Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
14956	2021-11-05 09:16	rundll32.exe 6af950e3c2e81254bbc9f33f84c919d7 RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	7 Keyword trend analysis Info http://www.sophiagunterman.art/fqiq/?w2J=xr2hRkHSJ+UsXowxi6McaJRxgcInZTFjwe9eYARVx2PKFNYpXRh/IJY1HCqVtWxffV7QcJh9&tXU8=YP4D1t08 - rule_id: 6606 http://www.wolmoda.com/fqiq/?w2J=S+cpy0umECTwuTE52eQvldFGZ7uWQHdiwg92XpTlC9HPK4+x2Wa76IO+IolmVoAcN8bu+dPq&tXU8=YP4D1t08 - rule_id: 6688 http://www.ipatchwork.today/fqiq/?w2J=4uUO9SnGhH7qrBLLau2QeKM25d/gV3/zp2Vn/jpTz6zTrds8IKqZgGZbt3S1nhaRXztFEuL7&tXU8=YP4D1t08 - rule_id: 6685 http://www.tablescaperendezvous4two.com/fqiq/?w2J=6JOAu55ahQuW4nGm3x3zF3lJbu5eEm2HTNrnzqBc/qIL0noTMPzpzXdnuN9xnnUaregthFw6&tXU8=YP4D1t08 - rule_id: 6747 http://www.fleetton.com/fqiq/?w2J=3MX+rG6tAMAShknpmcjGUKQb8RZ/Wti45jKeFUgZ8Sp9kre80Lf7BCc9gfZkgofTO4Lhy2g7&tXU8=YP4D1t08 - rule_id: 6774 http://www.sanlifalan.com/fqiq/?w2J=prTEVkQv/aIuaJ5tknUsCYHPcHrUQSHWro/2zNHeF4wHPtFNVSB8ZmBi9ORqDWcgPylN7lnN&tXU8=YP4D1t08 - rule_id: 6750 http://www.esyscoloradosprings.com/fqiq/?w2J=KZhYdxsCK4fJ4m+EpksKfhNe7DL7yKRLCyuZj4rSbKSeqpNQJyJA+YHOsqPeAHgrxeW9DyCb&tXU8=YP4D1t08 - rule_id: 6444	14 Info www.sanlifalan.com(104.165.34.6) www.sophiagunterman.art(35.169.40.107) www.wolmoda.com(75.2.115.196) www.ipatchwork.today(34.233.132.165) www.fleetton.com(44.227.76.166) www.esyscoloradosprings.com(108.167.135.122) - mailcious www.tablescaperendezvous4two.com(34.102.136.180) 108.167.135.122 - mailcious 34.102.136.180 - mailcious 75.2.115.196 - mailcious 104.165.34.6 - mailcious 34.233.132.165 - mailcious 44.227.65.245 - mailcious 34.225.31.148 - phishing	2	7	8.2	M		ZeroCERT

14957	2021-11-05 09:16	191.exe 0b30f73b686a32ee8091b29e8617db7e RAT Generic Malware Malicious Library UPX PE File OS Processor Check PE32 PE64 VirusTotal Malware PDB MachineGuid Check memory Checks debugger Creates executable files unpack itself DNS		1			3.2		18	ZeroCERT

14958	2021-11-05 09:16	pafile.exe 263de141831b47e8033d3f624c18506c Malicious Library UPX PE File OS Processor Check PE32 PDB unpack itself Remote Code Execution DNS		2			2.0			ZeroCERT

