Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	VT	Player
1	2021-11-18 08:27	TSO_011020_10063863221.exe ee997c35fca1094cf6ca6ca00e410f78 RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4	14.6	32	ZeroCERT

2	2021-11-18 08:07	TSO_01103300638632719.exe 491ca2d6005190bfe3d8524cc93f3f09 RAT Generic Malware UPX SMTP KeyLogger AntiDebug AntiVM PE File OS Processor Check PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	3	14.4	27	ZeroCERT

3	2021-11-14 18:58	etl_00382_0541_0165410000.exe abbd913fabcce80fe6c14f8103800378 RAT Generic Malware Malicious Library AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself				7.6	42	ZeroCERT

4	2021-11-14 18:45	Request_000517_03107206PDF.exe f63e1268d0d33af7abee3329cb23e0cd RAT Generic Malware Malicious Library PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself ComputerName DNS		1		3.0	39	ZeroCERT

5	2021-11-14 18:43	shrrico.exe 4aa4dfd6b9b3ba9a2961b4a8f40d6b1b RAT PWS .NET framework Generic Malware task schedule Malicious Library Malicious Packer UPX SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer AsyncRAT Dridex NetWireRC TrickBot VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Kovter Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	6	7 Info ET INFO DYNAMIC_DNS Query to .dyndns. Domain ET INFO DYNAMIC_DNS Query to .duckdns. Domain ET POLICY External IP Lookup - checkip.dyndns.org ET POLICY DynDNS CheckIp External IP Address Server Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)	14.2	40	ZeroCERT

6	2021-11-14 18:21	Request_000517_031077PDF.exe bcf64360f1b1dd0f4dbb00f69fb1637c RAT Generic Malware Malicious Library UPX SMTP KeyLogger AntiDebug AntiVM PE File OS Processor Check PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	3	14.8	42	ZeroCERT