Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
17881	2023-05-12 09:21	96692826357471468817.bin fab02f4052aadb65ebe180e58da323b9 Gen1 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself Windows utilities WriteConsoleW Windows ComputerName crashed				3.6	M	49	ZeroCERT

17882	2023-05-12 09:21	RKiDaNx.exe fe415fe7497faeb1c84614d9a267b2eb Generic Malware Suspicious_Script_Bin UPX Malicious Library Antivirus MZP Format PE File PE32 BMP Format OS Processor Check VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName Cryptographic key				5.6	M	23	ZeroCERT

17883	2023-05-12 09:19	19458864137650990516.bin 2e942319c47888095b2b892637b0f2d7 Gen1 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself Windows utilities WriteConsoleW Windows ComputerName crashed				3.6	M	46	ZeroCERT

17884	2023-05-12 09:19	upl.ps1 b1a7bf990d3edf74025d84a61c2ecbbb Generic Malware Antivirus PowerShell powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key				4.4	M		ZeroCERT

17885	2023-05-11 18:50	vbc.exe c6db01a5743d408fc4f0c37ba58a281f NSIS Suspicious_Script_Bin UPX Malicious Library PE File PE32 DLL PNG Format VirusTotal Malware AppData folder				1.6	M	31	ZeroCERT

17886	2023-05-11 18:48	SecHorST.exe bec821cc9ca7762dd50f48d0cf4344cd Generic Malware UPX Malicious Library OS Processor Check MZP Format PE File PE32 PE64 VirusTotal Malware Checks debugger unpack itself AppData folder AntiVM_Disk VM Disk Size Check				3.0	M	34	ZeroCERT

17887	2023-05-11 18:46	HalogenSySCheck.exe 1987b8ce233909021e877ea3408ccb70 RAT .NET EXE PE File PE32 VirusTotal Malware Telegram Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee ComputerName DNS crashed		2	4	2.8	M	29	ZeroCERT

17888	2023-05-11 18:44	frank.jpg b087d2cba334e315c16c893e0709b14c PWS .NET framework RAT UPX Confuser .NET OS Processor Check .NET EXE PE File PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key crashed		1		7.0	M	53	ZeroCERT

17889	2023-05-11 18:42	Build1.exe bfaa027a645e567824a10a26fb8dbefd RAT Emotet PWS .NET framework Loki_b UPX .NET EXE PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Windows ComputerName DNS Cryptographic key	15 Keyword trend analysis Info http://94.142.138.111/concerts/2.php http://94.142.138.111/concerts/13.php http://94.142.138.111/concerts/10.php http://ip-api.com/json/ http://94.142.138.111/concerts/9.php http://94.142.138.111/concerts/11.php http://94.142.138.111/concerts/8.php http://94.142.138.111/concerts/6.php http://94.142.138.111/concerts/4.php http://94.142.138.111/concerts/1.php http://94.142.138.111/concerts/12.php http://94.142.138.111/concerts/7.php http://94.142.138.111/concerts/5.php http://ipwhois.app/xml/ http://94.142.138.111/concerts/3.php	5	5 Info ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET POLICY External IP Lookup ip-api.com	6.6	M	35	ZeroCERT

17890	2023-05-11 18:42	Build-1S.exe e695b8888af3b57f1a56961bd289463c Emotet PWS .NET framework Loki_b RAT UPX OS Processor Check .NET EXE PE File PE32 VirusTotal Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Windows ComputerName DNS Cryptographic key	15 Keyword trend analysis Info http://94.142.138.111/concerts/2.php http://94.142.138.111/concerts/13.php http://94.142.138.111/concerts/10.php http://ip-api.com/json/ http://94.142.138.111/concerts/9.php http://94.142.138.111/concerts/11.php http://94.142.138.111/concerts/8.php http://94.142.138.111/concerts/6.php http://94.142.138.111/concerts/4.php http://94.142.138.111/concerts/1.php http://94.142.138.111/concerts/12.php http://94.142.138.111/concerts/7.php http://94.142.138.111/concerts/5.php http://ipwhois.app/xml/ http://94.142.138.111/concerts/3.php	5	1	5.6	M	54	ZeroCERT

17891	2023-05-11 18:42	QQQQ%23%23%23%23%23%23%23%23%2... f908218ac1828a12fb1972d54fddf1ec MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed Downloader	1 Keyword trend analysis	2	3	4.6	M	30	ZeroCERT

17892	2023-05-11 18:42	Build2.exe 2746fd51855e750aa6b52dd72bca0cb0 RAT .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself DNS		1		2.0	M	18	ZeroCERT

17893	2023-05-11 18:41	AnyDesk.exe 1c6e08b5f03c0c7d1455f082b1b02c64 Gen1 Generic Malware UPX Malicious Library Antivirus Malicious Packer OS Processor Check PE File PE32 DLL Browser Info Stealer Malware download AveMaria NetWireRC VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check human activity check installed browsers check Windows Browser RAT Email ComputerName DNS Cryptographic key		3	2	12.4	M	52	ZeroCERT

17894	2023-05-11 18:40	tst2.exe 092d064fa7c8b7c292462d00eb149265 Malicious Library PE64 PE File Cryptocurrency Miner Cryptocurrency DNS		2	2	0.4	M		ZeroCERT

17895	2023-05-11 09:21	NDA_D753_May_10.wsf 8624646d76bcbcc599c9321fb06cddd1 Malware VBScript Malicious Traffic WMI heapspray wscript.exe payload download ComputerName DNS Dropper	6 Keyword trend analysis	6		10.0			ZeroCERT