Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
14536	2021-11-04 15:09	ww_testFS_0211_single.exe 4ea672ca05b3c1e7d131ecc108c7e7f1 RAT Gen1 Generic Malware Malicious Library UPX Malicious Packer ASPack PE File OS Processor Check PE32 PE64 DLL Browser Info Stealer Malware download VirusTotal Malware AutoRuns MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Windows utilities Disables Windows Security Check virtual network interfaces suspicious process AppData folder sandbox evasion WriteConsoleW IP Check Tofsee Windows Browser ComputerName DNS crashed	23 Keyword trend analysis Info http://staticimg.youtuuee.com/api/?sid=2098765&key=a7620f1fdb5530186e00465d6d97c1bb - rule_id: 5258 http://www.hzradiant.com/askinstall42.exe http://ip-api.com/json/ http://dataonestorage.com/search_hyperfs_209.exe http://45.133.1.182/proxies.txt - rule_id: 6139 http://212.192.241.62/base/api/statistics.php http://eguntong.com/pub33.exe http://staticimg.youtuuee.com/api/fbtime - rule_id: 6464 http://apps.identrust.com/roots/dstrootcax3.p7c http://212.192.241.62/base/api/getData.php http://45.133.1.107/server.txt http://212.192.241.62/service/communication.php http://www.hzradiant.com/askhelp42/askinstall42.exe https://f.gogamef.com/userhome/22/23ce6573d0b61d1c6b7a3a8c1cdf07b2.exe https://cdn.discordapp.com/attachments/891006172130345095/905376099935080508/realV2_0301.bmp https://cdn.discordapp.com/attachments/896617596772839426/897483264074350653/Service.bmp https://cdn.discordapp.com/attachments/896617596772839426/899593707228135434/Cube_WW14.bmp https://d.gogamed.com/userhome/22/any.exe https://yandex.ru/ https://el5en1977834657.s3.ap-south-1.amazonaws.com/kak.exe https://cdn.discordapp.com/attachments/891006172130345095/905393686618193921/help0301.bmp https://ipinfo.io/widget https://cdn.discordapp.com/attachments/891021838312931420/902505896159113296/PL_Client.bmp	38 Info d.gogamed.com(104.21.59.236) imgs.googlwaa.com(45.136.113.13) - malware el5en1977834657.s3.ap-south-1.amazonaws.com(52.219.158.50) t.gogamec.com(104.21.85.99) apps.identrust.com(23.216.159.81) iplis.ru(88.99.66.31) - mailcious ip-api.com(208.95.112.1) eguntong.com(5.8.76.205) f.gogamef.com(104.21.72.228) ipinfo.io(34.117.59.81) twitter.com(104.244.42.65) dataonestorage.com(45.142.182.152) - malware telegram.org(149.154.167.99) cdn.discordapp.com(162.159.130.233) - malware yandex.ru(5.255.255.70) www.hzradiant.com(194.163.158.120) staticimg.youtuuee.com(45.136.151.102) - mailcious 52.219.156.6 119.207.65.81 - suspicious 172.67.136.94 5.8.76.205 5.255.255.70 149.154.167.99 45.142.182.152 88.99.66.31 - mailcious 45.133.1.107 - malware 34.117.59.81 45.133.1.182 - malware 23.216.159.81 208.95.112.1 45.136.151.102 - mailcious 162.159.134.233 - malware 194.163.158.120 - malware 45.136.113.13 - malware 212.192.241.62 104.244.42.193 - suspicious 172.67.204.112 104.21.59.236	10 Info SURICATA Applayer Mismatch protocol both directions SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin M2 ET POLICY External IP Lookup ip-api.com	3	16.4	M	23	ZeroCERT

14537	2021-11-04 15:09	1363_1635939325_5752.exe 76fb65cb412e236329eee2be0c0a0a24 PE File PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key crashed		1			5.2		29	ZeroCERT

