Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1	2021-07-09 10:07	rdpa.exe 08a384b9655fb403506ef9a621d2fa01 RAT NPKI Generic Malware Antivirus PE64 PE File VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process Windows ComputerName DNS Cryptographic key		1			7.8		15	ZeroCERT

2	2021-09-13 08:58	c.bin df81ed87368141a4e55a550efba25460 Emotet Malicious Library PE File PE32 Checks debugger unpack itself Windows utilities WriteConsoleW Windows ComputerName crashed					2.6			ZeroCERT

3	2021-09-22 10:00	EXCEL.exe 49af0abba03a7d559171f378728e9bc7 RAT Generic Malware Antivirus AntiDebug AntiVM PE File .NET EXE PE32 MSOffice File VirusTotal Malware powershell Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut RWX flags setting exploit crash unpack itself Disables Windows Security Check virtual network interfaces suspicious process Tofsee Windows Exploit ComputerName Cryptographic key crashed	1 Keyword trend analysis	2	1		15.0		10	ZeroCERT

4	2021-09-29 08:22	s.exe c04496520501bc6a3b3f0b7f5f875a32 Themida Packer PE File .NET EXE PE32 VirusTotal Malware unpack itself Checks Bios Detects VMWare VMware anti-virtualization Windows Firmware crashed					4.8	M	50	ZeroCERT

5	2021-10-16 13:24	chrome.exe a6654b9757e5cecbd124a6d157c11ec0 RAT PWS .NET framework Generic Malware PE File PE32 .NET EXE VirusTotal Malware Checks debugger buffers extracted unpack itself Tofsee	1 Keyword trend analysis	4	1		2.2	M	22	ZeroCERT

6	2022-01-19 17:33	21.exe 4eb288f840ede91ac74ae91b7f82cbac Emotet NPKI Generic Malware Malicious Library UPX Antivirus PE64 PE File OS Processor Check VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process Windows ComputerName Cryptographic key					4.4		10	ZeroCERT

7	2022-03-10 15:36	5750_1646760319_7309.exe 3a8d94e7ee36a9809d139a65d86d3460 RAT PWS .NET framework PE File .NET EXE PE32 VirusTotal Malware Report AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	3	2		9.2	M	39	ZeroCERT

8	2022-04-11 10:41	pmlatest.exe 0437a74c3d5416fd68f295db5ab44a4f RAT PE32 .NET EXE PE File VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces DNS	1 Keyword trend analysis	1			4.0	M	40	ZeroCERT

9	2022-07-02 16:01	gustoish.exe 347e62667ee04fd124c8ec03739e14f3 Emotet Malicious Library UPX PE32 PE File DLL BMP Format PNG Format VirusTotal Malware Check memory Creates executable files unpack itself AppData folder					2.6		34	JYC

10	2022-07-06 07:41	tr.txt d1b1a4a6484426147fcf00b54ef4a6b6 Emotet Gen1 RAT PWS .NET framework Malicious Library PE File PE64 PE32 .NET EXE VirusTotal Malware AutoRuns PDB Check memory Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName					3.6		9	ZeroCERT

11	2022-09-03 13:54	PushService.exe af926261dd83ff3e4ffe59c1270a26b0 PWS[m] Emotet RAT PWS .NET framework NPKI Generic Malware Downloader task schedule UPX Malicious Library Antivirus Malicious Packer Create Service DGA Socket ScreenShot DNS Internet API Code injection Sniff Audio HTTP Steal credential KeyLogger P2P E VirusTotal Malware powershell Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Windows ComputerName Remote Code Execution Cryptographic key	7 Keyword trend analysis Info https://github.com/S1lentHash/file_to_dwnld/raw/main/WinRing0x64.sys https://raw.githubusercontent.com/S1lentHash/newwatch/main/NewNewWatch.exe - rule_id: 21518 https://pastebin.com/raw/ib0pnQss - rule_id: 22416 https://github.com/S1lentHash/newwatch/raw/main/NewNewWatch.exe - rule_id: 21519 https://github.com/S1lentHash/xmrig/raw/main/xmrig.exe - rule_id: 21520 https://raw.githubusercontent.com/S1lentHash/file_to_dwnld/main/WinRing0x64.sys https://raw.githubusercontent.com/S1lentHash/xmrig/main/xmrig.exe - rule_id: 21521	6	1	5 Info https://raw.githubusercontent.com/S1lentHash/newwatch/main/NewNewWatch.exe https://pastebin.com/raw/ib0pnQss https://github.com/S1lentHash/newwatch/raw/main/NewNewWatch.exe https://github.com/S1lentHash/xmrig/raw/main/xmrig.exe https://raw.githubusercontent.com/S1lentHash/xmrig/main/xmrig.exe	12.8	M	14	ZeroCERT

12	2022-11-03 10:14	vbc.exe 2584c82f01d79e34c4eb4a44d58029aa AgentTesla PWS[m] Emotet RAT browser info stealer Generic Malware Google Chrome User Data Downloader Antivirus Create Service Socket DNS Internet API Sniff Audio KeyLogger Escalate priviledges AntiDebug AntiVM PE32 .NET EXE PE File Remcos VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key keylogger	1 Keyword trend analysis	3	1		13.0	M	41	ZeroCERT

13	2022-11-09 09:47	vbc.exe 7a5019bfbddc908dd05ce3293cd616d0 AgentTesla PWS[m] RAT browser info stealer Generic Malware Google Chrome User Data Downloader Antivirus Create Service Socket DNS Internet API Sniff Audio KeyLogger Escalate priviledges AntiDebug AntiVM PE32 .NET EXE PE File Remcos VirusTotal Malware powershell Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key keylogger	1 Keyword trend analysis	3	1		12.6	M	25	ZeroCERT

14	2022-11-19 09:43	vbc.exe a5d90c7d3e393ee48132480fca1532cf AgentTesla PWS[m] RAT browser info stealer Generic Malware Google Chrome User Data Downloader Antivirus Create Service Socket DNS Internet API Sniff Audio KeyLogger Escalate priviledges AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process Windows ComputerName DNS Cryptographic key keylogger		1			13.2		27	ZeroCERT

15	2023-01-26 10:50	Installer1.exe e43bd6491d398710f23436f2cd3bd073 Emotet UPX PE File PE64 VirusTotal Malware Checks debugger Detects VMWare VMware Windows ComputerName crashed					3.2	M	21	ZeroCERT