14959	2021-11-05 09:17	chrome.exe bd1348111aebafff0e409c1b2103be2f RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Checks debugger buffers extracted unpack itself DNS	9 Keyword trend analysis Info http://www.mattenterline.com/ahdu/?RP=BWMIfXCVwCBZ4kPUHo5ILevewL/OQPUq11vHloG6n8+6RgSroEvy/Xp4pSQfLT4KBjByDeX6&rVOp32=S0D0n6B http://www.salonjedibreakthrough.com/ahdu/?RP=kq7FuFcAnnM07lCmk5HFjfPLAwdf2YmW9WCZefAxrRxE2xhDKohSicQIhVCDHgVZ6mpRU6Tj&rVOp32=S0D0n6B http://www.precisionprobusiness.com/ahdu/?RP=TR7mZMkFYNFLxkgnK9ohRrAri9/mjktn2vstWoEWtMrwBZZAgZDTEQuG3nLTAy/4Z/9uBQ9F&rVOp32=S0D0n6B http://www.mabtas.com/ahdu/?RP=I2ctfsGYkhUvoETfTOaqD9W/QRJtBP5YQR3TmNYK36BoOSwFPkoALZffdNxAVPDMm+S6HUiy&rVOp32=S0D0n6B http://www.shooternetsports.com/ahdu/?RP=7dMJn+vZMfZlM0o8wN/8vfNoZPFz0Tyb2DrTkC9f52dNgTbGYZN/V04EFPJfRjMc5RP4clkx&rVOp32=S0D0n6B http://www.premiumfreebie.com/ahdu/?RP=pA8/92Taqqyr/edOF55l6xAJ8N5/LurgJoyXofQWcG3eiXNzuaCJ7ialiIHPylFIYOyLXdu0&rVOp32=S0D0n6B http://www.mayonnaiseplant.com/ahdu/?RP=IUU74IWbOlIA4eO5JseE4L5rq6uFi9G7mf7TrMoHqwkmTO9BdkBd3mJEymV1Jr+eNwnVFv5L&rVOp32=S0D0n6B http://www.therussellpinto.com/ahdu/?RP=FyWWkuZNBKNiw3ti3UOdVU5Hgr1DOzEzl2QkUMraXjKpQY4QiOui8EANZrLKJDbreIFeolts&rVOp32=S0D0n6B http://www.casinoregio.com/ahdu/?RP=CnnVC659JCBf/s+HnkrNeP0VlW04JgwUHaldWS/O0ckAV/cNE2or+o5qMc/P6iXBavojXLsd&rVOp32=S0D0n6B	25 Info www.premiumfreebie.com(104.16.12.194) www.maanyah.com() www.casinoregio.com(34.98.99.30) www.salonjedibreakthrough.com(104.16.14.194) www.mabtas.com(172.67.186.67) www.jkpfukgmt.icu() www.mayonnaiseplant.com(34.102.136.180) www.konversiondigital.com() www.precisionprobusiness.com(34.102.136.180) www.therussellpinto.com(194.59.164.147) www.shooternetsports.com(34.102.136.180) www.mattenterline.com(34.102.136.180) 172.67.145.75 172.67.128.223 172.67.134.37 172.67.148.61 194.59.164.147 104.16.12.194 - mailcious 34.102.136.180 - mailcious 104.16.15.194 - mailcious 162.159.135.233 - malware 34.117.59.81 104.21.66.169 - malware 34.98.99.30 - phishing 172.67.186.67	2		11.2		23	ZeroCERT

14960	2021-11-05 09:19	sdd.dll 9cfd97227c5095d2efd4dd86688e04b0 Gen2 Gen1 Generic Malware Malicious Library UPX PE File OS Processor Check PE32 DLL PDB buffers extracted unpack itself Windows DNS Cryptographic key		1			2.2			ZeroCERT

14961	2021-11-05 09:21	187.exe 72f4779d8e2878b5aefb4fca91c7c5b0 RAT Generic Malware UPX AntiDebug AntiVM PE File PE32 .NET EXE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Check virtual network interfaces anti-virtualization Tofsee Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	5	1		8.4			ZeroCERT

14962	2021-11-05 09:23	ConsoleApp16.exe 519c77369218476103250e9d89e0db48 AgentTesla browser info stealer Generic Malware Google Chrome User Data Create Service Socket Code injection Sniff Audio KeyLogger Escalate priviledges Downloader AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key crashed keylogger		2			11.4		23	ZeroCERT

