Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
16981	2023-05-23 16:27	nc.exe e0db1d3d47e312ef62e5b0c74dceafe5 PE File PE32 VirusTotal Malware WriteConsoleW					1.4	M	47	ZeroCERT

16982	2023-05-23 16:21	1.chm c63336057f756c711c594e8b59b0265f Suspicious_Script_Bin AntiDebug AntiVM CHM Format VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted wscript.exe payload download Creates executable files RWX flags setting unpack itself suspicious process WriteConsoleW Tofsee Advertising Google ComputerName	1 Keyword trend analysis	2	1		6.8	M	22	ZeroCERT

16983	2023-05-23 16:20	Tlye.js 89b80c721075ad721417cfd59d3ea52a Generic Malware Antivirus Hide_URL AntiDebug AntiVM PowerShell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key	1 Keyword trend analysis				5.6			ZeroCERT

16984	2023-05-23 16:20	Shelsjg.js 2c0d2060097f624acccf5074ea80b16c Generic Malware Antivirus Hide_URL AntiDebug AntiVM PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key	1 Keyword trend analysis				5.6			ZeroCERT

16985	2023-05-23 09:44	llaa25.exe b44b3fd2f45d55238c7e11df70148a9f Malicious Library Malicious Packer PE64 PE File VirusTotal Malware PDB RCE					1.0		11	ZeroCERT

16986	2023-05-23 09:39	Inkmp.js 87bf8261360a2e4e9ba5941507cd03b5 Generic Malware Antivirus Hide_URL AntiDebug AntiVM PowerShell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key	1 Keyword trend analysis				5.6			ZeroCERT

16987	2023-05-23 09:39	Clji.js c2639b1131697d67a1a76458bcfdf901 Generic Malware Antivirus Hide_URL AntiDebug AntiVM PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key	1 Keyword trend analysis				5.6			ZeroCERT

16988	2023-05-23 09:39	Bkeeki.js b93770e7d4d1a2bc3d3121fc7d1ac0e4 Generic Malware Antivirus Hide_URL AntiDebug AntiVM PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key	1 Keyword trend analysis				5.6			ZeroCERT

16989	2023-05-23 09:31	@mossad_lzt_packlab.exe 25d97aa66e4925975190a7566b5a8dc0 RedLine stealer[m] UPX Malicious Library Malicious Packer AntiDebug AntiVM OS Processor Check PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications WriteConsoleW installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1			10.0		33	ZeroCERT

16990	2023-05-23 09:24	pmexzx.exe 1996e9f0e24dcdbf6b737a5714007e24 PWS .NET framework PWS[m] KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger	1 Keyword trend analysis	2	1		12.6	M	27	ZeroCERT

16991	2023-05-23 09:22	vbc.exe baff53cb7c0dba9be6859bd815559bf1 PWS .NET framework Generic Malware Antivirus SMTP PWS[m] KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1		15.0	M	21	ZeroCERT

16992	2023-05-23 09:21	bld_3.exe e2ca6f8e77cbaa4a7adf56242880a30c RAT Emotet PWS .NET framework Loki_b UPX Malicious Packer .NET EXE PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Windows ComputerName DNS Cryptographic key	16 Keyword trend analysis Info http://94.142.138.111/concerts/2.php - rule_id: 32678 http://94.142.138.111/concerts/13.php - rule_id: 32689 http://94.142.138.111/concerts/10.php - rule_id: 32686 http://ip-api.com/json/ http://94.142.138.111/concerts/9.php - rule_id: 32685 http://94.142.138.111/concerts/11.php - rule_id: 32687 http://94.142.138.111/concerts/8.php - rule_id: 32684 http://94.142.138.111/concerts/6.php - rule_id: 32682 http://94.142.138.111/concerts/4.php - rule_id: 32680 http://94.142.138.111/concerts/1.php - rule_id: 32677 http://94.142.138.111/software/bld_3s.exe http://94.142.138.111/concerts/12.php - rule_id: 32688 http://94.142.138.111/concerts/7.php - rule_id: 32683 http://94.142.138.111/concerts/5.php - rule_id: 32681 http://ipwhois.app/xml/ http://94.142.138.111/concerts/3.php - rule_id: 32679	5	5 Info ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET POLICY External IP Lookup ip-api.com	13 Info http://94.142.138.111/concerts/2.php http://94.142.138.111/concerts/13.php http://94.142.138.111/concerts/10.php http://94.142.138.111/concerts/9.php http://94.142.138.111/concerts/11.php http://94.142.138.111/concerts/8.php http://94.142.138.111/concerts/6.php http://94.142.138.111/concerts/4.php http://94.142.138.111/concerts/1.php http://94.142.138.111/concerts/12.php http://94.142.138.111/concerts/7.php http://94.142.138.111/concerts/5.php http://94.142.138.111/concerts/3.php	7.6	M	34	ZeroCERT

16993	2023-05-23 09:20	damianozx.exe c0f457ec5e02531573e8ccfd106ef894 PWS .NET framework .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger unpack itself					5.0		17	ZeroCERT

16994	2023-05-23 04:29	...............dot d553bd422c8d3621e21049ccc2ebe680 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash Exploit DNS crashed		1			3.8	M	40	guest

16995	2023-05-23 04:29	...............dot d553bd422c8d3621e21049ccc2ebe680 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash unpack itself Exploit DNS crashed		1			4.2	M	40	guest