Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	VT	Player
31	2021-07-02 16:46	InvoicePO-03092021.jar 88811d5b8004bca2c3166e3cedd10fe3 Check memory heapspray unpack itself Java				1.6		ZeroCERT

32	2021-07-02 16:51	InvoiceP038455.jar 3b9807d9332a324f920ca95e2282c082 Check memory heapspray unpack itself Java				1.6		ZeroCERT

33	2021-07-02 18:13	InvoiceP038455.jar 3b9807d9332a324f920ca95e2282c082 Check memory heapspray unpack itself Java DNS		10		2.2		ZeroCERT

34	2021-07-02 18:26	InvoicePO-03092021.jar 88811d5b8004bca2c3166e3cedd10fe3 Check memory heapspray unpack itself Java DNS		10		2.2		ZeroCERT

35	2021-07-06 15:28	mpsvc.dll a47cf00aedf769d60d58bfe00c0b5421 PE File DLL OS Processor Check PE32				0.4	51	r0d

36	2021-07-06 15:30	MsMpEng.exe 8cc83221870dd07144e63df594c391d9 BitCoin Antivirus Code injection IRC persistence DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Http API Internet API Steal credential ScreenShot Downloader P2P AntiDebug AntiVM PE File PE32 PDB unpack itself Windows utilities malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW Firewall state off VM Disk Size Check Ransomware Windows Tor ComputerName DNS crashed				11.0		guest

37	2021-07-07 18:45	InvoicePO-03092021.jar 88811d5b8004bca2c3166e3cedd10fe3 NPKI OS Processor Check PE File DLL PE32 Malware download NetWireRC VirusTotal Malware AutoRuns Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder suspicious TLD IP Check Windows Java ComputerName DNS crashed	1 Keyword trend analysis	10	4	9.6	6	guest

38	2021-07-07 23:16	InvoicePO-03092021.jar 88811d5b8004bca2c3166e3cedd10fe3 NPKI PE File DLL OS Processor Check PE32 Malware download NetWireRC VirusTotal Email Client Info Stealer Malware AutoRuns Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder suspicious TLD IP Check Tofsee Windows Java Email ComputerName DNS crashed	3 Keyword trend analysis Info http://ip-api.com/json/ http://edgedl.me.gvt1.com/edgedl/release2/chrome/ANHii5UY3d-4EiotgE5WL8M_91.0.4472.124/91.0.4472.124_chrome_installer.exe https://update.googleapis.com/service/update2?cup2key=10:1185578559&cup2hreq=210abae0c0bf4c085ef3a032bf41ca5b683c508249b56d231bc6b32b3afcc509	12 Info edgedl.me.gvt1.com(34.104.35.123) repo1.maven.org(199.232.196.209) github.com(52.78.231.108) - mailcious github-releases.githubusercontent.com(185.199.111.154) ip-api.com(208.95.112.1) str-master.pw() - mailcious 52.78.231.108 - malware 208.95.112.1 151.101.40.209 34.104.35.123 185.199.111.154 46.183.221.118 - mailcious	7 Info ET JA3 Hash - Possible Malware - Java Based RAT ET DNS Query to a *.pw domain - Likely Hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP ET MALWARE STRRAT CnC Checkin ET POLICY External IP Lookup ip-api.com	11.0	6	ZeroCERT

39	2021-07-09 10:06	index.jar a53c10a1311d5e77559b0d3a23e24488 VirusTotal Malware Check memory heapspray unpack itself Java				2.0	9	ZeroCERT

40	2021-07-09 20:20	index.jar a53c10a1311d5e77559b0d3a23e24488 NPKI DLL PE32 OS Processor Check PE File VirusTotal Email Client Info Stealer Malware AutoRuns Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder suspicious TLD IP Check Windows Java Email ComputerName DNS crashed	1 Keyword trend analysis	10		10.4	15	ZeroCERT

41	2021-07-12 09:41	information_01913.xlsb 876840f5faa0b20d0713a7e8435b19b7 VirusTotal Malware Creates executable files unpack itself suspicious process	1 Keyword trend analysis	2		3.2	4	ZeroCERT

42	2021-07-14 07:44	mad.zip 2dd394b649d386e88e6d6da28be926d5 VirusTotal Malware				0.6	19	ZeroCERT

43	2021-07-14 07:51	run.exe 5ab6825cfced362802d1f3dd28e904bd RAT Generic Malware DGA DNS SMTP Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence Hijack Network AntiDebug AntiVM PE32 PE File .NET EXE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key		2		6.0	13	ZeroCERT

44	2021-07-14 08:45	mad.zip 2dd394b649d386e88e6d6da28be926d5 VirusTotal Malware				0.6	19	ZeroCERT

45	2021-07-14 08:56	run.exe 5ab6825cfced362802d1f3dd28e904bd RAT Generic Malware Http API Steal credential ScreenShot DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Internet API Downloader P2P persistence SMTP AntiDebug AntiVM PE32 PE File .NET EXE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key		2		6.0	13	ZeroCERT