Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
22426	2022-12-10 14:53	csrss.exe 0a3a7cba003467f2d1976ba842d155dc Malicious Library UPX PE32 PE File OS Processor Check FormBook Browser Info Stealer Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself AppData folder Browser	17 Keyword trend analysis Info http://www.afterdarksocial.club/henz/?nbWl8n=8TptbrIX6F4NxrWdTnVKCiNdtmXGEuELv5cUeaX5N5UPFd9Hxy/eCwrx8CSqMIuqYtp16J6ah9tFi3/97BblSlVnUMukTQJmI59ItyY=&D8cH=NdndsZxX - rule_id: 23667 http://www.eufidelizo.com/henz/?nbWl8n=wcp3urA+/rGtUuNVdzf16ZeZGpZq4XGXlvUWG7FdGjeYGPzd5j/gkjEzvi43j/MvxviINYayZJCRqWKQvjoVWw+U5Y7ODGkonKNL7W0=&D8cH=NdndsZxX - rule_id: 23665 http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip http://www.youandmegb136.shop/henz/?nbWl8n=UtZym1qImX06+GpDcpN9/2+kdchdxBnkrVUZumUi1jx9tPAiXeTjhhssvsimU8yI7A/xS1pJIIlTb23usgwKY3ermdd4E2Ie0oOK+14=&D8cH=NdndsZxX http://www.sqlite.org/2020/sqlite-dll-win32-x86-3320000.zip http://www.automotiveparts-store.com/henz/?nbWl8n=l755dn3SV1HJ85bgdYLXX0FitE0O++oBuxO/p/rOD3cyNdqLfUPJLAMkl1O9xhY/fGSw1luYDYlS6H/677nep41+QBgryFqg6K8ooWg=&D8cH=NdndsZxX - rule_id: 24899 http://www.sqlite.org/2020/sqlite-dll-win32-x86-3330000.zip http://www.courdak.info/henz/?nbWl8n=vdyVzLcxoZUoogW6+NKMfwQ5LAGTMZCWuq0zGM5B+O39UoDsvg/hobD3JDgVlVzjVFZes90R2RhtZev/AI+f5OQ7oLMklDSyOnM4EYU=&D8cH=NdndsZxX - rule_id: 23789 http://www.sqlite.org/2021/sqlite-dll-win32-x86-3350000.zip http://www.seufi.com/henz/?nbWl8n=IBGzHMg16oJNSPrzw250+MvRfpuZJ+UNeLGkgBGOsROhXn3QAnT7j8xX9Jlog+RFk3dGiXHpM08k153fm/VBkqw4m0Htf2ZTok+naIQ=&D8cH=NdndsZxX - rule_id: 24900 http://www.brennancorps.info/henz/?nbWl8n=P4ST2IJPckjMYpRf2hTG7XGyBDGAy7OOggEf6mHPhnME1yGBMW0exDItYRA37f+XnLyPH15dACF6dKWBGe8FrnsbvwR+k5hXy5NlDxw=&D8cH=NdndsZxX - rule_id: 23670 http://www.lopezmodeling.com/henz/?nbWl8n=dpH6BKfQQ0cm5ImeofuKRskABJrBNfLp0vSyI4bn1RZjePkdeS9a/FiQgEdxlvmzsB0l+sQcpRgj8HqvSEXtkBUtM/7b2ek1qpGMuFI=&D8cH=NdndsZxX - rule_id: 23671 