Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8821	2021-05-18 09:56	diagram-58895225.xls 16ec6ae1941a5f788d18aa6673be5fee MSOffice File VirusTotal Malware Check memory unpack itself Tofsee crashed		2	2		2.6		15	guest

8822	2021-05-18 09:56	diagram-58650286.xls a8f34f2a8de7b470c474c50c8cd4b15f MSOffice File VirusTotal Malware Check memory unpack itself Tofsee DNS crashed	2 Keyword trend analysis	3	2		3.2		15	guest

8823	2021-05-18 09:55	diagram-553418662.xls 62c064e08d3aef1d97e64068583345d1 MSOffice File Check memory unpack itself Tofsee crashed	2 Keyword trend analysis	2	2		2.0			guest

8824	2021-05-18 09:28	Setup2.exe 46fcb8a8f7db4f6e098f1213b1955498 Gen2 Emotet Glupteba VMProtect PE File PE32 DLL GIF Format OS Processor Check Browser Info Stealer VirusTotal Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces AppData folder AntiVM_Disk sandbox evasion IP Check VM Disk Size Check installed browsers check Tofsee Windows Browser ComputerName DNS crashed	7 Keyword trend analysis	13	3		12.6		47	ZeroCERT

8825	2021-05-18 09:27	customer2.exe 6d7603e4fd4d633cae7eaee0f1029a17 Gen2 Emotet PE File OS Processor Check PE32 Browser Info Stealer VirusTotal Malware PDB Malicious Traffic Check memory Creates executable files Check virtual network interfaces AppData folder IP Check Tofsee Browser Remote Code Execution	4 Keyword trend analysis	6	2		6.4	M	59	ZeroCERT

8826	2021-05-18 09:19	file4.exe 3795c43b2e06e15edb01a8a237243b08 AgentTesla PWS Loki[b] Loki[m] AsyncRAT backdoor .NET framework BitCoin browser info stealer Google Chrome User Data DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Code injection Http API Internet API Steal cr VirusTotal Malware AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder WriteConsoleW IP Check Tofsee Windows ComputerName DNS crashed	16 Keyword trend analysis Info http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSYagvY3tfizDNoybzVSPFZmSEm0wQUe2jOKarAF75JeuHlP9an90WPNTICEAUwi3asLhWylyD7Q5X2Xzg%3D http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D http://82.146.59.236/processorDefault.php?iu=mz7PKhpn3AIZq5efow1dQ6914SBfB&HK1Vy37nlY5quElyg=1XvN&46203bcc475d4509a3a86d65325f8855=d0f20e2b176e1456ae89e4aa36cdd07d&iu=mz7PKhpn3AIZq5efow1dQ6914SBfB&HK1Vy37nlY5quElyg=1XvN - rule_id: 836 http://82.146.59.236/processorDefault.php?iu=mz7PKhpn3AIZq5efow1dQ6914SBfB&HK1Vy37nlY5quElyg=1XvN&8132fb67618ecd9be106ef9ba3717022=QM5EjZxU2YjdTZykDNwQjN3YzN2IDNjlTZ0UzYwYWY2YmMlRDN0MGM5cjNwcTN2gjM0YTM4MzN&f53d57fa5ca170272892cd3c6aa17be0=ANxYmZ0ETN3QzNhZ2MzQWZkRjM2UGOzU2N5I2YyEDZmNjZ0YjZ1kDZ&095b88682a67bcf69516cfbd401a51e6=u4iL5J3b0NWZylGZgcmbp5mbhN2U&c5c532831db1a7dab19172319a0ff14a=ANwMjZlBDM0MGMhJTOkVzNjlDOkRDZiRWO0MzM0EDMjNWZwQDNzEjN&c6dd1cba03876c3affd0f11b003ca4a6=QNwQDN2U2YiZGO2gTNyImZ5ITY4ATNiBjZ3kzYlJTYxATYwIzMzIjZ - rule_id: 836 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl http://82.146.59.236/processorDefault.php?iu=mz7PKhpn3AIZq5efow1dQ6914SBfB&HK1Vy37nlY5quElyg=1XvN&aabb8f74bac12735e9499cd9c6b8baf5=365da4edf7808b477a8d10cbf7405c61&f53d57fa5ca170272892cd3c6aa17be0=wY3AzM2ITM5YWNmljN3UDO4YDN5gjYjljMhZTO3M2YmZTOilTY2cjN&iu=mz7PKhpn3AIZq5efow1dQ6914SBfB&HK1Vy37nlY5quElyg=1XvN - rule_id: 836 http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAtqs7A%2Bsan2xGCSaqjN%2FrM%3D http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA%2BoSQYV1wCgviF2%2FcXsbb0%3D https://cdn.discordapp.com/attachments/841783192217452566/843779615813533706/build.exe https://cdn.discordapp.com/attachments/841783192217452566/843559143889829908/DCRatBuild.exe	9	3	3	12.6	M	24	ZeroCERT

