Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
1	2021-09-24 09:23	Product_Specifications_Details... 5627f70136a7169cabb92e648311b855 KeyBase RAT Generic Malware PE File .NET EXE PE32 VirusTotal Malware Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee ComputerName	1 Keyword trend analysis	2	1	3.0	M	23	ZeroCERT

2	2021-09-24 09:19	Product_Specifications_Details... bbe72c8d0a9c597fb116a040f06255af KeyBase RAT Generic Malware PE File .NET EXE PE32 VirusTotal Malware Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee ComputerName	1 Keyword trend analysis	2	1	3.0	M	21	ZeroCERT

3	2021-09-24 09:07	BRL_2451020032016.exe 4660dca1c3905ea903c4cb3bd9f73733 KeyBase RAT Generic Malware PE File .NET EXE PE32 VirusTotal Malware Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee ComputerName	1 Keyword trend analysis	2	1	3.0	M	24	ZeroCERT

4	2021-09-24 09:05	706012088801.exe ff77d7b1fa1099ec7bb3215ad2be0871 KeyBase RAT Generic Malware PE File .NET EXE PE32 VirusTotal Malware Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee ComputerName	1 Keyword trend analysis	2	1	2.8		19	ZeroCERT

5	2021-04-29 10:03	FLP_5012_306_171.exe a746c90dae245470777071a6c41dea07 KeyBase AgentTesla Gen1 AntiDebug AntiVM PE File PE32 .NET EXE DLL OS Processor Check JPEG Format Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Phishing Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Malicious Traffic Check memory WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check OskiStealer Stealer Windows Browser Email ComputerName Password	9 Keyword trend analysis	2	6 Info ET POLICY Data POST to an image file (jpg) ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2 ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) ET HUNTING HTTP POST to XYZ TLD Containing Pass - Possible Phishing	11.4	M	22	r0d

6	2021-04-29 09:04	FLP_5012_306_171.exe a746c90dae245470777071a6c41dea07 KeyBase AgentTesla Gen1 AntiDebug AntiVM PE File PE32 .NET EXE DLL OS Processor Check JPEG Format Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Phishing Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Malicious Traffic Check memory WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check OskiStealer Stealer Windows Browser Email ComputerName Password	9 Keyword trend analysis	2	6 Info ET POLICY Data POST to an image file (jpg) ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2 ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) ET HUNTING HTTP POST to XYZ TLD Containing Pass - Possible Phishing	12.0		22	ZeroCERT

7	2021-04-26 18:27	IMG_106_680_74_80.pdf e05e738dcb98a9f8c125138b492f82e5 AgentTesla KeyBase Keylogger Gen1 Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization installed browsers check OskiStealer Stealer Windows Browser Email ComputerName DNS Cryptographic key crashed Password	9 Keyword trend analysis	2	7 Info ET INFO DNS Query for Suspicious .icu Domain ET POLICY Data POST to an image file (jpg) ET INFO HTTP POST Request to Suspicious *.icu domain ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET HUNTING Possible EXE Download From Suspicious TLD ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)	17.0	M	13	ZeroCERT

8	2021-04-26 18:27	IMG_5023075401.pdf 427e21ef958ea63e6a12ce4d8d5a3e55 AgentTesla KeyBase Keylogger Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	5	4	13.4	M	16	ZeroCERT

9	2021-04-26 18:23	FLP_1037850047.pdf d32bc982566fbb8d81d3012779d3c320 AgentTesla KeyBase Keylogger Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser ComputerName DNS Cryptographic key crashed		1		9.0	M	11	ZeroCERT

10	2021-04-26 18:12	IMG_608943011.pdf 5f0e74e8c039c771ec8c2fa77981c7dd AgentTesla KeyBase Keylogger Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4	13.4		14	ZeroCERT

11	2021-04-26 18:11	DFI_0451_587_032.pdf 2e85f22e8e3436b38af2299a04f0cad8 AgentTesla KeyBase Keylogger malicious URLs ComputerName		2		2.4	M		ZeroCERT

12	2021-04-23 18:18	FSL_456021054.pdf c0555665c606123b68c3c746f238743c AgentTesla KeyBase Keylogger AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4	13.4		13	ZeroCERT

13	2021-04-22 18:25	IMG_10540078520047.pdf.exe 0584b79b0075099a377c30ffa0bfee28 KeyBase Keylogger Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4	8.4	M	17	r0d

14	2021-04-22 18:22	IMG_045_00_37_3210.pdf.exe 99e0c2ac9236cfedc7dbeffdde956fe2 KeyBase Keylogger VirusTotal Malware malicious URLs ComputerName		2		3.2	M	28	r0d

15	2021-04-22 17:18	IMG_045_00_37_3210.pdf.exe 99e0c2ac9236cfedc7dbeffdde956fe2 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs ComputerName DNS crashed		2		9.6	M	28	ZeroCERT