14538	2021-11-04 15:10	ww_testLL_0211_single.exe 8ac9ae1dd3a33406003c4456359a9db4 RAT Gen1 Generic Malware Malicious Library UPX Malicious Packer ASPack PE File OS Processor Check PE32 PE64 DLL .NET EXE Browser Info Stealer Malware download Malware AutoRuns MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Disables Windows Security Check virtual network interfaces suspicious process AppData folder sandbox evasion WriteConsoleW IP Check Tofsee Windows Browser ComputerName DNS crashed	25 Keyword trend analysis Info http://www.hzradiant.com/askhelp42/askinstall42.exe http://fouratlinks.com/installpartners/ShareFolder.exe http://www.hzradiant.com/askinstall42.exe http://ip-api.com/json/ http://dataonestorage.com/search_hyperfs_209.exe http://45.133.1.182/proxies.txt - rule_id: 6139 http://212.192.241.62/base/api/statistics.php http://eguntong.com/pub33.exe http://staticimg.youtuuee.com/api/fbtime - rule_id: 6464 http://apps.identrust.com/roots/dstrootcax3.p7c http://212.192.241.62/base/api/getData.php http://45.133.1.107/server.txt http://212.192.241.62/service/communication.php http://staticimg.youtuuee.com/api/?sid=2099253&key=fd52925171e83f42fc2ded8133aae222 - rule_id: 5258 https://f.gogamef.com/userhome/22/23ce6573d0b61d1c6b7a3a8c1cdf07b2.exe https://cdn.discordapp.com/attachments/891006172130345095/905376099935080508/realV2_0301.bmp https://cdn.discordapp.com/attachments/896617596772839426/897483264074350653/Service.bmp https://yandex.ru/showcaptcha?cc=1&retpath=https%3A//yandex.ru/%3F_a09e8b000a282123c603bfc4a97c0306&t=2/1636005811/44697f40337ea4bdfd2de18621e47c54&u=7a6baacf-5dc3c4f0-2c5eb502-48cc2bf3&s=7586315df59045f770b5809e4db25d55 https://cdn.discordapp.com/attachments/896617596772839426/899593707228135434/Cube_WW14.bmp https://d.gogamed.com/userhome/22/any.exe https://yandex.ru/ https://el5en1977834657.s3.ap-south-1.amazonaws.com/kak.exe https://cdn.discordapp.com/attachments/891006172130345095/905393686618193921/help0301.bmp https://ipinfo.io/widget https://cdn.discordapp.com/attachments/891021838312931420/902505896159113296/PL_Client.bmp	40 Info d.gogamed.com(104.21.59.236) imgs.googlwaa.com(45.136.113.13) - malware www.hzradiant.com(194.163.158.120) t.gogamec.com(172.67.204.112) ip-api.com(208.95.112.1) iplis.ru(88.99.66.31) - mailcious cdn.discordapp.com(162.159.133.233) - malware eguntong.com(5.8.76.205) f.gogamef.com(104.21.72.228) el5en1977834657.s3.ap-south-1.amazonaws.com(52.219.64.55) ipinfo.io(34.117.59.81) twitter.com(104.244.42.65) dataonestorage.com(45.142.182.152) - malware telegram.org(149.154.167.99) yandex.ru(5.255.255.5) apps.identrust.com(23.216.159.81) fouratlinks.com(199.192.17.247) staticimg.youtuuee.com(45.136.151.102) - mailcious 162.159.133.233 - malware 23.32.56.144 5.8.76.205 149.154.167.99 45.142.182.152 88.99.66.31 - mailcious 45.133.1.107 - malware 104.21.72.228 34.117.59.81 45.136.113.13 - malware 104.244.42.65 - suspicious 45.133.1.182 - malware 52.219.66.59 208.95.112.1 45.136.151.102 - mailcious 194.163.158.120 - malware 5.255.255.5 121.254.136.27 212.192.241.62 199.192.17.247 172.67.204.112 172.67.185.110	11 Info SURICATA Applayer Mismatch protocol both directions SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin M2 ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET INFO Packed Executable Download ET POLICY External IP Lookup ip-api.com	3	14.2	M		ZeroCERT

14539	2021-11-04 15:11	VPN.exe eabc4d9d7c67dc8e66b07d3976528e19 Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself DNS		1			2.8		32	ZeroCERT

14540	2021-11-04 15:14	docs 9860743c4ff83784de05aa8444594aed Malicious Packer PE File PE32 Malware Checks debugger Creates executable files Windows DNS	2 Keyword trend analysis	3	2		2.0			ZeroCERT

14541	2021-11-04 15:15	search_hyperfs_204.exe 04571dd226f182ab814881b6eaaf8b00 Malicious Library UPX Create Service Escalate priviledges DGA Socket Steal credential DNS Internet API Code injection Sniff Audio HTTP KeyLogger FTP Downloader ScreenShot Http API P2P AntiDebug AntiVM PE File OS Processor Check PE32 DLL VirusTotal Malware PDB suspicious privilege Code Injection Check memory WMI unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName Remote Code Execution DNS		2			7.2		48	ZeroCERT

14542	2021-11-04 15:16	6478_1635886410_99.exe aa274b420a15cdb8384906a3c45a6d22 Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					3.0		41	ZeroCERT

