Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1	2024-08-21 15:28	photo.jpeg.exe 1a530b88ea994df4c9cc20d9a9470a36 Malicious Library PE File PE64 VirusTotal Malware AutoRuns PDB ICMP traffic unpack itself Windows DNS		1			5.6		45	ZeroCERT

2	2024-06-18 07:41	dasheng.exe d4e78b1a0037296e0753b490eaf58adb Generic Malware Malicious Library PE File PE32 PDB suspicious privilege					1.0	M		ZeroCERT

3	2024-06-14 09:41	setup%E4%B8%8B%E8%BD%BD%E5%90%... 8ece12bccc4c83c2ec683a7d5a7dc348 Malicious Library PE64 PE File VirusTotal Malware DNS	1 Keyword trend analysis	1			3.2		46	ZeroCERT

4	2022-06-22 07:44	r6f3vv8ukiZjeW ec006dcafe46183170e22f0375dc18c0 Malicious Library UPX OS Processor Check DLL PE File PE64 Dridex TrickBot Malware Report AutoRuns Checks debugger ICMP traffic unpack itself Auto service suspicious process AntiVM_Disk sandbox evasion VM Disk Size Check Kovter Windows ComputerName DNS		15 Info 103.70.28.102 - mailcious 172.105.226.75 - mailcious 82.223.21.224 - mailcious 131.100.24.231 - mailcious 144.91.78.55 - mailcious 103.132.242.26 - mailcious 45.76.181.158 - mailcious 209.126.98.206 - mailcious 139.162.113.169 - mailcious 110.232.117.186 - mailcious 149.56.131.28 - mailcious 159.65.140.115 - mailcious 5.9.116.246 - mailcious 135.148.6.80 - mailcious 45.235.8.30 - mailcious	5		7.6	M		ZeroCERT

5	2022-06-21 22:34	sf2MppPW30cKaWeko 65fd14480ef968390e06ee2b4a495e35 Malicious Library UPX OS Processor Check DLL PE File PE64 Dridex TrickBot Malware Report AutoRuns Checks debugger ICMP traffic unpack itself Auto service suspicious process AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Kovter Windows ComputerName DNS crashed		15 Info 103.70.28.102 - mailcious 172.105.226.75 - mailcious 82.223.21.224 - mailcious 131.100.24.231 - mailcious 144.91.78.55 - mailcious 103.132.242.26 - mailcious 45.76.181.158 - mailcious 209.126.98.206 - mailcious 139.162.113.169 - mailcious 110.232.117.186 - mailcious 149.56.131.28 - mailcious 159.65.140.115 - mailcious 5.9.116.246 - mailcious 135.148.6.80 - mailcious 45.235.8.30 - mailcious	5		8.2	M		ZeroCERT

6	2022-05-20 17:39	REvup c3cf7d4fab7e7ea5a5adfabd4f77f0b4 Malicious Library DLL PE File PE64 VirusTotal Malware AutoRuns Checks debugger unpack itself Auto service suspicious process AntiVM_Disk sandbox evasion VM Disk Size Check Windows ComputerName crashed					5.2		7	ZeroCERT

7	2022-01-14 18:30	WhatsAppSetupr.exe 83e71f37df8557d87bb44c4c64396802 Malicious Library PE File PE32 VirusTotal Malware PDB sandbox evasion DNS	1 Keyword trend analysis	1			2.6	M	32	ZeroCERT

8	2022-01-03 16:47	90ea239e17bbbf0c278f17c385b310... 2e1ed9a6411f5457e15eb9962d9badc3 Gen2 Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder sandbox evasion IP Check Tofsee ComputerName	7 Keyword trend analysis Info http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgMugp1AfCIQfBWAxvFn4D9P8w%3D%3D http://crl.identrust.com/DSTROOTCAX3CRL.crl http://ip-api.com/json/?fields=8198 http://x1.c.lencr.org/ http://apps.identrust.com/roots/dstrootcax3.p7c https://gp.gamebuy768.com/2202/sqlite.dat https://bh.mygameadmin.com/report7.4.php - rule_id: 6271	16 Info crl.identrust.com(23.43.165.66) x1.c.lencr.org(104.74.211.103) gp.gamebuy768.com(104.21.27.252) - malware bh.mygameadmin.com(172.67.213.194) - mailcious toa.mygametoa.com(34.64.183.91) - mailcious ip-api.com(208.95.112.1) apps.identrust.com(23.43.165.105) ip.sexygame.jp() - mailcious r3.o.lencr.org(23.43.165.51) 104.21.27.252 - malware 23.76.153.211 121.254.136.32 104.76.75.146 208.95.112.1 172.67.213.194 34.64.183.91 - mailcious	2	1	7.8	M	49	ZeroCERT

