Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
16	2022-09-03 13:54	PushService.exe af926261dd83ff3e4ffe59c1270a26b0 PWS[m] Emotet RAT PWS .NET framework NPKI Generic Malware Downloader task schedule UPX Malicious Library Antivirus Malicious Packer Create Service DGA Socket ScreenShot DNS Internet API Code injection Sniff Audio HTTP Steal credential KeyLogger P2P E VirusTotal Malware powershell Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Windows ComputerName Remote Code Execution Cryptographic key	7 Keyword trend analysis Info https://github.com/S1lentHash/file_to_dwnld/raw/main/WinRing0x64.sys https://raw.githubusercontent.com/S1lentHash/newwatch/main/NewNewWatch.exe - rule_id: 21518 https://pastebin.com/raw/ib0pnQss - rule_id: 22416 https://github.com/S1lentHash/newwatch/raw/main/NewNewWatch.exe - rule_id: 21519 https://github.com/S1lentHash/xmrig/raw/main/xmrig.exe - rule_id: 21520 https://raw.githubusercontent.com/S1lentHash/file_to_dwnld/main/WinRing0x64.sys https://raw.githubusercontent.com/S1lentHash/xmrig/main/xmrig.exe - rule_id: 21521	6	1	5 Info https://raw.githubusercontent.com/S1lentHash/newwatch/main/NewNewWatch.exe https://pastebin.com/raw/ib0pnQss https://github.com/S1lentHash/newwatch/raw/main/NewNewWatch.exe https://github.com/S1lentHash/xmrig/raw/main/xmrig.exe https://raw.githubusercontent.com/S1lentHash/xmrig/main/xmrig.exe	12.8	M	14	ZeroCERT

17	2022-07-06 07:41	tr.txt d1b1a4a6484426147fcf00b54ef4a6b6 Emotet Gen1 RAT PWS .NET framework Malicious Library PE File PE64 PE32 .NET EXE VirusTotal Malware AutoRuns PDB Check memory Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName					3.6		9	ZeroCERT

18	2022-07-02 16:01	gustoish.exe 347e62667ee04fd124c8ec03739e14f3 Emotet Malicious Library UPX PE32 PE File DLL BMP Format PNG Format VirusTotal Malware Check memory Creates executable files unpack itself AppData folder					2.6		34	JYC

19	2022-04-11 10:41	pmlatest.exe 0437a74c3d5416fd68f295db5ab44a4f RAT PE32 .NET EXE PE File VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces DNS	1 Keyword trend analysis	1			4.0	M	40	ZeroCERT

20	2022-03-10 15:36	5750_1646760319_7309.exe 3a8d94e7ee36a9809d139a65d86d3460 RAT PWS .NET framework PE File .NET EXE PE32 VirusTotal Malware Report AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	3	2		9.2	M	39	ZeroCERT

21	2022-01-19 17:33	21.exe 4eb288f840ede91ac74ae91b7f82cbac Emotet NPKI Generic Malware Malicious Library UPX Antivirus PE64 PE File OS Processor Check VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process Windows ComputerName Cryptographic key					4.4		10	ZeroCERT

22	2021-10-16 13:24	chrome.exe a6654b9757e5cecbd124a6d157c11ec0 RAT PWS .NET framework Generic Malware PE File PE32 .NET EXE VirusTotal Malware Checks debugger buffers extracted unpack itself Tofsee	1 Keyword trend analysis	4	1		2.2	M	22	ZeroCERT

23	2021-09-29 08:22	s.exe c04496520501bc6a3b3f0b7f5f875a32 Themida Packer PE File .NET EXE PE32 VirusTotal Malware unpack itself Checks Bios Detects VMWare VMware anti-virtualization Windows Firmware crashed					4.8	M	50	ZeroCERT

24	2021-09-22 10:00	EXCEL.exe 49af0abba03a7d559171f378728e9bc7 RAT Generic Malware Antivirus AntiDebug AntiVM PE File .NET EXE PE32 MSOffice File VirusTotal Malware powershell Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut RWX flags setting exploit crash unpack itself Disables Windows Security Check virtual network interfaces suspicious process Tofsee Windows Exploit ComputerName Cryptographic key crashed	1 Keyword trend analysis	2	1		15.0		10	ZeroCERT

25	2021-09-13 08:58	c.bin df81ed87368141a4e55a550efba25460 Emotet Malicious Library PE File PE32 Checks debugger unpack itself Windows utilities WriteConsoleW Windows ComputerName crashed					2.6			ZeroCERT

26	2021-07-09 10:07	rdpa.exe 08a384b9655fb403506ef9a621d2fa01 RAT NPKI Generic Malware Antivirus PE64 PE File VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process Windows ComputerName DNS Cryptographic key		1			7.8		15	ZeroCERT