Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
18106	2023-04-28 21:49	Info.plist f657748c487be57acf2028a6b0cbe26c AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.4			BRY

18107	2023-04-28 17:14	sddd.exe f30050237e1e4b07f13d8b4e4ecf8209 Formbook NSIS UPX Malicious Library PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself Windows	17 Keyword trend analysis Info http://www.gritslab.com/u2kb/ - rule_id: 28002 http://www.shapshit.xyz/u2kb/ - rule_id: 28008 http://www.shapshit.xyz/u2kb/?ml=Yd5Rzn4EVOpL1Cl/eY8jjeGdoEKZlYBpl8BtE0ZhlgLGbR5cH1Fn7sihS3XP3GCDon1xi4vL0lQ4XtydV6BMyXIOMzObAfzgUMU2ykM=&tu=R03uf - rule_id: 28008 http://www.thewildphotographer.co.uk/u2kb/?ml=pn+zaWXo7szcfRSxp4kAcR5iap+7ulP+x3705F5u21IqvN9WG9kcDL2FxdXl2W/5MjovaUotkmG6JgF/Eyaa9PeBR2yUVivPQ+uGbEI=&tu=R03uf&wn=1 - rule_id: 28007 http://www.energyservicestation.com/u2kb/ - rule_id: 28005 http://www.sqlite.org/2016/sqlite-dll-win32-x86-3120000.zip http://www.white-hat.uk/u2kb/?ml=PXfMycAZpTAipct8YN0l/5TWhYE4yPgF2k7967nf/qU1A0mUqq9Jlnm9rK8XSf3D04yKTuePtKPnTCgwye3M0h5ZtqacmtcmNe/sHow=&tu=R03uf - rule_id: 28001 http://www.222ambking.org/u2kb/?ml=IEUpLmGg2fqLmrhwD8IHX/zhiiNjbOQDFcodV2ACJcW4bHSQscR3Nc4uRx31p3m0gGv03uToPch8hDrce1eNAdUBSmpSNalx6DQXGQo=&tu=R03uf - rule_id: 28004 http://www.thedivinerudraksha.com/u2kb/ - rule_id: 28009 http://www.sqlite.org/2021/sqlite-dll-win32-x86-3350000.zip http://www.bitservicesltd.com/u2kb/?ml=rr+sOBvEXsBdGevUk44F/k+BAr88zC1YNHmXivr92FQhRIIYsedR2a+6GoV1WAKeGdj+MTdX512lJXz4UaWEmNABCelIWOCZ3yhH4Z4=&tu=R03uf - rule_id: 28003 http://www.energyservicestation.com/u2kb/?ml=IK59b/MdFRha+CUVM3V2TqbXgrTjD6F66TLC1fPPNwLnZq29gpb1hRWNlrDr258EhEsSnFmalKQEmudxTrusBmUmj2xyJgahFTdaUmU=&tu=R03uf - rule_id: 28005 http://www.younrock.com/u2kb/?ml=05tPwqSdqXO2xf32BmsnsHpgCfZIa2c80hhB3sQ3FFDNPs5AZDU6TyUQmX911UO6Ssjq2b6k9nBD4uDOZrqd7XHQTF+IIpbM/DoOhU4=&tu=R03uf - rule_id: 28006 http://www.bitservicesltd.com/u2kb/ - rule_id: 28003 http://www.gritslab.com/u2kb/?ml=ydCzFiH7iMWnz6xHMKiyYVGDKfWH5+fYQUsmgPEoYCSsyD6HgT3yOGCjssC2N8mKn+GjINYvhr7iKNezbHZCh47jo+mhlV2uXG5eH60=&tu=R03uf - rule_id: 28002 http://www.222ambking.org/u2kb/ - rule_id: 28004 http://www.younrock.com/u2kb/ - rule_id: 28006	20 Info www.thewildphotographer.co.uk(198.58.118.167) - mailcious www.gritslab.com(78.141.192.145) - mailcious www.shapshit.xyz(199.192.30.147) - mailcious www.energyservicestation.com(213.145.228.111) - mailcious www.222ambking.org(91.195.240.94) - mailcious www.bitservicesltd.com(161.97.163.8) - mailcious www.thedivinerudraksha.com(85.187.128.34) - mailcious www.white-hat.uk(94.176.104.86) - mailcious www.younrock.com(81.17.29.147) - mailcious 192.187.111.220 - mailcious 91.195.240.94 - phishing 85.187.128.34 - mailcious 78.141.192.145 - mailcious 199.192.30.147 - mailcious 45.33.23.183 - suspicious 213.145.228.111 - mailcious 94.176.104.86 - mailcious 96.126.123.244 - mailcious 161.97.163.8 - mailcious 45.33.6.223	4	15 Info http://www.gritslab.com/u2kb/ http://www.shapshit.xyz/u2kb/ http://www.shapshit.xyz/u2kb/ http://www.thewildphotographer.co.uk/u2kb/ http://www.energyservicestation.com/u2kb/ http://www.white-hat.uk/u2kb/ http://www.222ambking.org/u2kb/ http://www.thedivinerudraksha.com/u2kb/ http://www.bitservicesltd.com/u2kb/ http://www.energyservicestation.com/u2kb/ http://www.younrock.com/u2kb/ http://www.bitservicesltd.com/u2kb/ http://www.gritslab.com/u2kb/ http://www.222ambking.org/u2kb/ http://www.younrock.com/u2kb/	6.0	M	43	ZeroCERT

