Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
17071	2023-05-18 09:35	pay.exe 9cf450fc0f69cccd0aa1e7059ff464c6 NSIS UPX Malicious Library PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1		8.6	M	47	ZeroCERT

17072	2023-05-18 09:34	62118a05bd8a77a022e12e983a5bac... ace375d381a92baa5577d8d95f0164c6 RAT UPX .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows		2	1		3.4	M	35	ZeroCERT

17073	2023-05-18 09:30	Xpksf.js 5e2971bf4b1665562d4977c003f1187e Generic Malware Admin Tool (Sysinternals etc ...) Antivirus Hide_URL AntiDebug AntiVM PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis				7.0		16	ZeroCERT

17074	2023-05-18 09:28	Pzbrjg.js d52732ffa135c7c2cc206f066a095102 Generic Malware Admin Tool (Sysinternals etc ...) Antivirus Hide_URL AntiDebug AntiVM PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis				6.4			ZeroCERT

17075	2023-05-18 09:28	Fyhri.js 106d2d43f2f14aedca98a851814b6619 Generic Malware Admin Tool (Sysinternals etc ...) Antivirus Hide_URL AntiDebug AntiVM PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis				6.4			ZeroCERT

17076	2023-05-18 09:09	secret_conversations.json 478b6a33ffb676add90e557000508d0a AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.8			guest

17077	2023-05-17 18:45	download.dotx 7dc2e663d849526f6aca2e62f8eb0cc8 ZIP Format Word 2007 file format(docx)					0.4			ZeroCERT

17078	2023-05-17 18:21	TYV6YAYWOPEKI61Y.docx 7dc2e663d849526f6aca2e62f8eb0cc8 ZIP Format Word 2007 file format(docx)					0.8			ZeroCERT

17079	2023-05-17 17:37	File_pass1234.7z 9148c9857f5d04b32829a649dda2f9bb PWS[m] Escalate priviledges KeyLogger AntiDebug AntiVM Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check Tofsee DNS	6 Keyword trend analysis Info http://5.181.80.133/api/tracemap.php - rule_id: 32661 http://85.208.136.10/api/tracemap.php - rule_id: 32662 http://208.67.104.60/api/tracemap.php - rule_id: 28876 http://www.maxmind.com/geoip/v2.1/city/me https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://db-ip.com/	12	2	3	5.8	M		ZeroCERT

17080	2023-05-17 17:34	itzdarth_crypted%281%29.exe 37c966c35a3a7e31650e555624b25455 PE File PE32 VirusTotal Malware suspicious privilege Checks debugger WMI unpack itself Windows utilities suspicious process Windows ComputerName Software crashed					6.2	M	23	ZeroCERT

17081	2023-05-17 17:33	123.exe de27e688202b4fc37b916962b4060c67 Loki_b Loki_m Gen1 UPX Malicious Library Malicious Packer Code injection AntiDebug AntiVM .NET EXE PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Telegram MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications malicious URLs sandbox evasion anti-virtualization installed browsers check Tofsee Browser Email ComputerName DNS Software	5 Keyword trend analysis	5	4	2	16.2	M	31	ZeroCERT

17082	2023-05-17 17:32	Uni.bat 6dc2a6dc1065e6407d580c08594267b8 Downloader Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenShot Anti_VM AntiDebug AntiVM suspicious privilege Check memory Checks debugger heapspray Creates shortcut unpack itself Windows utilities WriteConsoleW Windows ComputerName Cryptographic key					3.6			ZeroCERT

17083	2023-05-17 09:52	w.vbs 9e6396c0f6372ad9dabf49ac46c37b19 Malware download Wshrat NetWireRC VirusTotal Malware VBScript AutoRuns WMI wscript.exe payload download AntiVM_Disk VM Disk Size Check Windows Houdini ComputerName DNS DDNS Dropper	1 Keyword trend analysis	2	4	1	10.0	M	26	ZeroCERT

17084	2023-05-17 09:50	w.vbs 9e6396c0f6372ad9dabf49ac46c37b19 Malware download Wshrat NetWireRC VirusTotal Malware VBScript AutoRuns WMI wscript.exe payload download AntiVM_Disk VM Disk Size Check Windows Houdini ComputerName DNS DDNS Dropper	1 Keyword trend analysis	2	4	1	10.0	M	26	ZeroCERT

17085	2023-05-17 09:34	csrsv.exe 13c6b003e4cd8319299a50a51e14a222 Ave Maria WARZONE RAT UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) OS Processor Check PE File PE32 JPEG Format DLL PE64 Malware download Amadey VirusTotal Malware AutoRuns PDB Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW installed browsers check Windows Browser ComputerName DNS crashed	2 Keyword trend analysis	1	4		9.8	M	41	ZeroCERT