Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1	2023-08-25 20:13	vbc.exe 90d7398bd4bb66384b309201ce5f20f0 Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself					2.4	M	60	guest

2	2021-07-30 11:11	vbc.exe 90091c8c9c69b12fe47cee45e5090bf9 Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	3	1		12.8	M	24	ZeroCERT

3	2021-07-30 10:52	Tms5ke8HVQpO8gl.exe 91e00dfab0a4c96a3eb89ea38eff74c4 PWS Loki[b] Loki[m] Generic Malware UPX DNS Socket KeyLogger HTTP Internet API ScreenShot Http API AntiDebug AntiVM PE32 .NET EXE PE File Malware download Azorult VirusTotal Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1		9.0	M	20	ZeroCERT

4	2021-07-30 10:50	.csrss.exe b158c924678cd5bac37bfd7bfc9d8781 Generic Malware Admin Tool (Sysinternals etc ...) PE32 .NET EXE PE File VirusTotal Malware Check memory Checks debugger unpack itself					2.2	M	34	ZeroCERT

5	2021-07-30 10:41	vbc.exe b6e6712ed64dc7d72f13f84ef50c04ad Generic Malware Admin Tool (Sysinternals etc ...) PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows DNS Cryptographic key		1			5.8	M	25	ZeroCERT

6	2021-07-30 10:40	pmo-01.exe 121a6914b86cfc9ca8d12864cba4da75 Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows DNS Cryptographic key crashed	8 Keyword trend analysis Info http://www.rootmoover.com/wufn/?KzrxE=jUqWC+wM+s2Yehearj52syV+yALdMbb6PeN2CvBJSFCwW1HLktm3ATZosqzbiXJTH9I2JiE2&p0D=AfpHLx9 http://www.iqpt.info/wufn/?KzrxE=hrdaP+EsGTITsCagZnHefT6Bmc518UuvQeiOjF2tcIDpZFKKlutoy9+nHdETp4OhFNJGJnoo&p0D=AfpHLx9 - rule_id: 2910 http://www.intoxickiss.com/wufn/?KzrxE=eFcjLRgeiIUzDbHmwTb3Jzj/ojOR5Bd5C6w81D5RMgQILdL/YJI1IKkLX7W57Fxdc9GGy5Q6&p0D=AfpHLx9 http://www.gaigoilaocai.com/wufn/?KzrxE=+cvcaH9t4IGOvfSH2s/pGQCzCoMlKLNX9S4pg+CdqO+ehvTRSw4m6C0WiIEOYf+cYXNRRXby&p0D=AfpHLx9 - rule_id: 2912 http://www.cummingsforum.com/wufn/?KzrxE=PGuDT0srb8+GzzH8GojBu9jJOM86wXlCLaZQF9oyMbXQcbHCqOG6UzGQhd2hamBsdTomrrU0&p0D=AfpHLx9 - rule_id: 3523 http://www.setadragon.com/wufn/?KzrxE=p6EPLUx6SmQWyT0aKUYWey1/moK0HCihbvuUxAKosV5aIj7OYHg92cDuRvb6vmm9eY3daRqd&p0D=AfpHLx9 - rule_id: 3486 http://www.zwq.xyz/wufn/?KzrxE=XjXBhjUVI334M/Uwl7gvZZ0GeOD10IACqOCIbULeYHXWrIpOZW21ZlaOwQdpB6LWbxxYrGle&p0D=AfpHLx9 - rule_id: 3226 http://www.hk6628.com/wufn/?KzrxE=Mbz3eb2htBuwJm9my9qYpH4UWvi7L1jn54VVewVZerqVccc7GhECZ0+c8NYoPjvN/okzts0t&p0D=AfpHLx9 - rule_id: 2909	17 Info www.intoxickiss.com(151.101.192.119) www.hk6628.com(34.102.136.180) www.zwq.xyz(52.128.23.153) www.iqpt.info(67.199.248.13) www.kyg-cpa.com() - mailcious www.setadragon.com(209.99.40.222) www.gaigoilaocai.com(172.67.187.204) www.rootmoover.com(23.227.38.74) www.cummingsforum.com(34.102.136.180) 52.128.23.153 - mailcious 43.255.241.176 - malware 209.99.40.222 - mailcious 34.102.136.180 - mailcious 67.199.248.12 - mailcious 172.67.187.204 - mailcious 151.101.128.119 23.227.38.74 - mailcious	2	6	9.8	M	26	ZeroCERT

7	2021-07-30 10:28	vbc.exe 90d7398bd4bb66384b309201ce5f20f0 PWS Loki[b] Loki[m] Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName Cryptographic key Software		1			13.6		25	ZeroCERT

8	2021-07-30 10:27	vbc.exe 9d92fb1d9dc509364b324872a133a5ac Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows DNS Cryptographic key crashed	7 Keyword trend analysis Info http://www.thaenablers.com/p1nr/?sBvD8D=cAX9NHYQnbzybTmuNWVJ06luNzB8snIgXRxRycWBtqyFmm0R3R5hddFvCi3C+yaHA9cLu6dY&APcT7P=djFDfJXHkHmL http://www.mpoweru.life/p1nr/?sBvD8D=ZjHCDoNujluw6lRi64KwBSxMvDNX6e2GPzmHgKq0UAaVqhNvy38CjBjjIT6ZBEO9afFQxO8l&APcT7P=djFDfJXHkHmL http://www.cydip.com/p1nr/?sBvD8D=ZGaWET/m5aRCM9pakCj6ctG5V4spLUeE07bass/N5tQ/1dOLPCE7TRyiJFuh9iNzw4wcgE0D&APcT7P=djFDfJXHkHmL - rule_id: 3347 http://www.norarahimian.net/p1nr/?sBvD8D=7d35Bw0Mn1rBnRMaVERGURzt1iGn4oZRCs4xgIP3mxtfyv7AvC3Y7Vv/TSFiGrtXZAEdE9D3&APcT7P=djFDfJXHkHmL http://www.caodongmei.com/p1nr/?sBvD8D=R1Tu5om0bIatwqHgCXtKllC2e9hqKP6J2OwsqOpsoo9g0cnj7hFHf9ulgsmwuY+fwUnD3npC&APcT7P=djFDfJXHkHmL http://www.stgilespantry.com/p1nr/?sBvD8D=ro1pg1ieSPLRQQJXGE2GvVgViR5v9blhYSuVVUpFJTfP14kyUBrbAPUBeXdLFqhiFoAhPEFb&APcT7P=djFDfJXHkHmL http://www.xn--dlicatbikini-beb.com/p1nr/?sBvD8D=+vXCLrdUYWGMLSeAc6EIZLxRod90t7CXA7cMjBJFBKwrYW2mpEPoYe/XiCHVxQKQoYcICdck&APcT7P=djFDfJXHkHmL	13 Info www.mpoweru.life(34.102.136.180) www.stgilespantry.com(182.50.132.242) www.norarahimian.net(198.54.117.218) www.caodongmei.com(45.39.199.67) www.xn--dlicatbikini-beb.com(34.102.136.180) www.thaenablers.com(34.102.136.180) www.cydip.com(123.206.44.194) www.thafresnelgroup.com() 198.54.117.210 - mailcious 34.102.136.180 - mailcious 45.39.199.67 182.50.132.242 - mailcious 123.206.44.194 - mailcious	3	1	9.2	M	26	ZeroCERT