Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
1	2023-09-19 10:33	Firefox_Installer.exe 655878c402fe774ad4af71d78ea7d30f NSIS Generic Malware UPX Malicious Library PE File PE32 DLL OS Processor Check JPEG Format Browser Info Stealer Check memory Checks debugger Creates executable files RWX flags setting unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Tofsee Browser	1 Keyword trend analysis	2	1	4.4			ZeroCERT

2	2023-02-27 13:44	vbc.exe 6610f18ccc7279ba8c0f5ef4bc6c8956 NPKI Formbook Hide_EXE .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself ComputerName				2.6	M	47	ZeroCERT

3	2023-02-24 13:49	vbc.exe ee9485eba618aa497ade493518824f09 NPKI Formbook Hide_EXE .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself ComputerName crashed				2.8	M	42	ZeroCERT

4	2023-02-19 14:02	vbc.exe 952bd800d4e8fb93e98e0df539565bd6 Formbook Hide_EXE Generic Malware Antivirus PE32 .NET EXE PE File VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process Windows ComputerName Cryptographic key crashed				7.6	M	32	ZeroCERT

5	2023-02-08 09:28	vbc.exe 135ec341e42d29055bbb86a4260e0910 AgentTesla PWS[m] browser info stealer Hide_EXE Generic Malware Google Chrome User Data Downloader Antivirus Create Service Socket DNS Internet API Sniff Audio KeyLogger Escalate priviledges AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process Windows ComputerName DNS Cryptographic key DDNS keylogger		2	1	12.0	M	30	ZeroCERT

6	2022-12-06 10:39	vbc.exe a55643dbed66c798227d37d5d67df6e4 AgentTesla PWS[m] RAT browser info stealer Generic Malware Google Chrome User Data Downloader UPX Antivirus Create Service Socket DNS Internet API Sniff Audio KeyLogger Escalate priviledges AntiDebug AntiVM PE32 .NET EXE PE File Remcos VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process malicious URLs Windows ComputerName DNS Cryptographic key DDNS keylogger	1 Keyword trend analysis	4	2	12.6		31	ZeroCERT

7	2022-07-14 09:14	oil.exe a576c1b729d6f3a266a6313c97cc3410 Formbook RAT Hide_EXE Generic Malware Antivirus AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key crashed				9.4		40	ZeroCERT

8	2022-03-29 18:15	Sexnamz.exe 976f76ebeda1d3bb4c28e66aa9afea51 RAT .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee ComputerName		2	2	2.4	M	19	ZeroCERT

9	2021-09-29 10:10	ppt_00101570818.exe d57a65324f585b76a5109a9e24e15e36 RAT Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	7 Keyword trend analysis Info http://www.sapphiremodule.com/qs23/?k0GDCl1=4nH00DIdIlP16uxJcnxrWwD74hyC1jfKBUbw3YRGnC2D089bHmLxwPKwEzx4sAKOsRNjdMkG&tZi0=NX1Xp http://www.legalcoloradosprings.com/qs23/?k0GDCl1=uM0VhG1IRz5wMznhSbXMkM7uF8gORsNKezcn1b+gyMj5WBgVWWpXHYn06fe/Fqt+l2V0Q4IB&tZi0=NX1Xp http://www.theandrewjbrady.com/qs23/?k0GDCl1=HczVAJJS8Ob0h3rhu4NEopLGbHPYxvdn9XhTRi1N/2GlVuoE2++DpnrWDfzFWbd2z+NWTLCG&tZi0=NX1Xp http://www.lihsin.com/qs23/?k0GDCl1=o1aFr5KtSv920qfmDxMrfLd6y6pwA/l3ruGXfpvzoP1TfJKE82SHCLzF3UV+gVAb2sFMcSCG&tZi0=NX1Xp http://www.noveltyporpak.xyz/qs23/?k0GDCl1=SDa/thlVKiuhkGOhq6+5pi6fnAt+7HKtEkOLT+kg1TEVChDSzFDgzkIOOAmifGDMjpq3vtvi&tZi0=NX1Xp http://www.gionakpil.com/qs23/?k0GDCl1=5onXSvQxUjGTCM3BIa0r4MuMgPgPXvoMHysP+53Yw76tx3RAPrp4+m8nNuuPvRzOeMokdXDI&tZi0=NX1Xp http://www.ameliasongsforever.com/qs23/?k0GDCl1=mOW/bv2ZI17L2aRiGHyBO0k3AX3dRgTpF6jAsk5mxMOoOMPxhCVd92OSc4gI/JVNvMAPde+B&tZi0=NX1Xp	16 Info www.metumuskfinance.com() www.lihsin.com(185.53.177.10) www.sapphiremodule.com(44.227.76.166) www.ameliasongsforever.com(198.54.114.139) www.theandrewjbrady.com(34.102.136.180) www.legalcoloradosprings.com(34.102.136.180) www.putaojiau.com() www.noveltyporpak.xyz(198.54.117.216) www.gionakpil.com(108.186.87.34) www.sogginesses.info() 34.102.136.180 - mailcious 198.54.117.217 - phishing 108.186.87.34 185.53.177.10 - suspicious 44.227.65.245 198.54.114.139 - malware	2	8.4	M	21	ZeroCERT

10	2021-09-29 10:09	ppt_61102126305327.exe 2ed76672668438c5129c82daeac7ef36 RAT Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS crashed		1		12.0	M	31	ZeroCERT

11	2021-09-29 10:07	ppt_82000007451308.exe e66d37e430a767a356d8fdeae27788d3 RAT Generic Malware PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself				3.2	M	20	ZeroCERT

12	2021-09-29 07:49	PPT_25084100000125.exe 062e63a1422126e35e93a19aba338b64 RAT Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName crashed				11.4		34	ZeroCERT