Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8761	2021-06-01 17:20	info_10621.xlsb 4567910e5ab113f08eb7edd48152074b Gen1 Gen2 PE File DLL OS Processor Check PE32 VirusTotal Malware MachineGuid Check memory Checks debugger WMI unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName crashed	2 Keyword trend analysis Info http://authd.feronok.com/Y_2Bxq_2FCq_2/F7MtFfN9/OaOiUxVKaMBar_2Bwadu9JI/5f2JIT1R6z/wqyp5OYH26_2FCxoz/4cOT1gafxSEk/1G5XsW988_2/BjdSRlF7L4UAwI/jcsnuDJ33Fm5LZiPOHvvA/PAjjFqU39DDThmrZ/eR22M_2Fe0ePvSa/5l4TtOyHif5dcS9VgY/EtNp35w6x/i4xoaI04WasHjLAOvTF6/tc4VmpY6u_2F8heA9cW/KMPn27BMSv_2B3g7Hp4Ztp/SRUmhDBdfjn5m/rRGd_2Bb/Kx_2FAWnV71TDHDIMbMeb_2/BNfwSQhYk9/_2Fu_2BOoxOVDOIkf/D2gC2K1i https://megoseri.com/app.dll	4	1		5.8		12	ZeroCERT

8762	2021-06-01 17:04	consoleapp5a.exe 0ffde20bbcf9388a2b446c90222ac410 AsyncRAT backdoor AntiDebug AntiVM PE File .NET EXE PE32 Dridex TrickBot VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Kovter Windows DNS crashed	1 Keyword trend analysis	3	2	1	12.4	M	44	ZeroCERT

8763	2021-06-01 09:37	fsoleApp1.exe b9e9adf06ee8e96deae78c73127ffff6 AsyncRAT backdoor SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces VMware IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4		14.6	M	32	ZeroCERT

8764	2021-06-01 09:28	QUAConsoleApp5.exe 51ee29d68a7aefead4a82af353bab78c PWS Loki[b] Loki[m] AsyncRAT backdoor DNS KeyLogger ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Malicious Traffic IP Check Tofsee	2 Keyword trend analysis	6	2		3.0	M	34	ZeroCERT

8765	2021-06-01 09:25	Yx3PBY9RC15I0sLk.jpg.ps1 18fd76d1d31e0833d26a36729842c5f7 Antivirus GIF Format VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	2	1		9.2	M	2	ZeroCERT

8766	2021-05-31 18:05	asd80.exe b7c53f778e82c1594d8a1a27ebb65af0 AsyncRAT backdoor SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces VMware IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4		9.4		23	ZeroCERT

8767	2021-05-31 11:25	qv55b3lqjXhJQckX.jpg.ps1 6ee03a2d6b4558fa09cdf1e33dcaa897 Antivirus GIF Format VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key	4 Keyword trend analysis Info https://cdn.discordapp.com/attachments/834258459628535898/846168516519657512/firefox.bat - rule_id: 1678 https://cdn.discordapp.com/attachments/834258459628535898/846168516519657512/firefox.bat https://cdn.discordapp.com/attachments/834258459628535898/844363329371897866/firefox.lnk - rule_id: 1677 https://cdn.discordapp.com/attachments/834258459628535898/844363329371897866/firefox.lnk	4	1	2	9.4		1	ZeroCERT

8768	2021-05-31 09:37	Ls_Droid_v1.1.9.0.exe a1459b6cd648d10da05707b69166d2f6 Anti_VM .NET EXE PE File PE32 VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Checks Bios Detects VMWare Check virtual network interfaces VMware anti-virtualization Tofsee Windows Firmware crashed	1 Keyword trend analysis	3	1		9.2	M	31	ZeroCERT

8769	2021-05-28 08:28	covid.exe 5bcb9ac769b8c069e202b42b16773af7 Malicious Library DNS AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Tofsee Windows ComputerName DNS DDNS	2 Keyword trend analysis	6	4		16.6		21	ZeroCERT

8770	2021-05-28 08:26	seleja.exe 38976248b5751e588795a5c9c4ca0327 PE File OS Processor Check PE32 VirusTotal Malware PDB Malicious Traffic unpack itself Tofsee Windows DNS crashed	3 Keyword trend analysis Info http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe http://r2---sn-3u-bh2z7.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=175.208.134.150&mm=28&mn=sn-3u-bh2z7&ms=nvh&mt=1622157617&mv=m&mvi=2&pl=18&shardbypass=yes https://update.googleapis.com/service/update2?cup2key=10:1895035685&cup2hreq=72915f2a185bd04d4a4507b96e78435e1e4d450e3fccbcf7802dca34e4dee720	2	1		4.6		18	ZeroCERT

