Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
15046	2021-11-07 09:55	jay.exe 67b22060d175f37d003e88c756499344 AgentTesla(IN) RAT Generic Malware Malicious Packer Malicious Library UPX PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Windows Browser Email ComputerName Cryptographic key Software crashed					5.8		50	ZeroCERT

15047	2021-11-07 09:57	pub33.exe 506e6aff106a5c2fe532cade93779f39 Malicious Library UPX PE File OS Processor Check PE32 PDB unpack itself					1.4			ZeroCERT

15048	2021-11-07 09:57	top.exe ec96328f54c17fa67a308772e6987d0c Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.2		29	ZeroCERT

15049	2021-11-07 10:00	8472_1636139279_2567.exe b5a266b9f61e60df3c6d70770f85402b RAT Generic Malware UPX AntiDebug AntiVM PE File PE32 .NET EXE FTP Client Info Stealer VirusTotal Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI unpack itself anti-virtualization Windows ComputerName DNS Cryptographic key Software crashed		1	1		9.4		38	ZeroCERT

15050	2021-11-07 10:00	5218_1636129827_6964.exe 19abe21384d04e29c5390a6ce72fb271 RAT Themida Packer Generic Malware Malicious Library UPX AntiDebug AntiVM PE File PE32 PE64 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files ICMP traffic unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare Check virtual network interfaces suspicious process AppData folder VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed	2 Keyword trend analysis	5	1		19.8		22	ZeroCERT

15051	2021-11-07 10:01	crlxhpxtnp.exe 133b2635684c0ed6170099b8aa46044c RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself					7.4		37	ZeroCERT

15052	2021-11-07 10:01	mix.exe e8b8ef36382d2d0487ce1a496db31f64 Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.4		34	ZeroCERT

15053	2021-11-07 10:04	5831_1636146742_1099.exe 946c84dfac371134c10e3dbdb733fdc9 Generic Malware Themida Packer UPX AntiDebug AntiVM PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Checks Bios Collect installed applications Detects VirtualBox Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1		16.4		31	ZeroCERT

15054	2021-11-07 10:05	rollerkind.exe 74e67a935b1d792b6500d5682b544051 Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.2		22	ZeroCERT

15055	2021-11-07 10:12	leh5 2f10ba7d7cabbff26172fa9befcac2c2 Malicious Packer Malicious Library UPX PE64 PE File OS Processor Check DLL Checks debugger					0.8			ZeroCERT

15056	2021-11-07 10:16	qwe.exe 85ec477462d743926f740b17c40b323a Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					2.2		25	ZeroCERT

15057	2021-11-07 10:17	2449_1636107787_994.exe 7f55f42bd867a00bb509c47b3bc1b099 Generic Malware Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					2.6		48	ZeroCERT

15058	2021-11-07 10:19	vbc.exe 43a557dd112a633e87b6536d70154951 NSIS Malicious Library UPX PE File PE32 OS Processor Check DLL VirusTotal Malware Code Injection Check memory Creates executable files unpack itself AppData folder		2			6.6		40	ZeroCERT

15059	2021-11-07 10:20	rundll32.exe 3405753ab2f4f4f4560b9376bcff7676 RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	7 Keyword trend analysis Info http://www.benisano.com/fqiq/?b6=1FzMW+0+OiUuFtKwwdX+18qfmmqzzEGxfDkpxhvrj8NPxWXEAOb928cDHixNpwT1SnXUPxEA&DbG=_DKdFj - rule_id: 7072 http://www.benisano.com/fqiq/?b6=1FzMW+0+OiUuFtKwwdX+18qfmmqzzEGxfDkpxhvrj8NPxWXEAOb928cDHixNpwT1SnXUPxEA&DbG=_DKdFj http://www.healthyweekendtips.com/fqiq/?b6=nFNrhldW1G3Iuc6NBw1UbSwwpktYb/50pHeyo/0a7tjLnrEnAw7KG36PTjcGJ5KEduXnU9Wd&DbG=_DKdFj - rule_id: 6446 http://www.mambacustomboats.com/fqiq/?b6=oM7C4s4IgTsCMDsM97tedYlymorHgm5Kv3M2/2amrfi4uqOFLGFzoQjLNIK3nvWL7hHP1K8A&DbG=_DKdFj http://www.qianhaijcc.com/fqiq/?b6=+GyJfJw7hTzGSWjLzSxzubcql+EX4XT+GbaCNiPPdvi0qO0hFgG0Ehnd2eXgZFp2PjMwiybO&DbG=_DKdFj - rule_id: 7360 http://www.qianhaijcc.com/fqiq/?b6=+GyJfJw7hTzGSWjLzSxzubcql+EX4XT+GbaCNiPPdvi0qO0hFgG0Ehnd2eXgZFp2PjMwiybO&DbG=_DKdFj http://www.farmersfirstseed.com/fqiq/?b6=LbdaYrSs38N8uIwY7oVDq2uzukwE8JpfT85YdDwPyg/SznV3VAz0OihEXjn7VBiJtsEJeDaz&DbG=_DKdFj	12 Info www.shenjiclass.com() - mailcious www.begukiu0.info() www.healthyweekendtips.com(172.67.216.2) www.mambacustomboats.com(64.190.62.111) www.benisano.com(154.55.180.142) www.qianhaijcc.com(23.110.31.106) www.farmersfirstseed.com(34.102.136.180) 104.21.78.41 - phishing 23.110.31.106 34.102.136.180 - mailcious 64.190.62.111 - mailcious 154.55.180.142	1	3	8.2	M	27	ZeroCERT

15060	2021-11-07 10:21	VENDOR.exe ba9aa7b337adc84617853e39d5d61dbf AgentTesla(IN) RAT Generic Malware Malicious Packer Malicious Library UPX PE File PE32 .NET EXE Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows Browser Email ComputerName Cryptographic key crashed		2	2		5.6		45	ZeroCERT