14963	2021-11-05 09:23	kak.exe 3b25bb47c77da6404c1b75133ccf2b1f RAT Gen1 Gen2 Lazarus Family Emotet Trojan_PWS_Stealer Generic Malware Themida Packer UltraVNC Credential User Data Malicious Library UPX Malicious Packer ASPack Admin Tool (Sysinternals etc ...) Anti_VM Antivirus SQLite Cookie AntiDebug Ant Browser Info Stealer Malware download VirusTotal Malware AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios Detects VMWare Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk suspicious TLD sandbox evasion VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key crashed	69 Keyword trend analysis Info http://htagzdownload.pw/SaveData/SaveData.php?ezzabour=%7B%22NameOffer%22:%22BumperWw%22,%22ip%22:%22%22,%22country%22:%22KR%22,%22DateTime%22:%222021-11-05%2012:47%22,%22Device%22:%22TEST22-PC%22,%22PCName%22:%22test22%22,%22postcheck%22:%22False%22,%22tag%22:%22kenpachi2_lylaShare1_folderlyla1_foldershare_goodchannel_registry_goodchannel_installrox2_BumperWw%22,%22Os%22:%22WIN7%22,%22Browser%22:%22Internet%20explorer%22%7D http://www.hzradiant.com/askinstall42.exe - rule_id: 7569 http://www.hzradiant.com/askinstall42.exe http://eguntong.com/pub33.exe - rule_id: 7568 http://eguntong.com/pub33.exe http://dataonestorage.com/search_hyperfs_204.exe http://fouratlinks.com/Widgets/FolderShare.exe http://45.9.20.156/pub.php?pub=five http://fouratlinks.com/installpartners/ShareFolder.exe http://file.ekkggr3.com/lqosko/p18j/cust51.exe http://staticimg.youtuuee.com/api/fbtime - rule_id: 6464 http://212.192.241.15/service/communication.php http://45.133.1.182/proxies.txt - rule_id: 6139 http://fouratlinks.com/stockmerchandise/serious_punch_upd/HttpTwcyK3R6gQj7t7EY.exe http://186.2.171.3/seemorebty/il.php?e=jg1_1faf - rule_id: 4715 http://www.hzradiant.com/askhelp42/askinstall42.exe http://staticimg.youtuuee.com/api/?sid=578995&key=b4a44f7ae92b9b3dfe2bcb545627cb4d - rule_id: 5258 http://cloutingservicedb.su/campaign2/autosubplayer.exe http://212.192.241.15/base/api/statistics.php http://45.133.1.107/server.txt - rule_id: 7522 http://45.133.1.107/server.txt http://www.mrwenshen.com/askhelp59/askinstall59.exe http://fouratlinks.com/stockmerchandise/zillaCPM/r4XZt5MYHpEdcdmzqr2D.exe http://requestimedout.com/xenocrates/zoroaster http://www.mrwenshen.com/askinstall59.exe http://ip-api.com/json/ http://apps.identrust.com/roots/dstrootcax3.p7c http://privacytoolzfor-you6000.top/downloads/toolspab2.exe http://fouratlinks.com/stockmerchandise/total_out_hand/v8hBqWuKscbjZRqNatPw.exe http://212.192.241.15/base/api/getData.php http://www.google.com/ https://connectini.net/ip/check.php?duplicate=kenpachi2_registry_goodchannel_installrox2_BumperWw https://cdn.discordapp.com/attachments/891006172130345095/905726762028240896/4chee.bmp https://cdn.discordapp.com/attachments/891006172130345095/905797756076048394/IZI.bmp https://connectini.net/ip/check.php?duplicate=kenpachi2_non-search_goodchannel_lyloutta_Traffic https://dumancue.com/dd7c8e90c804f83b712eb175eb0daaef.exe https://cdn.discordapp.com/attachments/891006172130345095/905726625025511474/sloader0401.bmp https://d.gogamed.com/userhome/25/any.exe https://source3.boys4dayz.com/installer.exe https://ipinfo.io/widget https://iplogger.org/1Xxky7 https://www.listincode.com/ - rule_id: 2327 https://cdn.discordapp.com/attachments/893177342426509335/905791554113912932/uglinesses.jpg https://cdn.discordapp.com/attachments/891006172130345095/905757933961359380/wetsetup0401.bmp https://cdn.discordapp.com/attachments/891006172130345095/905917017234735184/Topov0402.bmp https://connectini.net/Series/kenpachi/2/goodchannel/KR.json - rule_id: 1972 https://connectini.net/ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_piyyyyWW https://cdn.discordapp.com/attachments/905701898806493199/905826613411864596/BumperWW.exe https://cdn.discordapp.com/attachments/891006172130345095/905857242451046431/CKBReFn.bmp https://iplogger.org/13LYu7 https://iplogger.org/1GWfv7 https://cdn.discordapp.com/attachments/891021838312931420/902505896159113296/PL_Client.bmp - rule_id: 7575 