Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
1	2022-07-29 09:42	vbc.exe e3f61572c6aff7954e948d5e829593b1 Formbook PWS .NET framework Generic Malware Antivirus AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	8 Keyword trend analysis Info http://www.lendana.net/agjr/?9rz8FzAh=RLPrgi6zXzxazkIO08wA4We7IyJr7/AqVNuUchigLl6UTdzpL7ASSLO4e8ih3pKyl7USooaVHobrnzgFxZbXcwSRjTVhavlq0x9S+4A=&mlvx=fZU8pTY0MT2trP http://www.bdoranoilgasltd.com/agjr/?9rz8FzAh=wLgJm0zEN2ATms2/CyDHu0TfQmq0Qdx9BIX7BSDR0lyiVzgJQd6T1ThEupbW8wyYcCRWDLx3n0hYKwqwkbL/iO25XFunPFcbHS+/t1o=&mlvx=fZU8pTY0MT2trP http://www.bt-vip1.com/agjr/?9rz8FzAh=cMvUU+iRx5dPYw4DF8Z3ADZbRliYC2ERcjdIPLlnxH/bLxeYplKwUpLXGSto7dGpFXcTNmqbt/tuoogMVd+yABMfw/FgUsgcEu4Nx5A=&mlvx=fZU8pTY0MT2trP http://www.stringerville.com/agjr/?9rz8FzAh=Gh6tluMPQTcPzyNG3zRmzh0pGICJSQ0CUkM68yXk4Zf2KgIpjM56r3gFfc5RNnk2iDOxxtSdUz6lpnbsV5fRyyCc5U2lcTVCcnegnGU=&mlvx=fZU8pTY0MT2trP http://www.labouchedeli.com/agjr/?9rz8FzAh=Q1WOsUBcDfdQ3aMTDXwxoUuH9advFFpSbncEIUbmsSSzX/3pU7s/FUVesXbRs6YgXTF/hEXOzS3t03OE2MkP72joJzE2hGlxVlRwVNY=&mlvx=fZU8pTY0MT2trP http://www.moderze.life/agjr/?9rz8FzAh=zl4Ji3koWtggKuUOv6IQWcypBjnDnWrEcGs8NoP88FgwQ4RslMBdACHlWLRkTFsphRZ0UGdbDU3dRCHToxp66exSOm+4LFPvyZcMEXM=&mlvx=fZU8pTY0MT2trP http://www.anadolusapka.online/agjr/?9rz8FzAh=Ziwi+MOuEvxfO0fPeip2RgoZ3VKWyZFusvZTRgj/0hR5lWFpe2KzX8djOidUJftkaPA/8X5+ORwARb1PnnEaI9T5rxXTPIHE8VQ+V4I=&mlvx=fZU8pTY0MT2trP http://www.dohsrdmoney.com/agjr/?9rz8FzAh=MIHXyzReQtTKKXsL4NjRRigJE4TWaimoTOG+nOUfQu98OOW6g24o0SH/ypdTtMYzylzRxOnqTw2p75VeE5ZfvnoiMUf8y7KO2x18GDI=&mlvx=fZU8pTY0MT2trP	16 Info www.anadolusapka.online(93.89.226.17) www.bdoranoilgasltd.com(209.205.209.34) www.stringerville.com(208.111.34.205) www.moderze.life(63.141.245.131) www.lendana.net(104.237.50.195) www.labouchedeli.com(45.207.118.25) www.dohsrdmoney.com(185.53.179.170) www.bt-vip1.com(104.21.46.34) 208.111.34.205 93.89.226.17 - mailcious 104.21.46.34 209.205.209.34 - mailcious 185.53.179.170 - mailcious 45.207.118.25 63.141.245.131 104.237.50.195 - malware	3	11.6	M	36	ZeroCERT

2	2022-07-28 09:41	paa.exe 5582e1c745e771410a2965357131b053 Formbook PWS .NET framework AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	6 Keyword trend analysis Info http://www.a23ch6.com/qoi4/?6l8P=mIg87o12jzktjGWoLXQStMIohSsxD92YnMqcbW5KBzVguoRlbdwo+XlYMzVr8y7x+BIPJY6XNjFnoxPODanDntHOZ+zgUXhg032Cr6w=&llvt=fTUHuTCXE2JLWT http://www.greendairyfarm.com/qoi4/?6l8P=qgHH7vfSBq5MI1LUsjmLV+IKjIXhQCANWPpnI5yupmFwyIu0iF8qG57aZhjT00z0CZcbevcdEVr31L0MUgKgx65SWeX4ofARvhAtufU=&llvt=fTUHuTCXE2JLWT http://www.remont-1996.site/qoi4/?6l8P=bQk6Y1OkMVmb/cUeIaVSdyMq0XerQSbKTq49KKLDbjeZi+OpYPCssBxMKxcZx57KYghUYPJMCIWK/OKIKQpwDgud7rUmeilg3HLQVws=&llvt=fTUHuTCXE2JLWT http://www.sendermagic.business/qoi4/?6l8P=if7eE2IjIWIlbnxRL0vImw435VHyahisow6UE3OXQu7eX1NDLV+od3OPh/G+06YA0D2rYFym5cG5x/eq7x8mgvw//6g4zmHc1kkjGvE=&llvt=fTUHuTCXE2JLWT http://www.iwon50199.com/qoi4/?6l8P=nB9x6MTouR6kXPwp0/2iZlq1skyCis32LbZuT8gqLva0MoDVg7giq6H0py4LQH3VAmtrwyRb2eO+DFheeiLtTogDgUDJXFJ06fxMgPg=&llvt=fTUHuTCXE2JLWT http://www.arseen.art/qoi4/?6l8P=0TdWdSizF8c3LXpBIEScS6o3fxNG1Ql6R/OEopi7yMG7wr8kOtrHzbCevgANQN7bvkzFjl3F1wYe66IYUQjhPvSMhhAN3vf/1PX8mx8=&llvt=fTUHuTCXE2JLWT	13 Info www.a23ch6.com(45.195.204.62) www.remont-1996.site(178.63.50.103) www.mtprospects.com() www.iwon50199.com(103.183.154.35) - mailcious www.greendairyfarm.com(156.246.230.253) www.sendermagic.business(104.21.88.31) www.arseen.art(91.216.248.22) 45.195.204.62 156.246.230.253 103.183.154.35 - mailcious 104.21.88.31 91.216.248.23 178.63.50.103	1	10.0	M	50	ZeroCERT

