Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10126	2021-05-31 09:35	jaja.exe 54262706e573614d224fec09edb4f7cf Malicious Library Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Disables Windows Security powershell.exe wrote suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed keylogger					16.2		46	ZeroCERT

10127	2021-05-31 09:32	new.exe 03abf4527d2c88e4716e194e93c9b07b AsyncRAT backdoor PWS .NET framework AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key					7.8		40	ZeroCERT

10128	2021-05-31 09:31	al.exe 52abd9b0522751f14763b92baf4afa37 NPKI Antivirus PE64 PE File VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process Windows ComputerName Cryptographic key					7.4		36	ZeroCERT

10129	2021-05-31 09:19	ao.exe b1d319888860b7a6400c5e5099d59e48 .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	45	ZeroCERT

10130	2021-05-31 09:19	drunk.exe 3b053dc6b2a1fd69b96cde6a7d320034 AsyncRAT backdoor PWS .NET framework .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check ComputerName DNS crashed	1 Keyword trend analysis	3	1		6.6	M	55	ZeroCERT

10131	2021-05-28 16:47	D3q0V9hldAyJ1xR.exe 3206c82d7448508708770a5537362024 PWS .NET framework .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key					2.4		29	ZeroCERT

10132	2021-05-28 10:09	vbc.exe ca1cad0dfeee9119a7bef5911c8f194e Malicious Library .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself					1.6	M	26	r0d

10133	2021-05-28 08:28	covid.exe 5bcb9ac769b8c069e202b42b16773af7 Malicious Library DNS AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Tofsee Windows ComputerName DNS DDNS	2 Keyword trend analysis	6	4		16.6		21	ZeroCERT

10134	2021-05-28 08:24	vMGUvT6JSOA3UIz.exe d08412601dc64d6dc5e3945d550ad9a9 AsyncRAT backdoor PWS .NET framework Malicious Library .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key		1			4.2	M	40	ZeroCERT

10135	2021-05-28 08:22	test.exe 0e24059570f9655711ba4454c21c9e2e AsyncRAT backdoor .NET EXE PE File PE32 VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows	1 Keyword trend analysis	4	8 Info ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA TLS invalid record type SURICATA TLS invalid record/traffic ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET HUNTING Request to .XYZ Domain with Minimal Headers ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download		3.2	M	25	ZeroCERT

10136	2021-05-28 08:20	vbc.exe ca1cad0dfeee9119a7bef5911c8f194e SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself suspicious process WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger		1			13.4	M	24	ZeroCERT

10137	2021-05-28 08:11	vuga.exe 6a5d0132df698a0743d0a5a8a1515cfc AsyncRAT backdoor AgentTesla(IN) Malicious Packer .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Windows Browser Email ComputerName Cryptographic key Software crashed					5.6	M	37	ZeroCERT

10138	2021-05-27 10:26	BBQbrowser.exe 81189d695443fc7f2a0adab7a6957d89 AsyncRAT backdoor BitCoin AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces suspicious TLD installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key crashed	3 Keyword trend analysis	5	3	1	10.8	M		ZeroCERT

10139	2021-05-27 10:26	WLP_Setup.exe 6bd3098fc75bd4616d1d069b41a366cd AsyncRAT backdoor PWS .NET framework .NET EXE PE File OS Processor Check PE32 Browser Info Stealer FTP Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	7	3		6.2	M		ZeroCERT

10140	2021-05-27 10:26	file18.exe 495214dc4882127b4cf5480510ce440c AsyncRAT backdoor PWS .NET framework BitCoin AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Check virtual network interfaces suspicious TLD Tofsee Windows Cryptographic key crashed	2 Keyword trend analysis	4	1		9.8	M	37	ZeroCERT