Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
15361	2021-11-14 18:19	7587_1636789492_9651.exe fcb63eaba491f872aa88f9ae02f257f9 Lazarus Family Themida Packer Malicious Library UPX PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Checks Bios Collect installed applications Detects VMWare VMware anti-virtualization installed browsers check Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed		1			9.2		40	ZeroCERT

15362	2021-11-14 18:21	Radiophony.exe e639300660165b56b26ae9e713bd2ccd RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1			11.0		34	ZeroCERT

15363	2021-11-14 18:21	Request_000517_031077PDF.exe bcf64360f1b1dd0f4dbb00f69fb1637c RAT Generic Malware Malicious Library UPX SMTP KeyLogger AntiDebug AntiVM PE File OS Processor Check PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	3		14.8		42	ZeroCERT

15364	2021-11-14 18:23	6040_1636637595_6269.exe 84dd06d1e6237944e337d213947e1949 Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.2		49	ZeroCERT

15365	2021-11-14 18:23	9763_1636793427_1532.exe eab61e05d00c017bc2e4d719277406b8 RAT PWS .NET framework Generic Malware UPX PE File PE32 .NET EXE VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself anti-virtualization Windows ComputerName DNS Cryptographic key		1			4.8		23	ZeroCERT

15366	2021-11-14 18:25	Irreducible.exe 7aa7dc1797e0902324acf13aab289ced RAT Generic Malware PE64 PE File VirusTotal Malware Check memory Checks debugger unpack itself					1.8		5	ZeroCERT

15367	2021-11-14 18:25	search1001.exe 9ff93d97e4c3785b38cd9d1c84443d51 Generic Malware Malicious Library UPX AntiDebug AntiVM PE File OS Processor Check PE32 VirusTotal Malware PDB Code Injection Checks debugger buffers extracted unpack itself WriteConsoleW					6.8		48	ZeroCERT

15368	2021-11-14 18:28	friday.exe 75901df8091e9769971fb550d1de2144 RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed					9.0		33	ZeroCERT

15369	2021-11-14 18:29	vbc.exe 862cc74dadd15cd9f8cebfbd23dcf07f RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	6 Keyword trend analysis Info http://www.floridawp.com/scb0/?GzuD=9/BqtxNJhSE/jnEmhw/jJ2i6+zR3ejBZmh2LifaRE3cbasx521HSBP9EZz5Y1ayCoextGFjB&AlB=O2MxhlsHi http://www.medchemic.com/scb0/?GzuD=rH1WwaW1yHBAvxkBaGNiAvQbWXUrp1RT/W1FLLKV2kI7heGaZanJJSmQIo3vE23qZDCeIbu+&AlB=O2MxhlsHi http://www.krallechols.quest/scb0/?GzuD=XHAF2WnsVWh3Xtb4trV3Cr1d9KXYf9+Xd4yyhdgFxkN4v728EEpujlORpbln8yXvxRQ7qyh6&AlB=O2MxhlsHi http://www.lafabriqueabeille.com/scb0/?GzuD=Fq2LCo+OmuFI0F6UFf6oGUX4emiKH+nbJ+jp6lKcU3kbPt44QMZnfh9LthJX8Ei6b12Ppx2P&AlB=O2MxhlsHi http://www.jyh8882.com/scb0/?GzuD=bwd76U6LKZBpNEQppVR7cMNK+MMlT0YfxlJ4bO8ndhDvr8vJL26qIqHfcLJfN8ylP/phNSmM&AlB=O2MxhlsHi http://www.fearlessthread.com/scb0/?GzuD=e+prZ6QI+RKMJqROSGOehneQQaNYgX6sD4NIoSlaRQr2yLMWPyCBcsmU1B9QH+Vq/gKOdjUH&AlB=O2MxhlsHi	16 Info www.flirtylocals.xyz() www.slowtravelco.com() www.lipagent.com() www.traexcel.com() www.medchemic.com(147.255.132.172) www.floridawp.com(107.187.86.150) www.jyh8882.com(112.121.161.235) www.fearlessthread.com(34.102.136.180) www.lafabriqueabeille.com(217.70.184.50) www.krallechols.quest(37.123.118.150) 37.123.118.150 - mailcious 34.102.136.180 - mailcious 217.70.184.50 - mailcious 147.255.132.172 112.121.161.235 107.187.86.150	1		8.0		27	ZeroCERT

