Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	VT	Player
15601	2021-11-18 14:37	obizx.exe dafce59283b215958f71191b6ec0fc7c PWS .NET framework Generic Malware UPX AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	1 Keyword trend analysis	3	1	9.0	23	ZeroCERT

15602	2021-11-18 14:39	Done.exe aaea0b2a1b429283fe48d824d1c40c4b Themida Packer Generic Malware Malicious Library UPX Anti_VM Antivirus Create Service DGA Socket Steal credential DNS Internet API Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot Http API P2P AntiDebug AntiVM PE Fi Browser Info Stealer FTP Client Info Stealer VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare powershell.exe wrote suspicious process AppData folder VMware anti-virtualization installed browsers check Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed		3		12.6	32	ZeroCERT

15603	2021-11-18 14:40	E5WhBhUP2dqn 356252e7a07ec1a807795cfb77629ea7 VBA_macro Generic Malware Antivirus Create Service DGA Socket Steal credential DNS Internet API Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot Http API P2P AntiDebug AntiVM Word 2007 file format(docx) VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key				8.4	20	ZeroCERT

15604	2021-11-18 14:41	file2.cms 7a8ff582c7e91af4c10019b82ada67b4 PE64 PE File DLL VirusTotal Malware unpack itself WriteConsoleW				1.6	3	ZeroCERT

15605	2021-11-18 14:42	blk00000.dat 3d4656931a8b1ba6b4b6669ea03b8c03 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				3.4		C0d3_22

15606	2021-11-18 14:42	scrss.exe 3ba80656013e9128336702a6c4eded0c PWS .NET framework Generic Malware UPX AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	2 Keyword trend analysis	4	1	8.0	25	ZeroCERT

15607	2021-11-18 14:44	7021_1637144508_486.exe 0437147f23b1eb71d19d7f647f337d08 RAT Generic Malware Malicious Packer Antivirus UPX PE File PE32 .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName crashed				3.0	26	ZeroCERT

15608	2021-11-18 14:44	qyQLbNsDZFL 93288048b2d674437e5d8adcf13d1169 VBA_macro Generic Malware Antivirus Create Service DGA Socket Steal credential DNS Internet API Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot Http API P2P AntiDebug AntiVM Word 2007 file format(docx) Vulnerability VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key				8.0	18	ZeroCERT

15609	2021-11-18 14:48	5401_1636996595_7877.exe 1d068763bcac85e83bfdad08e0e1d0b6 Generic Malware Antivirus AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware powershell Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself Collect installed applications powershell.exe wrote Check virtual network interfaces suspicious process AppData folder suspicious TLD WriteConsoleW installed browsers check Tofsee Windows Browser ComputerName Cryptographic key Software crashed Downloader	4 Keyword trend analysis Info https://cdn.discordapp.com/attachments/907332063714226249/908991059261005854/clipper.exe https://bbuseruploads.s3.amazonaws.com/8684300c-ab29-44f5-a8c2-a66ffd00be3d/downloads/93615083-83cb-4faa-9c53-c38b0765afc3/hman.exe?Signature=c3FUsubpdmCkiyCkS91DvQQHK7s%3D&Expires=1637215914&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=wS.Plr8402XdyShTsp.Eqk_5cqq8Ly1m&response-content-disposition=attachment%3B%20filename%3D%22hman.exe%22 https://bitbucket.org/raven_1/nutella/downloads/hman.exe https://api.ip.sb/ip	12 Info bbuseruploads.s3.amazonaws.com(52.216.109.139) - malware saninolece.xyz(94.140.112.97) antivirf.ru(81.177.141.85) bitbucket.org(104.192.141.1) - malware cdn.discordapp.com(162.159.133.233) - malware api.ip.sb(104.26.12.31) 81.177.141.85 - mailcious 162.159.129.233 - malware 104.26.13.31 104.192.141.1 - mailcious 52.216.16.200 94.140.112.97	1	10.0	35	ZeroCERT