https://cdn.discordapp.com/attachments/891021838312931420/902505896159113296/PL_Client.bmp https://connectini.net/Series/SuperNitouDisc.php https://cdn.discordapp.com/attachments/896617596772839426/897483264074350653/Service.bmp https://cdn.discordapp.com/attachments/891006172130345095/905799227140083712/real0402.bmp https://connectini.net/S2S/Disc/Disc.php?ezok=folderlyla1&tesla=7 https://connectini.net/Series/configPoduct/2/goodchannel.json - rule_id: 1973 https://cdn.discordapp.com/attachments/905701898806493199/905894437480181790/Setup12.exe https://iplogger.org/12AVi7 https://litidack.com/af016c52b60489b5da52d037a2d6dd6b/dd7c8e90c804f83b712eb175eb0daaef.exe https://connectini.net/ip/check.php?duplicate=kenpachi2_registry_goodchannel_adxpertmedia_advancedmanager https://connectini.net/Series/Conumer4Publisher.php - rule_id: 1976 https://cdn.discordapp.com/attachments/891006172130345095/905750415910514738/5780_0401.bmp https://f.gogamef.com/userhome/25/1bec5879a5da641fb388046719b3c83e.exe https://cdn.discordapp.com/attachments/891006172130345095/905919347988508692/Passat0402.bmp https://connectini.net/Series/Conumer2kenpachi.php - rule_id: 1974 https://cdn.discordapp.com/attachments/891006172130345095/905393686618193921/help0301.bmp - rule_id: 7572 https://cdn.discordapp.com/attachments/891006172130345095/905393686618193921/help0301.bmp	78 Info fouratlinks.com(199.192.17.247) source3.boys4dayz.com(104.21.33.188) ipinfo.io(34.117.59.81) tambisup.com(91.206.15.183) - mailcious ip-api.com(208.95.112.1) apps.identrust.com(23.216.159.81) requestimedout.com(162.255.117.78) eguntong.com(194.87.185.127) www.hzradiant.com(194.163.158.120) t.gogamec.com(104.21.85.99) file.ekkggr3.com(172.67.162.110) - malware iplogger.org(88.99.66.31) - mailcious twitter.com(104.244.42.65) privacytoolzfor-you6000.top(5.8.76.207) cdn.discordapp.com(162.159.134.233) - malware telegram.org(149.154.167.99) www.mrwenshen.com(103.155.92.29) dumancue.com(172.67.134.37) el5en1977834657.s3.ap-south-1.amazonaws.com(52.219.158.22) www.listincode.com(149.28.253.196) - mailcious d.gogamed.com(104.21.59.236) yandex.ru(77.88.55.50) www.google.com(172.217.175.228) google.com(172.217.161.78) f.gogamef.com(172.67.136.94) htagzdownload.pw(35.205.61.67) connectini.net(162.0.210.44) - mailcious www.profitabletrustednetwork.com(192.243.59.12) - mailcious dataonestorage.com(45.142.182.152) - malware litidack.com(104.21.2.71) cloutingservicedb.su(104.21.39.127) staticimg.youtuuee.com(45.136.151.102) - mailcious 5.8.76.207 172.67.145.75 208.95.112.1 186.2.171.3 - mailcious 2.56.59.42 - mailcious 103.155.92.29 - malware 96.16.99.73 91.206.15.183 - mailcious 162.159.135.233 - malware 45.9.20.156 77.88.55.66 162.255.117.78 52.219.156.18 142.250.207.78 172.67.128.223 45.142.182.152 88.99.66.31 - mailcious 212.192.241.15 162.0.210.44 - mailcious 45.133.1.107 - malware 142.250.204.68 104.21.72.228 194.87.185.127 34.117.59.81 104.244.42.65 - suspicious 45.133.1.182 - malware 95.217.123.66 172.67.134.37 35.205.61.67 - mailcious 23.216.159.81 52.219.66.30 - malware 193.56.146.36 - malware 172.67.148.61 149.154.167.99 212.193.30.113 104.21.66.169 - malware 45.136.151.102 - mailcious 94.26.249.132 192.243.59.12 194.163.158.120 - malware 149.28.253.196 104.244.42.193 - suspicious 199.192.17.247 172.67.204.112 77.88.55.50 104.21.59.236	22 Info ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA Applayer Mismatch protocol both directions ET DNS Query to a .pw domain - Likely Hostile ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin ET INFO EXE - Served Attached HTTP ET INFO Packed Executable Download ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related ET INFO Executable Download from dotted-quad Host ET POLICY External IP Lookup ip-api.com ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET INFO HTTP Request to a .top domain ET DNS Query to a .top domain - Likely Hostile ET HUNTING Possible EXE Download From Suspicious TLD ET INFO TLS Handshake Failure ET INFO HTTP Request to a .pw domain ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin M2		25.2	M	45	ZeroCERT