15370	2021-11-14 18:29	7870_1636781441_9630.exe d985b4cfdceecc3c0fe4f3e4fda4e416 Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.0		36	ZeroCERT

15371	2021-11-14 18:32	vbc.exe 412241a9318ff1dac966423d98e42ca6 PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	8 Keyword trend analysis Info http://www.deployinghigh.com/scb0/?9rQl7P=1DV0eO4kJiJNxuN2NC8jnliuIX7lRL3KSKwwbrC6KESnHqtS0qDm0NQ9LjS+CBttGwc/wZTO&EhL0Nv=gdDdYxcPgT http://www.cristinadiasoficial.com/scb0/?9rQl7P=xcUwzm5AKbNZuF+udINpgNQGs7ZcCf5DT111eJpTnIuO7QJ0Clnvam2qMO8p5fu5I+9ybm0j&EhL0Nv=gdDdYxcPgT http://www.immerseinagro.com/scb0/?9rQl7P=V2AhuswC1P46yg8mld4fAQ83YKitkH0oGD7+M9jGtaYzYYMeFRZV2UcC5NYHCCcY1xdn8maR&EhL0Nv=gdDdYxcPgT http://www.goalcations.com/scb0/?9rQl7P=SfGMfCp7uIIB1tbsl+yQPkhmSyoMzqz2TVHBfM1gYCrv30DfJ1+JgDIZN09XfYAkjCp672Pm&EhL0Nv=gdDdYxcPgT http://www.llaa11.xyz/scb0/?9rQl7P=LvVOqUj382vn4xaDmPdNbROBsfmX8/xJXi3b40WP3Ow6Tel98yunW6JlZzwoyviXGhVkmuQf&EhL0Nv=gdDdYxcPgT - rule_id: 6170 http://www.14ideedumois.com/scb0/?9rQl7P=oqfA6x77u361mCKs4r66LQPATf2CKHXAXMZR4iLG+aRNgHDbZbNndjU4rvrEbzIaUDNfJuvR&EhL0Nv=gdDdYxcPgT http://www.kak-izbavitsya.xyz/scb0/?9rQl7P=tOydRCjvvPPw5thFTrHtvmA4zy3L3TNyRxRnzpeyKOszHAVqTm6RKOyP0c6F87luRRnA6Z3m&EhL0Nv=gdDdYxcPgT http://www.nothernballet.com/scb0/?9rQl7P=oJTIyACURGzoGr71EzWjLujKpZPXvTg1NdHBUw2JclKO8hu6YiEMGQm3R4LTlNlMeZ7aNHk1&EhL0Nv=gdDdYxcPgT	17 Info www.llaa11.xyz(104.21.59.243) www.nothernballet.com(52.37.245.235) www.wildcatsclan.net() www.cristinadiasoficial.com(162.241.2.97) www.kak-izbavitsya.xyz(91.189.114.25) www.14ideedumois.com(37.187.131.150) www.deployinghigh.com(70.40.216.90) - mailcious www.immerseinagro.com(138.128.160.162) www.goalcations.com(162.241.216.89) 162.241.216.89 138.128.160.162 - malware 37.187.131.150 91.189.114.25 - malware 44.238.240.115 162.241.2.97 172.67.185.212 - mailcious 70.40.216.90 - malware	2	1	8.2	M	38	ZeroCERT

15372	2021-11-14 18:32	ganfarm.exe 79e8c2be36b9fb14ae33b6a0ca26c503 AntiDebug AntiVM PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Checks Bios Collect installed applications Detects VirtualBox Detects VMWare VMware anti-virtualization installed browsers check Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed		1			15.0		21	ZeroCERT

15373	2021-11-14 18:32	211_1636780637_5258.exe 7186ace185636ae6370b741b93ca8d0f AntiDebug AntiVM PE File PE32 VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself Checks Bios Detects VirtualBox Detects VMWare VMware anti-virtualization Windows Firmware DNS Cryptographic key crashed		1			12.2		22	ZeroCERT

15374	2021-11-14 18:34	tK9mduyBPQVh9gvP.exe 83a39ec648f04bdfc64288a4c503c7ba Generic Malware PE File PE32 .NET EXE VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces ComputerName crashed	1 Keyword trend analysis	2			4.6		44	ZeroCERT

15375	2021-11-14 18:36	1713_1636727569_1149.exe 8ba1ad22db58fccdca33c2def32062b5 RAT Generic Malware PE File PE32 .NET EXE Browser Info Stealer VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	3	1		6.6		37	ZeroCERT