NET framework RAT UPX .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself ComputerName DNS		1		2.4	M	29	ZeroCERT

14170	2023-03-29 11:09	RegSvcs.exe 004a919e31049dce0f9b96699cbbec5e PWS .NET framework RAT UPX Malicious Library Malicious Packer OS Processor Check .NET EXE PE32 PE File Malware download AsyncRAT NetWireRC Malware DNS DDNS		4	4	1.4			ZeroCERT

14171	2023-03-29 10:52	RegSvcs.exe 7f47c9d043fcec52e995e98d21813482 PWS .NET framework RAT UPX Malicious Library Malicious Packer OS Processor Check .NET EXE PE32 PE File Malware download AsyncRAT NetWireRC Malware DNS DDNS		3	3	2.4	M		ZeroCERT

14172	2023-03-29 10:50	2.1.0ff.exe bc338e23e5411697561306eabb29bd9c PE32 PE File VirusTotal Malware Windows crashed				2.0	M	45	ZeroCERT

14173	2023-03-29 10:48	Tarlatan.exe b26480dce772642635204619f30c35d6 RedLine stealer[m] PWS .NET framework RAT RedLine Stealer Confuser .NET SMTP PWS[m] AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1		9.4	M	50	ZeroCERT

14174	2023-03-29 10:47	Tarlatan.exe b26480dce772642635204619f30c35d6 RedLine stealer[m] PWS .NET framework RAT RedLine Stealer Confuser .NET SMTP PWS[m] AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1		9.4	M	50	ZeroCERT

14175	2023-03-29 10:46	65................65............. 20e82801d2b5b859faab91680dbcb903 MS_RTF_Obfuscation_Objects RTF File doc LokiBot Malware download VirusTotal Malware c&c Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed Downloader	2 Keyword trend analysis	2	15 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET INFO Executable Download from dotted-quad Host ET MALWARE MSIL/GenKryptik.FQRH Download Request ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET INFO Packed Executable Download ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5.0	M	30	ZeroCERT