Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
14731	2023-03-09 17:42	LEMMIN.exe 38aad33a1f0f90c4294abab2a85221eb Malicious Library PE File PE64 VirusTotal Cryptocurrency Miner Malware Cryptocurrency DNS		2	1		1.4	M	31	ZeroCERT

14732	2023-03-09 17:41	bcd4b93a1a85c5ba45a4f7e5980db1... d5e7b6fe3bb68f1da7ec111231292f02 Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files AppData folder Tofsee ComputerName crashed	3 Keyword trend analysis	2	1	1	5.2	M	43	ZeroCERT

14733	2023-03-09 17:41	dd_64.exe 9029a43c6034a4f0b3408fd38936beb9 UPX Malicious Library OS Processor Check PE File PE64 VirusTotal Email Client Info Stealer Malware MachineGuid Malicious Traffic installed browsers check Tofsee Browser Advertising Email ComputerName DNS crashed	2 Keyword trend analysis	5	3		4.6	M	23	ZeroCERT

14734	2023-03-09 17:38	bcd4b93a1a85c5ba45a4f7e5980db1... e7f609df5c0fcdc581a69ed69aa3c4a1 Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files AppData folder Tofsee ComputerName crashed	3 Keyword trend analysis	2	1	1	5.2	M	42	ZeroCERT

14735	2023-03-09 17:38	vbc.exe 17764f0a8189a2f85bdbac3e1e820fb4 PWS .NET framework KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer VirusTotal Email Client Info Stealer Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName crashed	1 Keyword trend analysis	2	1		10.4	M	33	ZeroCERT

14736	2023-03-09 17:36	bcd4b93a1a85c5ba45a4f7e5980db1... 24527c1cb60027d91ddc051990ba55ca Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files unpack itself AppData folder Tofsee ComputerName crashed	3 Keyword trend analysis	2	1	1	4.8	M	36	ZeroCERT

14737	2023-03-09 17:36	bcd4b93a1a85c5ba45a4f7e5980db1... b5e1e946ebad560b876703e9675ca326 Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files AppData folder Tofsee ComputerName crashed	3 Keyword trend analysis	2	1	2	5.2	M	43	ZeroCERT

14738	2023-03-09 17:34	bcd4b93a1a85c5ba45a4f7e5980db1... bf48a5cd9169a5826521a8a33b21adee Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files AppData folder Tofsee ComputerName crashed	3 Keyword trend analysis	2	1	1	5.2	M	42	ZeroCERT

14739	2023-03-09 17:33	CL.exe ed2a38021d3dcadca60d08163d1c7a31 RAT NPKI UPX OS Processor Check .NET EXE PE32 PE File VirusTotal Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Ransomware Windows ComputerName					9.0	M	37	ZeroCERT

14740	2023-03-09 17:12	i3YFqH6uMO3o8pg2Cbx.zip 5a72267343811d8fe7d72c1f96bac927 VirusTotal Malware Report ICMP traffic DNS		11	5		3.4	M	6	ZeroCERT

14741	2023-03-09 15:38	8f803ff90bee714e5d243cc3b3ad70... 1e16074ff6afe068fd5f852ff66eb188 Gen1 UPX Malicious Packer PE File PE64 Remote Code Execution					0.2			ZeroCERT

14742	2023-03-09 15:38	c95d3e98bd8a782a492370ad69bf82... e95942eabc6c7e41201180d1a2219673 Gen1 UPX Malicious Packer PE32 PE File Remote Code Execution					0.2			ZeroCERT

14743	2023-03-09 15:38	7f55dece1d491b5fd45817b01b4266... d649e0919963e72952b7337c45d34d55 Gen1 UPX Malicious Packer PE32 PE File Check memory Remote Code Execution					0.4			ZeroCERT