15610	2021-11-18 14:49	tgzx.exe e0c09b7302a96d737a7573a7938ea389 Malicious Library UPX PE File PE32 OS Processor Check DLL FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder suspicious TLD DNS	10 Keyword trend analysis Info http://www.artisanmakefurniture.com/unzn/?t8o=/UBZZF1UG5tLcUbCcQJLmvWFgpcpgqUG0EKXO2FHNMdrRqGmckc5BcZy7OCYoSoO9S0w3XCY&UlX=YvIpZ http://www.xiulf.com/unzn/?t8o=7h5GRxpasT646qYOf+0khzijZBZT2aLgQQAAc5UrPNQlH/pmCRnwi1dPtCkZ2bf/2siZPPja&UlX=YvIpZ http://www.speedprosmotorsports.com/unzn/?t8o=vkVEpDHfEV0qof5FP1DcrP3FrcMXEL1xZu8s63ov0hqcv6T2rQ2Ql8Lipw3UkpoHFFb+Flvw&UlX=YvIpZ http://www.029tryy.com/unzn/?t8o=R/kYhGE0x2zMJv4RpszeWm8ce2v0YGgzXOD23rYSx38nhAC+1aRU4b0yHoxoNToz6NOV7PYY&UlX=YvIpZ http://www.webworkscork.com/unzn/?t8o=VzxERwuAOtiVqP2oFFqBUr6DxjdGhRSoqWZmqTylnBeDRMwoutrWiV/54Kyj0f083lSnb+WS&UlX=YvIpZ http://www.westchestercountyjunkcars.com/unzn/?t8o=2yE31rTdS1OJr2pHd1JGruOgYs1mhh+MK2Dt8iwk0Sj+ked2B4nqIE4oEc851MUusYLoNJ1w&UlX=YvIpZ http://www.bbezan011.xyz/unzn/?t8o=gznoZGLZiv0ly5FdRg/luEC/X//zr2gWUwB/LG9hoAvFaG4KbtjcwZmwQ2j9i1GHbB5lhJ2M&UlX=YvIpZ http://www.grownupcurl.com/unzn/?t8o=b1Y0Ltj6IdnUO5cgJodBUVews5l3sE7rR4k9pGlI2eF+rkxI5uA5Fy326attKMUBeXbbbebv&UlX=YvIpZ http://www.clearperspective.biz/unzn/?t8o=7El7LM45YBEigA5+c+NLZKWprCoiIYditOETOkNCiVx/sQUuQ8A+JadxpAC2TbXJY9gNTwYR&UlX=YvIpZ http://www.mycar.store/unzn/?t8o=aTnPnMIsgcIFQztsToU/kPIOCeuq7Py5a8trM1f4plg+/rVNtwy8TMQ3itN0m89lJ7yk/uj8&UlX=YvIpZ	24 Info www.wozka.top() www.westchestercountyjunkcars.com(13.84.180.32) www.artisanmakefurniture.com(198.54.117.212) www.webworkscork.com(66.29.137.46) www.speedprosmotorsports.com(34.102.136.180) www.xiulf.com(20.50.2.18) www.mycar.store(185.134.245.113) www.grownupcurl.com(35.209.4.189) www.beekeeperkit.com() www.clearperspective.biz(34.102.136.180) www.bretabeameven.com() www.029tryy.com(154.208.173.49) www.bbezan011.xyz(104.21.93.241) www.spaceworbc.com() www.davanamays.com() 20.50.2.18 172.67.216.223 13.84.180.32 198.54.117.212 - mailcious 34.102.136.180 - mailcious 185.134.245.113 - mailcious 154.208.173.49 - mailcious 35.209.4.189 66.29.137.46	4	6.0	13	ZeroCERT

15611	2021-11-18 14:49	jpg01.jpg 05b1c8f10da93f118ced2fe384929937 RAT PWS .NET framework Generic Malware Antivirus AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Checks Bios Detects VirtualBox suspicious process WriteConsoleW VMware anti-virtualization Windows ComputerName Cryptographic key Software	2 Keyword trend analysis	4	1	13.2	26	ZeroCERT

15612	2021-11-18 14:50	rc.exe 784fbedb911e18a12a0178e77448278e Malicious Library UPX Create Service DGA Socket Steal credential DNS Internet API Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot Http API P2P AntiDebug AntiVM PE File PE32 Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection buffers extracted Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName Remote Code Execution crashed	1 Keyword trend analysis	7	1	14.0	38	ZeroCERT

15613	2021-11-18 14:50	quodqbqhlcvhzw.mp4 b4c5c1e150afcd7386e83ef0da203f3b Malicious Library PE File PE32 DLL VirusTotal Malware				1.2	17	ZeroCERT

15614	2021-11-18 14:50	e4laFBDXIvYT6O 438934affa344ce17441d2c6ec40a3de Emotet Malicious Library UPX PE File OS Processor Check PE32 DLL Dridex TrickBot VirusTotal Malware Report Checks debugger unpack itself sandbox evasion Kovter ComputerName DNS		28 Info 81.0.236.90 195.154.133.20 104.251.214.46 138.185.72.26 185.184.25.237 103.75.201.2 94.177.248.64 176.104.106.96 212.237.5.209 207.38.84.195 158.69.222.101 51.68.175.8 210.57.217.132 178.79.147.66 103.8.26.103 103.8.26.102 110.232.117.186 45.142.114.231 91.200.186.228 216.158.226.206 107.182.225.142 66.42.55.5 58.227.42.236 212.237.56.116 212.237.17.99 45.118.135.203 50.116.54.215 191.252.196.221	5	5.6	33	ZeroCERT

15615	2021-11-18 14:50	scrss.exe 632300e7486ea3fb4085ebd8df35b0d4 PWS .NET framework Generic Malware UPX AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs	1 Keyword trend analysis	3	1	9.6	32	ZeroCERT