14964	2021-11-05 09:23	Cube_WW14.bmp 7c53b803484c308fa9e64a81afba9608 RAT Gen1 Generic Malware Malicious Packer Malicious Library UPX ASPack PE File OS Processor Check PE32 .NET EXE PE64 DLL Browser Info Stealer Malware download VirusTotal Malware AutoRuns MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Disables Windows Security Check virtual network interfaces AppData folder AntiVM_Disk suspicious TLD sandbox evasion IP Check VM Disk Size Check Tofsee Windows Browser ComputerName Remote Code Execution DNS crashed	32 Keyword trend analysis Info http://www.hzradiant.com/askhelp42/askinstall42.exe http://212.192.241.15/base/api/statistics.php http://staticimg.youtuuee.com/api/?sid=600653&key=bfe10d3bf124f043738c20f287bfc0c2 - rule_id: 5258 http://www.hzradiant.com/askinstall42.exe - rule_id: 7569 http://www.hzradiant.com/askinstall42.exe http://ip-api.com/json/ http://dataonestorage.com/search_hyperfs_209.exe - rule_id: 7576 http://dataonestorage.com/search_hyperfs_209.exe http://fouratlinks.com/stockmerchandise/zillaCPM/r4XZt5MYHpEdcdmzqr2D.exe http://fouratlinks.com/stockmerchandise/serious_punch_upd/HttpTwcyK3R6gQj7t7EY.exe http://fouratlinks.com/installpartners/ShareFolder.exe http://eguntong.com/pub33.exe - rule_id: 7568 http://eguntong.com/pub33.exe http://staticimg.youtuuee.com/api/fbtime - rule_id: 6464 http://apps.identrust.com/roots/dstrootcax3.p7c http://45.133.1.107/server.txt - rule_id: 7522 http://45.133.1.107/server.txt http://requestimedout.com/xenocrates/zoroaster http://fouratlinks.com/Widgets/FolderShare.exe http://fouratlinks.com/stockmerchandise/total_out_hand/v8hBqWuKscbjZRqNatPw.exe http://212.192.241.15/base/api/getData.php https://connectini.net/Series/SuperNitouDisc.php https://d.gogamed.com/userhome/22/any.exe - rule_id: 7571 https://d.gogamed.com/userhome/22/any.exe https://el5en1977834657.s3.ap-south-1.amazonaws.com/kak.exe - rule_id: 7573 https://el5en1977834657.s3.ap-south-1.amazonaws.com/kak.exe https://connectini.net/S2S/Disc/Disc.php?ezok=folderlyla1&tesla=7 https://cdn.discordapp.com/attachments/891006172130345095/905393686618193921/help0301.bmp - rule_id: 7572 https://cdn.discordapp.com/attachments/891006172130345095/905393686618193921/help0301.bmp https://ipinfo.io/widget https://cdn.discordapp.com/attachments/891021838312931420/902505896159113296/PL_Client.bmp - rule_id: 7575 https://cdn.discordapp.com/attachments/891021838312931420/902505896159113296/PL_Client.bmp	39 Info requestimedout.com(162.255.117.78) d.gogamed.com(104.21.59.236) imgs.googlwaa.com(45.136.113.13) - malware fouratlinks.com(199.192.17.247) t.gogamec.com(172.67.204.112) apps.identrust.com(23.216.159.9) iplis.ru(88.99.66.31) - mailcious ip-api.com(208.95.112.1) eguntong.com(194.87.185.127) f.gogamef.com(104.21.72.228) iplogger.org(88.99.66.31) - mailcious connectini.net(162.0.210.44) - mailcious ipinfo.io(34.117.59.81) dataonestorage.com(45.142.182.152) - malware cdn.discordapp.com(162.159.134.233) - malware www.hzradiant.com(194.163.158.120) el5en1977834657.s3.ap-south-1.amazonaws.com(52.219.66.51) staticimg.youtuuee.com(45.136.151.102) - mailcious 182.162.106.42 - mailcious 172.67.136.94 52.219.158.38 162.255.117.78 45.142.182.152 88.99.66.31 - mailcious 162.0.210.44 - mailcious 45.133.1.107 - malware 212.192.241.15 194.87.185.127 34.117.59.81 104.21.85.99 162.159.130.233 - malware 208.95.112.1 45.136.151.102 - mailcious 194.163.158.120 - malware 45.136.113.13 - malware 199.192.17.247 172.67.204.112 172.67.185.110 23.76.153.107	10 Info SURICATA Applayer Mismatch protocol both directions SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure ET POLICY External IP Lookup ip-api.com ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	10 Info http://staticimg.youtuuee.com/api/ http://www.hzradiant.com/askinstall42.exe http://dataonestorage.com/search_hyperfs_209.exe http://eguntong.com/pub33.exe http://staticimg.youtuuee.com/api/fbtime http://45.133.1.107/server.txt https://d.gogamed.com/userhome/22/any.exe https://el5en1977834657.s3.ap-south-1.amazonaws.com/kak.exe https://cdn.discordapp.com/attachments/891006172130345095/905393686618193921/help0301.bmp https://cdn.discordapp.com/attachments/891021838312931420/902505896159113296/PL_Client.bmp	14.8	M	49	ZeroCERT

