Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10141	2021-05-27 09:54	file19.exe 131296e016a70ea67760fa6eec3dca8f Anti_VM PE File PE32 VirusTotal Malware unpack itself Checks Bios Detects VirtualBox Detects VMWare VMware anti-virtualization Tofsee Windows Firmware DNS crashed	2 Keyword trend analysis	2	1		5.8	M	38	ZeroCERT

10142	2021-05-27 09:20	file23.exe 4c9bb1adf101943c077c224a224ed490 PE64 PE File VirusTotal Malware unpack itself DNS					3.0		13	ZeroCERT

10143	2021-05-27 09:18	covid.exe a7a8c3e6b8854ab03b71a5b128d7b9ce Malicious Library DNS AntiDebug AntiVM .NET EXE PE File PE32 Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS		2			13.6			ZeroCERT

10144	2021-05-27 07:50	Zaplata.exe 4fd2df0f767d5db670bc28f9fff6b1f4 PE File OS Processor Check PE32 Browser Info Stealer VirusTotal Malware PDB Browser					1.8		46	ZeroCERT

10145	2021-05-26 17:49	Lammer.exe 49545f0af79ded22054bfd851bb3d864 .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself WriteConsoleW DNS DDNS		2	1		5.8		36	ZeroCERT

10146	2021-05-26 15:18	origin.exe 8270fec5a4b9cd84da15ab4b61e891ee AgentTesla(IN) Malicious Packer .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself					2.2	M	39	r0d

10147	2021-05-26 09:52	origin.exe 8270fec5a4b9cd84da15ab4b61e891ee Malicious Packer .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself DNS					2.8		39	ZeroCERT

10148	2021-05-26 09:52	t.exe ddda0d5616775408eb31992c1d602a8d AsyncRAT backdoor .NET EXE PE File PE32 VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows DNS	2 Keyword trend analysis	3	8 Info ET INFO TLS Handshake Failure SURICATA TLS invalid record type SURICATA TLS invalid record/traffic ET INFO Executable Download from dotted-quad Host SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	1	3.6		18	ZeroCERT

10149	2021-05-26 09:48	New%20Order.exe 9686d7f5778397a1727d314553f126d4 Antivirus .NET EXE PE File PE32 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security powershell.exe wrote suspicious process AppData folder sandbox evasion WriteConsoleW Ransomware Windows ComputerName Cryptographic key crashed					8.6	M	19	ZeroCERT

10150	2021-05-26 09:40	jexi_cry.exe 6245b34a94512b3f2a8b753e7b8dd24f AsyncRAT backdoor PWS .NET framework .NET EXE PE File PE32 VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process Tofsee Windows DNS	1 Keyword trend analysis	5	1		7.6		14	ZeroCERT

10151	2021-05-26 09:17	p4.exe 69a8c51720e4b71360018614cd7a8123 AsyncRAT backdoor PWS .NET framework Malicious Library AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself					7.6		50	ZeroCERT

10152	2021-05-26 09:09	Oski_KelvinBryant.exe 08c192a4b1b2ffefcb59f04230682f8d PE File OS Processor Check PE32 VirusTotal Malware ComputerName DNS		1			3.0		43	ZeroCERT

10153	2021-05-26 08:59	Kill$.exe 84351b76b5750af1b8da4b9b3572ca6a AgentTesla Antivirus Anti_VM DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Code injection Http API Internet API Steal credential ScreenShot Downloader P2P AntiDebug AntiVM PE64 PE File VirusTotal Malware suspicious privilege Code Injection Check memory WMI Creates executable files Windows utilities suspicious process WriteConsoleW shadowcopy delete Windows ComputerName					7.2	M	23	guest

10154	2021-05-25 18:06	4Hs8qbk2vS4KWX6.exe f0a1ef38fc601323f5f24a68dc5d02a4 PWS .NET framework Malicious Library SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					10.6			ZeroCERT

10155	2021-05-25 10:01	Kill$.exe 84351b76b5750af1b8da4b9b3572ca6a AgentTesla Antivirus Anti_VM DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Code injection Http API Internet API Steal credential ScreenShot Downloader P2P AntiDebug AntiVM PE64 PE File VirusTotal Malware suspicious privilege Code Injection Check memory WMI Creates executable files Windows utilities suspicious process WriteConsoleW shadowcopy delete Windows ComputerName DNS					7.6		14	ZeroCERT