Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
15091	2023-03-07 09:47	Bt1_soft.exe cc290b4105ef5a94aba6d767c8bbc2de Generic Malware UPX PE File PE64 VirusTotal Malware unpack itself Windows Remote Code Execution crashed					3.0	M	31	ZeroCERT

15092	2023-03-07 09:43	vbc.exe a28b0660ea0c24b2e6b4aa9f0049cd93 RAT Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed					14.4	M	33	ZeroCERT

15093	2023-03-07 07:47	1234321.exe 526e66348d684c4f6cbf2b5c7defe69a PWS[m] RedLine stealer[m] Downloader Malicious Library UPX WinRAR Create Service DGA Socket ScreenShot DNS Internet API Code injection Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges FTP Http API AntiDebug AntiVM OS Processor Check PE VirusTotal Malware Buffer PE PDB MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities AppData folder WriteConsoleW Windows Remote Code Execution DNS Cryptographic key crashed		1			12.2	M	43	ZeroCERT

15094	2023-03-06 17:56	os.exe a18b95c829a40237ff0e7fc93aeb641b RAT Gen1 Emotet Gen2 Generic Malware Malicious Library UPX Admin Tool (Sysinternals etc ...) Malicious Packer Anti_VM OS Processor Check .NET EXE PE File PE32 DLL PE64 VirusTotal Malware PDB Check memory Checks debugger Creates executable files unpack itself AppData folder					3.4	M	27	ZeroCERT

15095	2023-03-06 17:51	rlmp32wlve.dll ab947bfaa5ae4bff95661edd82950478 DLL PE File PE32 Malware download Malware Malicious Traffic Checks debugger unpack itself ComputerName crashed	2 Keyword trend analysis	2	1		4.0			ZeroCERT

15096	2023-03-06 15:58	kuconfig.ovpn cf993cb93b53d9c7570731d23a8423cf AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName DNS		1			4.0			BRY

15097	2023-03-06 11:38	vbaProject.bin 6758dff1e94cab62cb39e0457e5bc1b0 PWS[m] VBA_macro Generic Malware Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2		4.2		36	guest

15098	2023-03-06 11:35	.rels 77bf61733a633ea617a4db76ef769a4d AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed					3.8			guest

15099	2023-03-06 11:35	.rels 77bf61733a633ea617a4db76ef769a4d PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2		4.8			guest

15100	2023-03-06 11:35	[Content_Types].xml fc309b7562155243395b07fedd6dce54 PWS[m] Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2		4.2			guest

15101	2023-03-06 11:34	[Content_Types].xml fc309b7562155243395b07fedd6dce54 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed					3.8			guest

15102	2023-03-06 10:44	mohta5.exe ce9e476de13fb6f7297d062b234ee4ec Gen1 Emotet Malicious Library UPX CAB PE File PE32 Browser Info Stealer FTP Client Info Stealer AutoRuns PDB suspicious privilege Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		1			8.2			ZeroCERT

15103	2023-03-06 10:21	DHL722918767AA.doc a8c9121e6ee657a0451f4eeb6e6865c6 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash unpack itself Exploit DNS crashed		1			4.8		34	r0d

15104	2023-03-06 10:18	O_O.DOC a3abd638cccbba1a516aea8fd2d63371 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed Downloader	1 Keyword trend analysis	1	2	1	4.6	M	34	r0d

15105	2023-03-06 10:09	cc............................... 0abfe119e17fbffb3bd81577d97de405 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed Downloader	1 Keyword trend analysis	1	2		4.4	M	27	r0d