3	2022-07-28 09:28	scrss.exe 3974f1aac0c9b865dba7d775ade14aac PWS[m] PWS .NET framework NPKI email stealer Socket DNS Code injection KeyLogger Downloader Escalate priviledges persistence AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS		3	1	13.2	M	51	ZeroCERT

4	2021-07-15 11:34	.wininit.exe a4231c7431f34ce5f1aeecd2c366008a Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	16 Keyword trend analysis Info http://www.sneakerssupermarket.com/7bun/?GzuX=PvR5U4CzamzH6G3sNGXTSLQaZtYsYmwgNdhhHTSdAYxz5ww0kg2mXAm8Th9XkZs+eILT2cdA&AnB=O2MxwrzxV http://www.modelsclinic.com/7bun/?GzuX=m3w4Bdh9bpVNFCkrZz/g9Z5fhYKoHVPPCMLJMgvkrgV2SA7hLU3dgzZ+CJeMd9qFkfdDn2KB&AnB=O2MxwrzxV http://www.2018luzy.com/7bun/ http://www.thehaphazardhomeschool.com/7bun/ http://www.2018luzy.com/7bun/?GzuX=g35u4EyrkW3rEL1JEcpIEg1/sczhXn0QOEPPJxt5HYf46Nv5O0mcuIhE9EM9an3WCxnyXQE9&AnB=O2MxwrzxV http://www.scholarlyleadership.com/7bun/ http://www.enlightenmenttalk.com/7bun/ http://www.scholarlyleadership.com/7bun/?GzuX=hk4hT8PvzN7nHrw/p5MDcjpW73fNgGMfvTyI/m77+fOFqrLM/OlrUKGASMrwZBUx6zw+ZdSx&AnB=O2MxwrzxV http://www.bk-707.com/7bun/ http://www.enlightenmenttalk.com/7bun/?GzuX=e+jirH21b6Bs+4mj+0HfmShjT7e/46sxFP9zszjSk6qxzG6Gc5dc28nSJf5O5wgSAQmXXH7R&AnB=O2MxwrzxV http://www.thehaphazardhomeschool.com/7bun/?GzuX=XsE2DkapAHCJ4LAsoDXWOSELWcifcHP4gCVqiw16EiKnX6rAYptoaBMRcr+2q0gKis7ji90s&AnB=O2MxwrzxV http://www.sneakerssupermarket.com/7bun/ http://www.chameocarajf.com/7bun/ http://www.bk-707.com/7bun/?GzuX=U8dEOFQwatqmMeUIf8+xjfMEi+QHZ78yHCVkXGW0zuDP3xp5Sb4izGVZ6gnoCR9Zglx5uhU/&AnB=O2MxwrzxV http://www.chameocarajf.com/7bun/?GzuX=wvDqrLAPMF2RNpFbOT3QZsFyHSWghwlMvddKBC7GRap2w/vObToqQirxvXj+lV8cPNTq78JX&AnB=O2MxwrzxV http://www.modelsclinic.com/7bun/	15 Info www.enlightenmenttalk.com(34.98.99.30) www.chameocarajf.com(162.241.62.75) www.thehaphazardhomeschool.com(162.241.216.80) www.sneakerssupermarket.com(34.102.136.180) www.modelsclinic.com(34.102.136.180) www.ravelcophx.com() www.bk-707.com(104.21.70.228) www.2018luzy.com(45.39.16.117) www.scholarlyleadership.com(34.102.136.180) 45.39.16.117 162.241.216.80 162.241.62.75 34.102.136.180 - mailcious 172.67.140.42 34.98.99.30 - phishing		9.0		40	ZeroCERT

5	2021-07-14 09:02	crpYSZLkHw0n3SH.exe 3b2369bdc8d2d7d0712a4e9cfb21e299 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) PE32 PE File .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself crashed				2.2		20	ZeroCERT

6	2021-06-06 09:53	loud-0098.exe bf93de4660852c5c49dfba5cb0b87fd1 AsyncRAT backdoor PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Anti_VM Malicious Library PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows ComputerName DNS Cryptographic key crashed				2.6		11	ZeroCERT

7	2021-05-26 09:45	y5.exe a923bf5fba472d85713560b15ccede99 PWS .NET framework Malicious Library AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key				7.4	M	28	ZeroCERT

8	2021-05-25 18:06	mna.exe df8c895d1e6b9fb4e3914a6c4b7e3a31 PWS .NET framework Malicious Library SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed				12.8		30	ZeroCERT

9	2021-04-27 07:44	PAa4O8FlG6VW063.exe b1149708e8e0bbe6d4c5817e3a14eed6 PWS .NET framework Malicious Library AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed				11.6		22	ZeroCERT

10	2021-04-26 17:59	winlog.exe 4b233f24f3a1a17bb7e23f49e7589806 PWS .NET framework Malicious Library AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities AppData folder Windows Cryptographic key				9.6	M	24	ZeroCERT