Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	VT	Player
15406	2021-11-15 14:38	Pneumatohydatogenetic.exe 49d9139a5794cdbe6fecf97519ffdd8c RAT Generic Malware Malicious Library UPX PE File OS Processor Check PE32 PE64 VirusTotal Malware PDB Check memory Checks debugger Creates executable files unpack itself				2.8	37	ZeroCERT

15407	2021-11-15 14:41	9013_1636897460_6375.exe 37a34d4e4c8658425c1d5a97b66501b4 Themida Packer UPX PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware Cryptographic key Software crashed	1 Keyword trend analysis	4	1	9.6	35	ZeroCERT

15408	2021-11-15 14:41	2472_1636906474_44.exe d83cad616e858959947a4d0efe5ee721 RAT Generic Malware UPX AntiDebug AntiVM PE File PE32 .NET EXE PE64 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications Check virtual network interfaces anti-virtualization installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	1	4	13.0	26	ZeroCERT

15409	2021-11-15 14:43	3188_1636904223_1182.exe 2c4d94d76dbd153e4e13d5d179d090b9 NPKI AntiDebug AntiVM PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1		12.2	32	ZeroCERT

15410	2021-11-15 14:43	nevermiss.exe 0ac34cf9b5240f5891b1858be02adc14 Gen1 Generic Malware ASPack Malicious Library UPX Anti_VM PE64 PE File OS Processor Check DLL VirusTotal Malware Check memory Creates executable files unpack itself WriteConsoleW				2.4	14	ZeroCERT

15411	2021-11-15 14:45	file.exe 1037068cf9de3dfab780b1311ec94a0b Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself				2.0	30	ZeroCERT

15412	2021-11-15 14:45	9588_1636920174_815.exe ea4e92c55ba38780f02876d7b23220db AntiDebug AntiVM PE File PE32 Browser Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key crashed		1		11.6	30	ZeroCERT

15413	2021-11-15 14:47	Shortfinned.exe 4108f630579979cfb8ca2bc73dcbdc07 RAT Generic Malware PE64 PE File VirusTotal Malware Check memory Checks debugger unpack itself				2.2	27	ZeroCERT

15414	2021-11-15 14:47	9285_1636897726_4425.exe b908ff420cccb907508ea529dce66d1b RAT Generic Malware UPX AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1		10.4	17	ZeroCERT

15415	2021-11-15 14:50	itaves.exe 7b1c3f5010c8703d58a2d0cfa15b3b12 Gen1 Emotet Gen2 Themida Packer Generic Malware Malicious Library UPX Admin Tool (Sysinternals etc ...) Anti_VM Malicious Packer PE File PE32 DLL OS Processor Check VirusTotal Malware Check memory Creates executable files unpack itself Checks Bios Detects VMWare AppData folder VMware anti-virtualization Windows Firmware crashed				7.6	40	ZeroCERT

15416	2021-11-15 14:50	9321_1636879708_5762.exe 41a38ac01d1ec59c3f3ccabca37c35ca Steal credential ScreenShot Http API AntiDebug AntiVM PE File PE32 Malware Buffer PE MachineGuid Code Injection Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself Tor DNS	2 Keyword trend analysis	3	2	8.6		ZeroCERT

15417	2021-11-15 14:51	hazmat.exe 38df87ccac12d33a0fa25687b1341d0e Emotet Antivirus Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware unpack itself Ransomware				2.4	38	ZeroCERT

15418	2021-11-15 14:52	prox.exe 0ed76cd7cb14cc30d04802a750bcad22 UPX Malicious Library KeyLogger ScreenShot Escalate priviledges AntiDebug AntiVM PE File OS Processor Check PE32 Browser Info Stealer Emotet Malware download FTP Client Info Stealer VirusTotal Malware powershell Telegram Buffer PE AutoRuns Code Injection Malicious Traffic Check memory buffers extracted WMI Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Zeus Windows Java Browser ComputerName Trojan DNS Software keylogger	2 Keyword trend analysis	3	11 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE Trojan Generic - POST To gate.php with no accept headers ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad ET MALWARE Win32/Spy.Agent.QAQ Variant CnC Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure ET HUNTING Telegram API Domain in DNS Lookup ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)	19.2	30	ZeroCERT

15419	2021-11-15 14:54	3590_1636885808_4574.exe d1602c13d13b21573c20b77fdb18bf26 RAT Generic Malware PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces WriteConsoleW Tofsee ComputerName	2 Keyword trend analysis	2	1	3.8	31	ZeroCERT

15420	2021-11-15 14:56	9109_1636883844_9311.exe 8297de07eccb0c209b87e9dd821eb315 Generic Malware Themida Packer Anti_VM UPX PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1	10.6	39	ZeroCERT