18108	2023-04-28 17:14	originalbuild.exe 9f9583b07cf9622b9db6299ca6157012 RAT Generic Malware Antivirus .NET EXE PE32 PE File PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key		1			6.0	M	28	ZeroCERT

18109	2023-04-28 17:14	locals.ps1 f5e06be9bc58695ff043f1d9465fb519 Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					4.8		2	ZeroCERT

18110	2023-04-28 17:13	build(3).exe 8bc904cbf806e8b28b6c21f1321fa019 PWS .NET framework RAT Downloader Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenShot AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency Telegram AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder WriteConsoleW IP Check Tofsee Ransomware Windows Browser ComputerName DNS	2 Keyword trend analysis	7	5		10.0	M	52	ZeroCERT

18111	2023-04-28 17:12	vbc.exe 3a15cf1904040c1ce7e87d05c6468d1e Formbook PWS .NET framework AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself DNS		1			8.2	M	30	ZeroCERT

18112	2023-04-28 17:12	vbc.exe ec0a5abf67bd616d4b77dd264a10c643 UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself RCE					2.0	M	23	ZeroCERT

18113	2023-04-28 17:10	vpn.exe 4b32941cd92e048e6a2d16c6069edf62 NPKI Generic Malware UPX MPRESS Antivirus PE32 PE File Browser Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency powershell suspicious privilege Check memory Checks debugger buffers extracted WMI heapspray Creates shortcut unpack itself Windows utilities Checks Bios Detects VMWare powershell.exe wrote suspicious process VMware anti-virtualization Ransomware Windows Browser ComputerName RCE Firmware DNS Cryptographic key crashed		1			14.6	M	50	ZeroCERT

18114	2023-04-28 09:43	ProjectFunding_B496.wsf de0e6380f06d01c12e312b58221c1fcd VirusTotal Malware VBScript wscript.exe payload download ICMP traffic DNS Dropper	1 Keyword trend analysis	1			10.0		2	ZeroCERT

18115	2023-04-28 09:10	ads.exe cd675f6fa51e9a1bca95f3eb11c78fc2 UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware Checks debugger RWX flags setting unpack itself DNS crashed		1			3.0		12	ZeroCERT

18116	2023-04-28 09:09	photo_410.exe 522ae0a94eb64b2124168a956e661bc3 Gen1 Emotet PWS .NET framework RAT UPX Malicious Library Confuser .NET Malicious Packer Admin Tool (Sysinternals etc ...) CAB PE32 PE File OS Processor Check .NET EXE DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName RCE DNS Cryptographic key Software crashed	5 Keyword trend analysis	2	7 Info ET MALWARE Amadey CnC Check-In ET INFO Executable Download from dotted-quad Host ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)		15.8	M		ZeroCERT

18117	2023-04-28 09:08	ProjectFunding_D305.wsf 254f413905e4ba561b0a85fa7c3a4790 VBScript wscript.exe payload download ICMP traffic DNS Dropper	1 Keyword trend analysis	1			10.0			guest

18118	2023-04-28 09:07	ProjectFunding_B496.wsf de0e6380f06d01c12e312b58221c1fcd VirusTotal Malware unpack itself crashed					1.0		2	guest

18119	2023-04-28 09:07	Xjpclientser40.exe ffa8c73e6d2a1a51812008ec7f31105b PWS .NET framework NPKI RAT Generic Malware Downloader UPX Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenShot AntiDebug AntiVM OS Processor Check .N VirusTotal Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key					5.6		4	ZeroCERT

18120	2023-04-28 07:48	payload 994bde201ba16c5e33bba7d4e6cbe3f4 Loki_b Loki_m UPX Malicious Packer Malicious Library OS Processor Check PE32 PE File Browser Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency Malicious Traffic buffers extracted unpack itself Collect installed applications installed browsers check Ransomware Browser ComputerName RCE Firmware DNS	1 Keyword trend analysis	1	1		8.0	M	41	ZeroCERT