Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
17986	2023-05-08 14:08	vbc.exe 2742755e3fef9f876e7b23f37b653ee6 Formbook AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself					8.8		43	r0d

17987	2023-05-08 11:08	foto0183.exe 459b9ff381bf53ae74aae7bbdc5cc6b3 Gen1 Emotet UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) CAB PE32 PE File OS Processor Check DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName RCE DNS Cryptographic key Software crashed	6 Keyword trend analysis Info http://77.91.124.20/store/games/index.php - rule_id: 32547 http://77.91.124.20/store/games/index.php http://77.91.124.20/store/games/Plugins/cred64.dll - rule_id: 31849 http://77.91.124.20/store/games/Plugins/cred64.dll http://77.91.124.20/store/games/Plugins/clip64.dll - rule_id: 32546 http://77.91.124.20/store/games/Plugins/clip64.dll	2	5	3	16.0			ZeroCERT

17988	2023-05-08 10:14	vbc.exe 2742755e3fef9f876e7b23f37b653ee6 AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself					8.6		36	ZeroCERT

17989	2023-05-08 09:40	loaderx.exe 0ad824c9898657a25c9fc6d2239764d8 PWS .NET framework RAT UPX Anti_VM PE64 .NET EXE PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself					2.2	M	40	ZeroCERT

17990	2023-05-08 09:39	build.exe a9625534c25a4c39665dcf449f6d5c4a Generic Malware UPX Malicious Packer Malicious Library OS Processor Check PE64 PE File VirusTotal Malware DNS crashed		1			2.0	M	42	ZeroCERT

17991	2023-05-08 09:37	j.txt.ps1 cf9de0b02897dd1a0b1c547006e70ab2 Generic Malware Antivirus powershell Check memory unpack itself powershell.exe wrote WriteConsoleW Windows Cryptographic key	1 Keyword trend analysis				2.2			ZeroCERT

17992	2023-05-08 09:37	islight2.1.exe 80aa4d31a2a0e45c6be34d1c9431aa58 Generic Malware Antivirus SMTP PWS[m] KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger	1 Keyword trend analysis	2	1		16.0	M	50	ZeroCERT

17993	2023-05-08 09:34	s.exe 737e22e4f92ee7846f37474df77e7928 UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself					1.8	M	27	ZeroCERT

17994	2023-05-08 09:32	harry 422ccd40034e44004294a5d6efef2486 Generic Malware Antivirus PWS[m] KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Telegram PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed		5	4		15.0	M	41	ZeroCERT

17995	2023-05-08 09:32	photo_727.exe b2e88b522292ea5d250be091a726aa95 Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE32 PE File OS Processor Check DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName RCE DNS Cryptographic key Software crashed	3 Keyword trend analysis	2	6 Info ET MALWARE Amadey CnC Check-In ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request	1	16.0	M		ZeroCERT

17996	2023-05-08 09:29	rmns.exe dc159d07b8cdde55acebc57c1ca08e45 UPX Admin Tool (Sysinternals etc ...) Malicious Library OS Processor Check MZP Format PE32 PE File VirusTotal Malware suspicious privilege WMI unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName					4.0	M	24	ZeroCERT

17997	2023-05-08 09:29	lsass.png eb85c562249e96d7a946111241f0ea4b EnigmaProtector .NET EXE PE32 PE File VirusTotal Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Ransomware Windows ComputerName crashed					10.0	M	50	ZeroCERT

17998	2023-05-08 09:26	harrynewguy 336a11f0599570c025e2458715d67311 PWS .NET framework Generic Malware Antivirus PWS[m] KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Telegram suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	4	4		15.4	M	39	ZeroCERT

17999	2023-05-08 09:25	clip64.dll 64d71779a23591879bea49423a743dcb UPX Admin Tool (Sysinternals etc ...) Malicious Library OS Processor Check DLL PE32 PE File VirusTotal Malware PDB Checks debugger unpack itself					2.0	M	54	ZeroCERT

18000	2023-05-08 09:25	ppls25.exe 34e5f4cc8913e0ecc3b2a20ab7df5191 Gen2 Gen1 UPX Malicious Library PE64 PE File Browser Info Stealer VirusTotal Malware PDB MachineGuid buffers extracted unpack itself Check virtual network interfaces Tofsee Browser RCE crashed	3 Keyword trend analysis	8	2		3.8	M	7	ZeroCERT