http://www.patrickguarte.com/henz/?nbWl8n=5p9Ov6C7qce51hIp6nkbqV/d59cDddN77lLEFw6Ufibk2yN56suGmW9SnR2oT5DaW1POG/xMOeVc/Muqlx89dGklgcJInIpBk29/OFI=&D8cH=NdndsZxX - rule_id: 23668 http://www.sqlite.org/2017/sqlite-dll-win32-x86-3160000.zip http://www.lyonfinancialusa.com/henz/?nbWl8n=I97X75yj3reE70KD0H/Cak1oo2zHy9G/KKFZ2xPoakAfOE75REIsiEdUspxqeb3/DlFpoh36cAjqvl85DwXllB7WLme1uHpNnCumkME=&D8cH=NdndsZxX - rule_id: 23666 http://www.phootka.ru/henz/?nbWl8n=w1bwPjtuf2ZlKfJJwO+BTMATo3IZhxYr0xwxA7aVeAjkl5kFf+SBsbPh/8ORAg46rPRxP2SAJydpY5hX47JJGDyZCrebhSML6UzwAv0=&D8cH=NdndsZxX - rule_id: 23673 http://www.foxwhistle.com/henz/?nbWl8n=jIhXpQA4pSG2yYWBbTjo4KjMDsvsQ9F5uiLrR0YNz1ez7r/FQUV2XPmUrykxRWDvkt62w03aCUUodajM6m+91s+tfqSr6z5AiriQQhU=&D8cH=NdndsZxX - rule_id: 23672	26 Info www.19t221013d.tokyo() - mailcious www.seufi.com(2.57.90.16) - mailcious www.lyonfinancialusa.com(206.233.197.135) - mailcious www.afterdarksocial.club(162.214.129.149) - mailcious www.courdak.info(66.29.151.40) - mailcious www.foxwhistle.com(154.22.100.62) - mailcious www.youandmegb136.shop(66.29.141.188) www.eufidelizo.com(192.185.217.47) - mailcious www.automotiveparts-store.com(162.0.238.93) - mailcious www.brennancorps.info(2.57.90.16) - mailcious www.sqlite.org(45.33.6.223) www.phootka.ru(195.24.68.23) - mailcious www.patrickguarte.com(155.159.61.221) - mailcious www.lopezmodeling.com(192.185.35.86) - mailcious 162.214.129.149 - mailcious 154.22.100.62 - mailcious 195.24.68.23 - malware 192.185.217.47 - mailcious 66.29.141.188 66.29.151.40 - mailcious 2.57.90.16 - mailcious 45.33.6.223 192.185.35.86 - mailcious 162.0.238.93 - mailcious 206.233.197.135 - mailcious 155.159.61.221 - mailcious	2	11 Info http://www.afterdarksocial.club/henz/ http://www.eufidelizo.com/henz/ http://www.automotiveparts-store.com/henz/ http://www.courdak.info/henz/ http://www.seufi.com/henz/ http://www.brennancorps.info/henz/ http://www.lopezmodeling.com/henz/ http://www.patrickguarte.com/henz/ http://www.lyonfinancialusa.com/henz/ http://www.phootka.ru/henz/ http://www.foxwhistle.com/henz/	5.0	M	28	ZeroCERT

