popup

Submissions

No Date Request Urls Hosts IDS Rule Score Zero VT Player Etc
17041 2023-05-19 18:06 compan.exe  

55e23e1fe5c4051b85cc6aa7c1399ac8


RAT Generic Malware Downloader UPX Malicious Library Malicious Packer Antivirus Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenShot AntiDebug AntiVM Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare Check virtual network interfaces suspicious process AppData folder WriteConsoleW VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Cryptographic key Software crashed 		10 8 6 18.2 M 42 ZeroCERT

17042 2023-05-19 18:02 ugopzx.exe  

8840414a8ba647e57aeadfa3fc8edbd4


Loki_b Loki_m RAT Socket DNS PWS[m] AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software 		1 1 7 14.2 M 46 ZeroCERT

17043 2023-05-19 18:02 136.exe  

a1feeca49654dafe62b72623b20cd8bd


UPX Malicious Library Malicious Packer OS Processor Check PE File PE32 Browser Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency Malicious Traffic Checks debugger buffers extracted Collect installed applications installed browsers check Ransomware Browser ComputerName Firmware DNS 		1 1 1 7.4 M 43 ZeroCERT

17044 2023-05-19 18:00 photo230.exe  

6af5107aa062ad8f3aa8cd91491de9c1


Gen1 Emotet UPX Malicious Library CAB PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware AutoRuns PDB suspicious privilege Check memory Checks debugger WMI Creates executable files unpack itself Disables Windows Security Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Windows Update Browser ComputerName RCE DNS Cryptographic key Software crashed 		1 11.0 M 37 ZeroCERT

17045 2023-05-19 18:00 crypted.exe  

cd4121ea74cbd684bdf3a08c0aaf54a4


UPX Malicious Library Malicious Packer OS Processor Check PE File PE32 Browser Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency Malicious Traffic Checks debugger buffers extracted Collect installed applications installed browsers check Ransomware Browser ComputerName Firmware DNS 		1 1 1 1 7.2 M 31 ZeroCERT

17046 2023-05-19 17:10 1 Total New Invoices - Wednesd...  

0167008e21c985a2e4a2b547b824e5d8

wscript.exe payload download Tofsee 		2 1 1.2 ZeroCERT

17047 2023-05-19 15:15 2.exe  

294fab1523dc3b50cbcc120e67946a5b


UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware DNS 		1 3.4 M 56 guest

17048 2023-05-19 12:29 http://5.34.178.166/pixel.gif  

d89746888da2d9510b64a9f031eaecd5


Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM MSOffice File Malware Code Injection Malicious Traffic RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed 		2 1 2 5.2 BRY

17049 2023-05-19 10:44 96d2a306fe192ca9__e5azbew.dll  

dd68d626a562cf34f8051a53d16fcb89


.NET DLL DLL PE File PE32 PDB 		0.2 ZeroCERT

17050 2023-05-19 10:33 1300.exe  

f3b80e952acfb2c3df34987be8b79b7a


RedLine stealer[m] PWS .NET framework Admin Tool (Sysinternals etc ...) AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed 		1 10.6 M 33 ZeroCERT

17051 2023-05-19 10:31 phcs05_r.bin  

2da5816578795be004ad5d4190276a7f


RAT AntiDebug AntiVM VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName 		4.0 12 ZeroCERT

17052 2023-05-19 10:31 runlastrun.ps1  

81424820bdf139b1fe3de3faa4e98ae6


Generic Malware Antivirus .NET DLL DLL PE File PE32 VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself Windows utilities AppData folder WriteConsoleW Windows Cryptographic key crashed 		1 4.4 8 ZeroCERT

17053 2023-05-19 10:31 runrunlastrun.vbs  

9e2d09f47cc48dd3e84205376a8f9ecb


Antivirus VirusTotal Malware AutoRuns MachineGuid WMI Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName 		1 6.4 18 ZeroCERT

17054 2023-05-19 01:22 verticalScroll.xml  

af484e7ba504dca73f2b485c0b6ce336


AntiDebug AntiVM MSOffice File Code Injection buffers extracted RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed 		4.6 BRY

17055 2023-05-18 17:49 FFF%23%23%23%23%23%23%23%23%23...  

9ca19a2bb25f1dcc1e663820ef9903e1


MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Exploit DNS crashed Downloader 		1 1 3 5.0 M 33 ZeroCERT

keyword