8827	2021-05-18 09:18	jooyu.exe aed57d50123897b0012c35ef5dec4184 Gen2 Emotet PE File OS Processor Check PE32 Browser Info Stealer VirusTotal Malware PDB Malicious Traffic Check memory Creates executable files Check virtual network interfaces AppData folder IP Check Tofsee Browser Remote Code Execution	5 Keyword trend analysis	8	2		6.4		56	ZeroCERT

8828	2021-05-18 09:04	file5.exe 723a3fc8d6faeefe3f6ac7eca0f56570 Anti_VM PE File PE32 VirusTotal Malware unpack itself Checks Bios Detects VirtualBox Detects VMWare VMware anti-virtualization Tofsee Windows ComputerName Firmware crashed		2	1		5.2	M	25	ZeroCERT

8829	2021-05-18 09:03	mega.exe ffba772f9ca82656131883f57760fe1d AgentTesla Gen1 Gen2 DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Code injection Http API Internet API Steal credential ScreenShot Downloader P2P AntiDebug AntiVM PE File PE32 PE64 DLL Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection buffers extracted Creates executable files RWX flags setting unpack itself suspicious process WriteConsoleW Tofsee Windows	3 Keyword trend analysis Info https://hcqffw.db.files.1drv.com/y4m6dVzY8CCIhzjb-I23lqiX8p_OpgjX4UgVdcD0vA_YnoKFdHuI_cf0IQBZQmGX-eQsEGcduV3IN7eAcU_CjcQcnSp5UMgVJox_ksMyrBZxMM5xkIS4NZ1hMCXekymp67Rv6cQeoxxtT8ZaF-KX_igccR972RpYjhLBmlkgNtkaG1oMVNRD21JiWEo5UW2m9WT2m8rczGwxArlilVCac3m-A/Zgbjwrwwilzzptiybppmkkujxqzsfgg?download&psid=1 https://hcqffw.db.files.1drv.com/y4mVE2s76lcwPjMfcPCkq0z8SRIHO9DbIQsNNvOCDTHtjXuEV_NW2eFGXT_O-Ji6nLGV601ybW4ueJYpikq58o9lSIoSQFTXRVr2c0n7aj_iwFe1Elc_vM3W1Cjkvhs4DJ-tQ_Uy8y_AlyNmOjPWpkR4KCYnu4RKISMhLEaIrfJNCWU1BOYeQkDM_VfWzg2ofNrigxv_LUea2x98UWMgRC30Q/Zgbjwrwwilzzptiybppmkkujxqzsfgg?download&psid=1 https://onedrive.live.com/download?cid=56BCCEEF869BA531&resid=56BCCEEF869BA531%21109&authkey=APWq7QSqCmVR7dg	4	1		9.2		39	ZeroCERT

8830	2021-05-18 09:00	C3b.exe edc4dc3947bcadc3039095321c71572a Malicious Library AntiDebug AntiVM .NET EXE PE File PE32 Malware download NetWireRC VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW BitRAT Windows ComputerName DNS DDNS keylogger		2	1		13.6		48	ZeroCERT

8831	2021-05-18 08:58	78x.exe 48db1efd405907c867358fe6ae8111e4 PWS .NET framework Malicious Library AntiDebug AntiVM .NET EXE PE File PE32 Malware download NetWireRC VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW BitRAT Windows ComputerName DNS Cryptographic key DDNS crashed keylogger		2	1		12.6		44	ZeroCERT

8832	2021-05-18 07:43	build5_protected.exe 261d3ab4b1acf206d0d9684a3b1aece9 Anti_VM .NET EXE PE File PE32 Browser Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key crashed	2 Keyword trend analysis	3	1		8.6			ZeroCERT

8833	2021-05-18 07:33	build3.exe 16cae166b40d0d51e16764dce9d76323 .NET EXE PE File PE32 Browser Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key crashed	2 Keyword trend analysis	3	1		8.6			ZeroCERT

8834	2021-05-18 07:33	build1.exe 6add6f06cdfa94d50858317140cc31f8 PWS .NET framework BitCoin AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key crashed	2 Keyword trend analysis	3	1		10.0		13	ZeroCERT

8835	2021-05-15 16:36	staticc.txt.ps1 da43b38aeb47472f876d6feaa0df358e Antivirus VirusTotal Malware powershell Check memory Creates shortcut unpack itself Check virtual network interfaces WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key		2	2		5.8		12	guest