14744	2023-03-09 14:47	Fix.exe d543b38b01f033815b048cd17cd658dd UPX Malicious Library Admin Tool (Sysinternals etc ...) AntiDebug AntiVM OS Processor Check PE File PE64 JPEG Format MSOffice File VirusTotal Malware PDB Code Injection Check memory buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows Exploit Remote Code Execution DNS crashed	44 Keyword trend analysis Info https://fonts.googleapis.com/css2?family=Oswald&display=swap https://i.imgur.com/Dk4kbVR.jpg https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlvAA.woff https://i.imgur.com/nsHW2sD.jpg https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.6/clipboard.min.js https://i.imgur.com/nZtfyNw.jpg https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/dXk5exdOVhk.js?_nc_x=Ij3Wp8lg5Kz https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1MmgWxM.woff https://i.imgur.com/scAAvrJ.jpg https://2.bp.blogspot.com/-6FlMntiv-QM/XHqS-LCeUaI/AAAAAAAAD4M/Ytwi80ug7NMakyJvZKNdhj54iZFjanCMgCLcBGAs/s1600/header-01.jpg https://static.xx.fbcdn.net/rsrc.php/v3/yW/l/0,cross/sbAUsFSFkMm.css?_nc_x=Ij3Wp8lg5Kz https://use.fontawesome.com/releases/v6.1.1/css/all.css https://www.jaiefra.com/ https://static.xx.fbcdn.net/rsrc.php/v3/ye/r/Dkx2xQN1fRV.js?_nc_x=Ij3Wp8lg5Kz https://i.imgur.com/6kRvFKg.jpg https://www.jaiefra.com/favicon.ico https://connect.facebook.net/es_LA/sdk/xfbml.customerchat.js https://unpkg.com/feather-icons@4.29.0/dist/feather.min.js https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css https://static.xx.fbcdn.net/rsrc.php/v3/yo/r/J6ifX-SKuSy.js?_nc_x=Ij3Wp8lg5Kz https://scontent-ssn1-1.xx.fbcdn.net/v/t39.30808-1/309787944_467309492095485_6740795535777712297_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=109&ccb=1-7&_nc_sid=dbb9e7&_nc_ohc=hcNmGrJIxpQAX_WRHMe&_nc_ht=scontent-ssn1-1.xx&edm=ADwHzz8EAAAA&oh=00_AfDP3q8bQdDV7qvBOI7BIV_ACuLIJjOnGQp06pc45clwXg&oe=640D9E97 https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5vAA.woff https://static.xx.fbcdn.net/rsrc.php/v3/y5/r/VnkLYxrrsQ6.js?_nc_x=Ij3Wp8lg5Kz https://i.imgur.com/6MYEl1l.jpg https://cdn.jsdelivr.net/gh/zkreations/whale@1.5.5/dist/js/whale.min.js https://use.fontawesome.com/releases/v5.15.4/css/all.css https://www.facebook.com/plugins/page.php?adapt_container_width=true&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df34fdb5418190dc%26domain%3Dwww.jaiefra.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.jaiefra.com%252Ff209ab796ac5354%26relation%3Dparent.parent&container_width=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fjaiefra&locale=es_LA&sdk=joey&show_facepile=false&small_header=false&tabs=&width= https://static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/zzibYZcrR6-.css?_nc_x=Ij3Wp8lg5Kz https://i.imgur.com/HFGWqH9.jpg https://static.xx.fbcdn.net/rsrc.php/v3iWO94/yu/l/es_LA/w3cpxApqWUX.js?_nc_x=Ij3Wp8lg5Kz https://unpkg.com/feather-icons@4.29.0 https://unpkg.com/feather-icons https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9vAA.woff https://fonts.gstatic.com/s/oswald/v49/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvgUI.woff https://i.imgur.com/lSf6ELo.jpg https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtvAA.woff https://cdn.jsdelivr.net/gh/danieIabel/rellax@1.8.0/rellax.min.js https://i.imgur.com/2y3RhsW.jpg https://scontent-ssn1-1.xx.fbcdn.net/v/t39.30808-6/274807150_3110650415868810_6155898568556935251_n.jpg?stp=dst-jpg_p130x130&_nc_cat=104&ccb=1-7&_nc_sid=dd9801&_nc_ohc=YwkpRMD6IQgAX82-_QL&_nc_ht=scontent-ssn1-1.xx&edm=ADwHzz8EAAAA&oh=00_AfCuu1QHp9xS8ATdxkZBk-yOJPB2063OvUNcaglCMdsmCg&oe=640F4ACA https://www.blogger.com/static/v1/widgets/229057146-widgets.js https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Me5g.woff https://static.xx.fbcdn.net/rsrc.php/v3/yH/r/P8FoGCIGp4L.js?_nc_x=Ij3Wp8lg5Kz https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap	26 Info static.xx.fbcdn.net(157.240.215.14) www.facebook.com(157.240.215.35) 2.bp.blogspot.com(172.217.25.161) fonts.googleapis.com(142.250.207.106) unpkg.com(104.16.123.175) scontent-ssn1-1.xx.fbcdn.net(157.240.215.14) cdn.jsdelivr.net(104.16.86.20) - malware i.imgur.com(151.101.40.193) - mailcious use.fontawesome.com(172.64.132.15) connect.facebook.net(157.240.215.14) fonts.gstatic.com(142.250.207.99) cdnjs.cloudflare.com(104.17.25.14) - mailcious www.jaiefra.com(142.250.76.147) www.blogger.com(142.250.206.233) 104.17.25.14 - 157.240.215.14 - 142.250.206.233 - 104.16.86.20 - 172.217.25.161 - mailcious 142.250.207.99 172.64.133.15 - 151.101.24.193 - mailcious 104.16.124.175 157.240.215.35 142.250.76.147 - mailcious 142.250.207.106 - malware	1		6.4		2	guest

14745	2023-03-09 13:57	INVOICE 589 03_23.doc b59808aba76dd0095aa06133382de9ed Generic Malware VBA_macro Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection PWS[m] Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Report unpack itself suspicious process malicious URLs sandbox evasion Tofsee ComputerName DNS	1 Keyword trend analysis	11	6 Info ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET CNC Feodo Tracker Reported CnC Server group 8 ET CNC Feodo Tracker Reported CnC Server group 5 ET CNC Feodo Tracker Reported CnC Server group 7 ET CNC Feodo Tracker Reported CnC Server group 1		4.8		27	ZeroCERT