22427	2022-12-10 14:52	mine.exe 0e068405ce30f54e043ab2c3841efe78 RAT PWS .NET framework UPX PE32 OS Processor Check .NET EXE PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		2			6.2	M	46	ZeroCERT

22428	2022-12-10 14:52	gooozzzz.exe 552e854a6f2c4c3dd05e69be6310d550 Ave Maria WARZONE RAT Generic Malware Malicious Library Downloader Malicious Packer UPX PE32 OS Processor Check PE File VirusTotal Malware Check memory unpack itself human activity check RCE		2	1		5.0	M	59	ZeroCERT

22429	2022-12-10 14:51	macnocv2.1.exe 6bd52c8274a35c39740da9b52b4c7ef0 Malicious Library UPX PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files ICMP traffic unpack itself DNS	2 Keyword trend analysis	9	1		6.2	M	28	ZeroCERT

22430	2022-12-10 14:50	olx.rar c76ffa6785ba2e17c76d5e61f6305150 RAT UPX PE32 .NET EXE PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.2	M	43	ZeroCERT

22431	2022-12-10 14:49	nppshell.exe 45a95da55d4eb1e4d7f8d08f52e1f0ee Generic Malware UPX Antivirus Malicious Library Malicious Packer PE32 OS Processor Check PE File PE64 DLL JPEG Format BMP Format Malware download Amadey FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows Email ComputerName DNS Cryptographic key Software crashed	10 Keyword trend analysis Info http://85.209.135.109/jg94cVd30f/index.php?scr=1 http://ripple-wells-2022.net/n8exrcvvse1m2/syncfiles.dll http://85.209.135.109/jg94cVd30f/Plugins/cred64.dll http://ripple-wells-2022.net/mwr8f3vdi2h22/umciavi64.exe http://ripple-wells-2022.net/n8exrcvvse1m2/Emit64.exe http://45.159.188.118/bot/online?guid=test22-PC\test22&key=afc950a4a18fd71c9d7be4c460e4cb77d0bcf29a49d097e4e739c17c332c3a34 - rule_id: 24799 http://ripple-wells-2022.net/n8exrcvvse1m2/avicapn32.exe http://ripple-wells-2022.net/mwr8f3vdi2h22/umciavi32.exe http://85.209.135.109/jg94cVd30f/index.php http://45.159.188.118/bot/regex?key=afc950a4a18fd71c9d7be4c460e4cb77d0bcf29a49d097e4e739c17c332c3a34 - rule_id: 24798	5	6 Info ET MALWARE Amadey CnC Check-In ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET USER_AGENTS Go HTTP Client User-Agent ET INFO Dotted Quad Host DLL Request	2	14.2	M	11	ZeroCERT

22432	2022-12-10 14:49	vhad.exe ec8e41469c87d52dc8238ba282f613b6 AgentTesla PWS[m] browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library Malicious Packer UPX Create Service Socket DNS Internet API Sniff Audio KeyLogger Escalate priviledges AntiDebug AntiVM PE32 OS Processor Check PE Remcos VirusTotal Malware AutoRuns Code Injection Malicious Traffic Check memory buffers extracted Creates executable files suspicious process AppData folder Windows DNS DDNS keylogger	1 Keyword trend analysis	7	2		14.0	M	51	ZeroCERT

22433	2022-12-10 14:46	exe.exe cece3f2c4e2be634eb2cbca97010740e Malicious Library VMProtect PE32 PE File VirusTotal Malware Buffer PE PDB Checks debugger buffers extracted unpack itself sandbox evasion ComputerName		1			4.4	M	13	ZeroCERT

22434	2022-12-10 10:54	NABUInternetAdapter_12.7.exe 3466e379ac0608ccb944667185b84cfe RAT PWS .NET framework Generic Malware PE32 .NET EXE PE File VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows	2 Keyword trend analysis	2			4.0		1	guest

22435	2022-12-09 15:17	dkWKxiFhDGVr.exe f36038207a570f622e9114bce1f6b1ed Malicious Library PE32 PE File VirusTotal Malware Buffer PE PDB Checks debugger buffers extracted unpack itself sandbox evasion ComputerName		1			3.8	M	30	ZeroCERT

22436	2022-12-09 15:15	vbc.exe 7e26a65502e428460a76d8268a420ade RAT PE32 .NET EXE PE File VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces ComputerName	1 Keyword trend analysis	2			3.6	M	30	ZeroCERT

22437	2022-12-09 15:13	vbc.exe 1e063b3d9cc7a483c1b7cce5585f29f6 RAT PE32 .NET EXE PE File VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces ComputerName	1 Keyword trend analysis	2			3.6	M	36	ZeroCERT

22438	2022-12-09 15:12	502.exe 842d42bb052a77759c8f55d46021b2e0 Malicious Library UPX PE32 OS Processor Check PE File VirusTotal Malware Creates executable files Ransom Message					2.8	M	55	ZeroCERT

22439	2022-12-09 15:11	vbc.exe f9cab82b8a981cd57613abc014237491 PWS[m] PWS Loki[b] Loki.m RAT Generic Malware Antivirus DNS AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	2 Keyword trend analysis	4	1		17.2		29	ZeroCERT

22440	2022-12-09 15:11	vbc.exe 9a71a69f66b67df8a4d5a849b3832986 RAT Generic Malware Antivirus AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process Windows ComputerName Cryptographic key	1 Keyword trend analysis	2			11.8		40	ZeroCERT