Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
1	2024-04-12 15:06	ujjdjd.exe 8ab428444842653c6ebf5a71f14f80e2 UPX PE File .NET EXE PE32 VirusTotal Malware				1.6		49	ZeroCERT

2	2022-08-03 10:26	PrWYC.exe 15d514f2c75c909604875c6af0bf3b54 Malicious Library UPX PE32 OS Processor Check PE File Browser Info Stealer Malware download FTP Client Info Stealer NetWireRC VirusTotal Malware AutoRuns MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Windows utilities Auto service suspicious process AppData folder AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check Windows Browser RAT ComputerName DNS Software	4 Keyword trend analysis	1	10 Info ET HUNTING Request for .bin with BITS/ User-Agent ET MALWARE Generic .bin download from Dotted Quad ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET MALWARE Win32/NetDooka Framework RAT Sending System Information M2 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	13.4	M	9	ZeroCERT

3	2022-03-28 17:05	6989_1648415437_5281.exe 442c20c5c4666bd83c318ed422087c58 RAT .NET EXE PE File PE32 MachineGuid Check memory Checks debugger unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee	1 Keyword trend analysis	4	1	3.2	M		ZeroCERT

4	2022-03-28 16:54	6313_1648414584_5663.exe 03cb931a5114bbc60526858fb7d5f77f RAT .NET EXE PE File PE32 MachineGuid Check memory Checks debugger ICMP traffic unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee	1 Keyword trend analysis	4	1	4.0			ZeroCERT

5	2022-03-28 16:52	9648_1648412414_6552.exe a8582b4021c880db55feabb9039940ee RAT .NET EXE PE File PE32 Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee	2 Keyword trend analysis	4	1	4.6			ZeroCERT

6	2022-02-24 09:26	max.exe 07a1031cdecc92fd478072771ced3923 RAT Hide_EXE Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed				10.4	M	28	ZeroCERT

7	2021-10-29 18:27	B86b0mDlYqpH2306105pdf.exe ff8d08be90a98bf46f8f359ee4cb35f7 RAT PWS .NET framework Generic Malware Malicious Packer Malicious Library UPX Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE GIF Format Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW IP Check VM Disk Size Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4	17.4		30	ZeroCERT

8	2021-10-29 09:36	A540bo3mQDlYqpH30620D.exe 781fb23a988efab21e4ab321aa932b09 RAT Generic Malware PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself ComputerName				2.4		17	ZeroCERT

9	2021-08-19 09:39	WARZONE.exe 56be1905fba872d1fc768ee8451f9155 Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName Cryptographic key Software crashed keylogger				12.0	M	36	ZeroCERT

10	2021-08-15 12:18	Get-Variable.exe 0e78df69265dc57c37673bdee540ce2f VMProtect UPX Malicious Library PE File PE32 Malware download VirusTotal Malware IoC Malicious Traffic Checks debugger unpack itself Windows utilities suspicious process Kovter Zeus Windows ComputerName Trojan DNS	3 Keyword trend analysis	1	6 Info ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE Trojan Generic - POST To gate.php with no accept headers ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad ET MALWARE Generic gate[.].php GET with minimal headers ET HUNTING Suspicious GET To gate.php with no Referer ET MALWARE WIN32/KOVTER.B Checkin	6.4		23	ZeroCERT