9	2022-01-03 13:27	c7964d095f04e40565c3828fc0bc9f... 2ff998d7b170f6e0968a99614749a66a Gen2 Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder sandbox evasion IP Check Tofsee ComputerName DNS	7 Keyword trend analysis Info http://ip-api.com/json/?fields=8198 http://crl.identrust.com/DSTROOTCAX3CRL.crl http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgMugp1AfCIQfBWAxvFn4D9P8w%3D%3D http://x1.c.lencr.org/ http://apps.identrust.com/roots/dstrootcax3.p7c https://gp.gamebuy768.com/2201/sqlite.dat https://bh.mygameadmin.com/report7.4.php - rule_id: 6271	20 Info crl.identrust.com(23.43.165.66) x1.c.lencr.org(104.74.211.103) ip.sexygame.jp() - mailcious bh.mygameadmin.com(104.21.75.46) - mailcious gp.gamebuy768.com(172.67.143.210) - malware ip-api.com(208.95.112.1) apps.identrust.com(23.43.165.66) toa.mygametoa.com(34.64.183.91) - mailcious r3.o.lencr.org(23.43.165.42) 182.162.106.32 61.111.58.34 - malware 61.111.58.35 - malware 61.111.58.26 104.76.75.146 104.21.75.46 - mailcious 104.74.211.103 208.95.112.1 172.67.213.194 172.67.143.210 34.64.183.91 - mailcious	2	1	9.8	M	47	ZeroCERT

10	2022-01-03 13:26	8d2882b73fc594434af508b1e5c942... aff711495cac7f64c46e564e9722b3e2 Gen2 Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder sandbox evasion IP Check Tofsee ComputerName	7 Keyword trend analysis Info http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgMugp1AfCIQfBWAxvFn4D9P8w%3D%3D http://crl.identrust.com/DSTROOTCAX3CRL.crl http://apps.identrust.com/roots/dstrootcax3.p7c http://x1.c.lencr.org/ http://ip-api.com/json/?fields=8198 https://gp.gamebuy768.com/29/sqlite.dat https://bh.mygameadmin.com/report7.4.php - rule_id: 6271	17 Info crl.identrust.com(23.43.165.66) x1.c.lencr.org(104.74.211.103) gp.gamebuy768.com(104.21.27.252) - malware bh.mygameadmin.com(172.67.213.194) - mailcious toa.mygametoa.com(34.64.183.91) - mailcious ip-api.com(208.95.112.1) apps.identrust.com(23.43.165.66) ip.sexygame.jp() - mailcious r3.o.lencr.org(23.43.165.51) 104.21.27.252 - malware 61.111.58.34 - malware 182.162.106.33 - 182.162.106.104 104.21.75.46 - mailcious 104.74.211.103 208.95.112.1 34.64.183.91 - mailcious	2	1	7.8	M	52	ZeroCERT

11	2022-01-03 13:26	8d2882b73fc594434af508b1e5c942... ca51f70c36793eb781000d43be0ff594 Gen2 Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder sandbox evasion IP Check Tofsee ComputerName	7 Keyword trend analysis Info http://apps.identrust.com/roots/dstrootcax3.p7c http://crl.identrust.com/DSTROOTCAX3CRL.crl http://ip-api.com/json/?fields=8198 http://x1.c.lencr.org/ http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgMugp1AfCIQfBWAxvFn4D9P8w%3D%3D https://gp.gamebuy768.com/25/sqlite.dat https://bh.mygameadmin.com/report7.4.php - rule_id: 6271	17 Info r3.o.lencr.org(23.43.165.51) crl.identrust.com(23.43.165.66) gp.gamebuy768.com(172.67.143.210) - malware bh.mygameadmin.com(104.21.75.46) - mailcious toa.mygametoa.com(34.64.183.91) - mailcious ip-api.com(208.95.112.1) apps.identrust.com(23.43.165.66) ip.sexygame.jp() - mailcious x1.c.lencr.org(104.74.211.103) 182.162.106.32 104.21.27.252 - malware 61.111.58.35 - 61.111.58.26 104.21.75.46 - mailcious 104.74.211.103 208.95.112.1 34.64.183.91 - mailcious	2	1	7.8	M	49	ZeroCERT