8771	2021-05-28 08:22	Delivery Order 92281186.xls 7967d491dfb9148f1bb51cdb3acedbab VBA_macro MSOffice File VirusTotal Malware unpack itself Tofsee DNS	10 Keyword trend analysis Info https://surustore.com/image/cache/catalog/demo/banners/h0dD8T2aNRz.php https://ntf.gov.sb/components/com_acysms/views/unsubscribe/tmpl/8Wa80ysYUv6Klh.php https://brandsites.gunwebhosting.com.au/site/wp-includes/Text/Diff/Engine/eUhebviTSOzDZ.php https://bellaloveboutique.com/wp-content/themes/salient/includes/partials/tgTzKdqzGivuZ9.php https://prediction2020.com/wp-content/plugins/really-simple-ssl/testssl/cloudflare/jDN6wmFidG65.php https://ootashop.com/catalog/language/ar/extension/captcha/Iz40CaCFx.php https://ourcomm.co.uk/wp-content/plugins/buddyboss-platform/bp-moderation/classes/SXDetkgsnPP.php https://srivinaysalian.com/wp-content/plugins/catch-instagram-feed-gallery-widget/public/css/jYfe4b9imB.php https://marcoislandguidebook.com/wp-includes/js/tinymce/plugins/charmap/xltGrJWiK.php https://alpax.elcanotradingcorp.com/public/bower_components/jquery/src/ajax/oAIZxkctW.php	20 Info marcoislandguidebook.com(192.185.79.55) - mailcious brandsites.gunwebhosting.com.au(122.201.118.64) - mailcious ootashop.com(199.188.205.57) - mailcious ntf.gov.sb(192.185.32.234) - mailcious alpax.elcanotradingcorp.com(108.167.181.248) - mailcious ourcomm.co.uk(217.160.0.196) - mailcious surustore.com(192.158.238.23) - mailcious prediction2020.com(107.160.244.54) - mailcious bellaloveboutique.com(107.180.58.44) - mailcious srivinaysalian.com(216.37.42.46) - mailcious 192.185.32.234 - mailcious 108.167.181.248 - mailcious 216.37.42.46 - mailcious 107.160.244.54 - mailcious 192.158.238.23 - mailcious 122.201.118.64 - mailcious 107.180.58.44 - mailcious 199.188.205.57 - mailcious 192.185.79.55 - mailcious 217.160.0.196 - malware	4	1	3.8	M	20	ZeroCERT

8772	2021-05-28 08:22	test.exe 0e24059570f9655711ba4454c21c9e2e AsyncRAT backdoor .NET EXE PE File PE32 VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows	1 Keyword trend analysis	4	8 Info ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA TLS invalid record type SURICATA TLS invalid record/traffic ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET HUNTING Request to .XYZ Domain with Minimal Headers ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download		3.2	M	25	ZeroCERT

8773	2021-05-28 08:21	file3.exe 4fbb9246662af8c36caf102eccf4bff0 AsyncRAT backdoor BitCoin AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	2		12.4		8	ZeroCERT

8774	2021-05-28 08:09	ConsoleApp10.exe d2470e33e04e12bdc2acf475f40da080 AsyncRAT backdoor PWS .NET framework SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces VMware IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4		9.6		33	ZeroCERT

8775	2021-05-27 17:42	relese.exe 67c0f9f7a63db607929cfbae83442911 AsyncRAT backdoor NPKI Gen2 AntiDebug AntiVM PE File OS Processor Check PE32 DLL .NET DLL PNG Format JPEG Format MSOffice File .NET EXE PE64 VirusTotal Malware PDB Code Injection buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder Tofsee Windows Exploit Remote Code Execution DNS crashed	3 Keyword trend analysis Info http://cacerts.digicert.com/DigiCertGlobalRootG2.crt http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.6.1&processName=Svc_host.exe&platform=0009&osver=5&isServer=0 https://go.microsoft.com/fwlink/?linkid=850289&tfm=.NETFramework,Version=v4.6.1&processName=Svc_host.exe&platform=0009&osver=5&isServer=0	5	1		7.6		48	ZeroCERT