14965	2021-11-05 09:24	1323_1635962037_1167.exe 036f4601b88c52668d279cf3fcce2a97 RAT PWS .NET framework Generic Malware Antivirus AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut ICMP traffic unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key crashed	2 Keyword trend analysis Info https://bitbucket.org/chege3/softwarellc/downloads/mell.bin https://bbuseruploads.s3.amazonaws.com/106c20d9-164b-4dd4-b490-03c87b0b7644/downloads/291e829a-706c-448b-8691-84b28b6ee892/mell.bin?Signature=obF3uGNzicfLJDvOFCqioVS3WXE%3D&Expires=1636073254&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=M4AHPxUlgmoZgxVCyagleDv_UaGESwPf&response-content-disposition=attachment%3B%20filename%3D%22mell.bin%22	11	1		14.0		33	ZeroCERT

14966	2021-11-05 09:25	2939_1635967838_5945.exe b3d831056b7b55304a06d7e0bfafbd44 Gen1 RAT Gen2 [m] Generic Malware Themida Packer Generic Malware task schedule Anti_VM Malicious Library UPX Malicious Packer ASPack Steal credential ScreenShot Http API AntiDebug AntiVM PE File PE32 DLL OS Processor Check JPEG Format PE64 Malware download Raccoon VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency RecordBreaker Buffer PE MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare AppData folder AntiVM_Disk suspicious TLD WriteConsoleW VMware anti-virtualization VM Disk Size Check installed browsers check Stealer Windows Browser Email ComputerName Firmware DNS crashed	9 Keyword trend analysis Info http://62.109.25.138/swhoct.exe http://91.219.236.97/ - rule_id: 7282 http://91.219.236.97/ http://91.219.236.97//l/f/nqB27XwB3dP17SpzZSzr/8208c133edf91a84b6f782f4ed0f8693b342c36c - rule_id: 7282 http://91.219.236.97//l/f/nqB27XwB3dP17SpzZSzr/8208c133edf91a84b6f782f4ed0f8693b342c36c http://teleliver.top/martinschpokers http://91.219.236.97//l/f/nqB27XwB3dP17SpzZSzr/88336169675bfeefbb16af1a9d74950c5ebfa987 - rule_id: 7282 http://91.219.236.97//l/f/nqB27XwB3dP17SpzZSzr/88336169675bfeefbb16af1a9d74950c5ebfa987 http://62.109.25.138/serwices.exe	4	9 Info ET DNS Query to a .top domain - Likely Hostile ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download) ET INFO HTTP Request to a .top domain ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download	3	18.0		37	ZeroCERT

14967	2021-11-05 09:25	1302_1635887431_6241.exe a7194594cf6c6e4c5b683243caa5ca29 RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		2			9.6		42	ZeroCERT

14968	2021-11-05 09:25	sefile3.exe 243cfd8dcfcd15e22adaee76d4852471 Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					2.6		51	ZeroCERT

14969	2021-11-05 09:27	socks.exe 177f3023ad736fa45c52b45259175e70 SystemBC Malicious Packer Malicious Library PE File PE32 VirusTotal Malware AutoRuns unpack itself AntiVM_Disk VM Disk Size Check Windows DNS		2			3.6		48	ZeroCERT

14970	2021-11-05 09:30	bypass.txt.ps1 398676189544dc8480ecb361490f2c1d Generic Malware Antivirus VirusTotal Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	1		5.4		14	ZeroCERT