12	2022-01-03 12:26	3baf44d96cdedbb009e0059c66704e... b4a71c3a661f11904e36ff2558a6c4f1 Gen2 Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder sandbox evasion IP Check Tofsee ComputerName	7 Keyword trend analysis Info http://apps.identrust.com/roots/dstrootcax3.p7c http://crl.identrust.com/DSTROOTCAX3CRL.crl http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgMugp1AfCIQfBWAxvFn4D9P8w%3D%3D http://x1.c.lencr.org/ http://ip-api.com/json/?fields=8198 https://bh.mygameadmin.com/report7.4.php - rule_id: 6271 https://gp.gamebuy768.com/22/sqlite.dat	17 Info crl.identrust.com(23.43.165.105) x1.c.lencr.org(104.74.211.103) gp.gamebuy768.com(172.67.143.210) - malware bh.mygameadmin.com(104.21.75.46) - mailcious toa.mygametoa.com(34.64.183.91) - mailcious ip-api.com(208.95.112.1) apps.identrust.com(23.43.165.105) ip.sexygame.jp() - mailcious r3.o.lencr.org(23.43.165.42) 104.21.27.252 - malware 208.95.112.1 121.254.136.42 121.254.136.27 104.21.75.46 - mailcious 104.74.211.103 121.254.136.57 34.64.183.91 - mailcious	2	1	7.8	M	47	ZeroCERT

13	2021-12-09 16:55	cd8012095737a9321ff5a18d6c29cf... e8567b8500a073a3e2c130a5c9623108 Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder sandbox evasion IP Check Tofsee ComputerName	7 Keyword trend analysis Info http://ip-api.com/json/?fields=8198 http://crl.identrust.com/DSTROOTCAX3CRL.crl http://apps.identrust.com/roots/dstrootcax3.p7c http://x1.c.lencr.org/ http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgMugp1AfCIQfBWAxvFn4D9P8w%3D%3D https://gp.gamebuy768.com/2201/sqlite.dat https://bh.mygameadmin.com/report7.4.php - rule_id: 6271	16 Info crl.identrust.com(119.207.65.153) x1.c.lencr.org(104.74.211.103) ip.sexygame.jp() - mailcious bh.mygameadmin.com(172.67.213.194) - mailcious gp.gamebuy768.com(104.21.27.252) - malware ip-api.com(208.95.112.1) apps.identrust.com(119.207.65.137) toa.mygametoa.com(34.64.183.91) - mailcious r3.o.lencr.org(119.207.65.177) 61.111.58.34 - malware 104.74.211.103 61.111.58.41 - malware 208.95.112.1 172.67.213.194 172.67.143.210 34.64.183.91 - mailcious	2	1	7.2	M	11	ZeroCERT

14	2021-12-09 16:52	cd8012095737a9321ff5a18d6c29cf... 920e0710da9bae6384427b33f237792b Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder sandbox evasion IP Check Tofsee ComputerName	7 Keyword trend analysis Info http://ip-api.com/json/?fields=8198 http://crl.identrust.com/DSTROOTCAX3CRL.crl http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgMugp1AfCIQfBWAxvFn4D9P8w%3D%3D http://x1.c.lencr.org/ http://apps.identrust.com/roots/dstrootcax3.p7c https://bh.mygameadmin.com/report7.4.php - rule_id: 6271 https://gp.gamebuy768.com/22/sqlite.dat	17 Info crl.identrust.com(119.207.65.153) x1.c.lencr.org(104.74.211.103) gp.gamebuy768.com(172.67.143.210) - malware bh.mygameadmin.com(104.21.75.46) - mailcious toa.mygametoa.com(34.64.183.91) - mailcious ip-api.com(208.95.112.1) apps.identrust.com(119.207.65.137) ip.sexygame.jp() - mailcious r3.o.lencr.org(119.207.65.177) 104.21.27.252 - malware 61.111.58.34 - malware 61.111.58.35 - malware 61.111.58.26 104.74.168.254 208.95.112.1 172.67.213.194 34.64.183.91 - mailcious	2	1	7.6	M	31	ZeroCERT

15	2021-11-23 10:36	hzz.exe 05f161873c4ca4ba7ced3efc5bc262a9 Generic Malware Malicious Library Malicious Packer AntiDebug AntiVM PE File PE32 PE64 VirusTotal Malware AutoRuns Code Injection unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk VM Disk Size Check Windows ComputerName Remote Code Execution	1 Keyword trend analysis	2		1	8.0	M	51	ZeroCERT