14543	2021-11-04 15:18	setup.exe bab66a1efbd3c6e65c5a6e01deea8367 Emotet Gen2 Formbook RAT PWS .NET framework Gen1 Eredel Stealer Extended njRAT backdoor Loki[b] Loki.m Generic Malware Malicious Library UPX Malicious Packer ASPack Admin Tool (Sysinternals etc ...) PE File PE32 DLL OS Processor Check MSOffice File PE Malware download VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder AntiVM_Disk sandbox evasion VM Disk Size Check Tofsee Windows ComputerName DNS Cryptographic key crashed	18 Keyword trend analysis Info http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net472Rel1&plcid=0x409&clcid=0x409&ar=03062.00&sar=amd64&o1=netfx_Full_x64.msi http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net472Rel1&plcid=0x409&clcid=0x409&ar=03062.00&sar=amd64&o1=netfx_Full.mzz http://go.microsoft.com/fwlink/?LinkId=862008 http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl http://go.microsoft.com/fwlink/?LinkId=249120&clcid=0x409 http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl http://indug.com/68.exe http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net472Rel1&plcid=0x409&clcid=0x409&ar=03081.00&sar=amd64&o1=netfx_Patch_x64.msp https://download.visualstudio.microsoft.com/download/pr/375f6a02-34bc-4b7d-ad8b-957789cf81e8/e4abafc291524af6e2b478f5d4857f0a/netfx_full_x64.msi https://download.visualstudio.microsoft.com/download/pr/887938c3-2a46-4069-a0b1-207035f1dd82/61ef25faf2ae00460f6a77e29327699a/netfx_patch_x64.msp https://download.visualstudio.microsoft.com/download/pr/887938c3-2a46-4069-a0b1-207035f1dd82/f0771dabc43ba46cfe9e3481840a7944/windows6.1-kb4019990-x64.cab https://download.visualstudio.microsoft.com/download/pr/7db06743-abf0-4a85-a9d3-5af54b6cabcc/cc8282475d16202c4dca707e83cf0ae0/netfx_full_x64.msi https://download.microsoft.com/download/b/9/5/b95136c0-58a0-48df-821a-d05319a86852/enu_NETFX/amd64_netfx_full_mzz/netfx_full_cab.exe	11	5		10.2		6	ZeroCERT

14544	2021-11-04 15:20	max.exe a6546e2648aeb1504f1254e90881cfcd NSIS Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger Creates executable files unpack itself AppData folder Windows Browser Email ComputerName Cryptographic key Software crashed keylogger					9.6		23	ZeroCERT

14545	2021-11-04 15:22	clapp.exe fd9373daf6836a58961b12ef430e34d6 Malicious Library UPX AntiDebug AntiVM PE File OS Processor Check PE32 Browser Info Stealer VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Windows Browser ComputerName Remote Code Execution DNS Cryptographic key crashed		1	1		11.0		27	ZeroCERT

14546	2021-11-04 15:26	Softw75TradingB26345.exe 080f4eb3d7c6c3a2bd561157e5bca410 RAT Generic Malware PE File PE32 .NET EXE VirusTotal Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder Tofsee	9 Keyword trend analysis Info https://niemannbest.me/?user=p26_5 - rule_id: 6275 https://niemannbest.me/?user=p26_4 - rule_id: 6275 https://niemannbest.me/?user=p26_7 - rule_id: 6275 https://niemannbest.me/?user=p26_6 - rule_id: 6275 https://niemannbest.me/?user=p26_1 - rule_id: 6275 https://iplogger.org/1kGCu7 https://niemannbest.me/?user=p26_3 - rule_id: 6275 https://niemannbest.me/?user=p26_2 - rule_id: 6275 https://iplogger.org/1kKCu7	4	1	7	6.4	M	27	ZeroCERT

14547	2021-11-04 15:27	asdfg.exe 2df827a178fcfa149a64046339868665 PWS Loki[b] Loki.m RAT Gen1 Generic Malware UPX Malicious Packer Steal credential ScreenShot Http API Socket DNS Internet API HTTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check DLL Malware download Azorult VirusTotal Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself AppData folder malicious URLs suspicious TLD Tofsee Windows ComputerName DNS Cryptographic key crashed	7 Keyword trend analysis	8	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 25 ET POLICY PE EXE or DLL Windows file download HTTP SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE AZORult v3.3 Server Response M3 ET INFO TLS Handshake Failure ET DNS Query to a *.top domain - Likely Hostile		15.8		27	ZeroCERT

14548	2021-11-04 15:27	pub33.exe cafd9451b6821b63e44bcc315c4f2456 Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution DNS		1	1		3.2		26	ZeroCERT

14549	2021-11-04 15:30	askinstall42.exe 1512b62ff17cb4687925a5f24b3afd88 AgentTesla Gen2 Trojan_PWS_Stealer BitCoin browser info stealer Credential User Data Generic Malware Google Chrome Malicious Packer Malicious Library SQLite Cookie UPX Create Service DGA Socket Steal credential DNS Internet API Code injection S Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Checks debugger WMI Creates executable files exploit crash unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW installed browsers check Tofsee Windows Exploit Browser ComputerName Remote Code Execution crashed	2 Keyword trend analysis	4	1	1	10.4	M	44	ZeroCERT

14550	2021-11-04 15:30	svchost.exe 8b1011bf4b9dc38d8aececd4ed9e11c6 RAT Generic Malware Malicious Library UPX Create Service Socket DNS Code injection KeyLogger Escalate priviledges BitCoin ScreenShot AntiDebug AntiVM PE File OS Processor Check PE32 PE64 VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Auto service Check virtual network interfaces suspicious process malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check Tofsee Windows ComputerName Remote Code Execution Firmware	2 Keyword trend analysis	7	2		16.0		43	ZeroCERT