Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1	2023-07-10 07:45	R0986545678.exe 82f1824f39b1df02b1254991df0b0655 NSIS UPX Malicious Library Downloader PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed		2	2		7.6		47	ZeroCERT

2	2023-06-03 17:31	hkcmd.exe 53d4ab9c429de02b7efc94d7be3e6059 AgentTesla RAT browser info stealer Google Chrome User Data Downloader Confuser .NET Create Service Socket DNS PWS[m] Sniff Audio Internet API Escalate priviledges KeyLogger AntiDebug AntiVM PE64 PE File Remcos VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows DNS DDNS	2 Keyword trend analysis	5	7 Info ET INFO DYNAMIC_DNS Query to a .duckdns .org Domain ET INFO DYNAMIC_DNS Query to .duckdns. Domain ET INFO Executable Download from dotted-quad Host ET JA3 Hash - Remcos 3.x TLS Connection ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		11.2	M	29	ZeroCERT

3	2022-12-11 16:04	vbc.exe 44c87d5aa51f340c3c336d4296809842 Generic Malware AntiDebug AntiVM PE File PE64 FormBook Malware download VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	7 Keyword trend analysis Info http://www.hf9blwwuwpx7j8k.live/pgnt/?9rn4nZSH=jggKibTkaQnsv+2bz686sPrTKpZZj5Y7aAqpZixHsFh0T3weMU/cyshvM3OEWd3UvH/Dq+t9ATMUuDnmaxwczBaDQ+rEYQWWB3PST8s=&w2=jFQp3Rm0k - rule_id: 23650 http://www.easy005.xyz/pgnt/?9rn4nZSH=c6ZjPMR1KypLsYL8ZObHXIR8yq1gidghehR4txHs12y83WCLVbV9I23DeUmMEfmlfVnaxELxUHkqoDbKi0r8vsl7teQksvkhOq4cf7k=&w2=jFQp3Rm0k - rule_id: 24125 http://www.terratechpower.com/pgnt/ - rule_id: 24126 http://www.sqlite.org/2020/sqlite-dll-win32-x86-3330000.zip http://www.asiadesign.xyz/pgnt/?9rn4nZSH=h/dOLV7ogV91l6oB44/AYdolrnnmd0FTCCZkgEZfW+MDpsF7VPxAGLSAH18Os+ph5CHWuTyLlvX+1xLdeJRkC81tD9Sfyu2T9cG67js=&w2=jFQp3Rm0k - rule_id: 23651 http://www.asiadesign.xyz/pgnt/ - rule_id: 23651 http://www.easy005.xyz/pgnt/ - rule_id: 24125	10 Info www.hf9blwwuwpx7j8k.live(216.18.208.202) - mailcious www.asiadesign.xyz(85.159.66.93) - mailcious www.terratechpower.com(154.204.248.137) - mailcious www.easy005.xyz(175.41.16.124) - mailcious www.sqlite.org(45.33.6.223) 216.18.208.202 - mailcious 85.159.66.93 - mailcious 175.41.16.124 - mailcious 45.33.6.223 154.204.248.137 - mailcious	3	6	8.8	M	43	ZeroCERT

4	2022-12-09 10:41	vbc.exe 5113abb28878ff293661fc23685a48bf Generic Malware PE File PE64 VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself					2.4	M	17	r0d

5	2022-12-09 09:59	vbc.exe 5113abb28878ff293661fc23685a48bf PE File PE64 VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself					2.4	M	17	ZeroCERT

6	2021-10-28 11:08	vbc.exe 947b72694e25a2fefcfadd3aeec7c0a1 NSIS Generic Malware Malicious Library UPX PE File PE32 DLL Emotet VirusTotal Malware Code Injection Check memory Creates executable files unpack itself AppData folder					4.2		27	ZeroCERT