Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	Zero	VT	Player
22771	2022-12-26 09:56	2825.exe 9e053d7f64032a506a55bc67afbf5556 Malicious Library PE32 PE File VirusTotal Malware PDB unpack itself Windows RCE crashed				3.2	M	26	ZeroCERT

22772	2022-12-26 09:54	agent.exe ac382bfcfaea86b5749f7abc571ccf12 AgentTesla PWS[m] browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library Malicious Packer UPX Create Service Socket DNS Internet API Sniff Audio KeyLogger Escalate priviledges AntiDebug AntiVM PE32 OS Processor Check PE VirusTotal Malware AutoRuns Code Injection Check memory buffers extracted Creates executable files Windows utilities Disables Windows Security suspicious process AppData folder sandbox evasion WriteConsoleW human activity check Windows DNS keylogger		1		16.0	M	52	ZeroCERT

22773	2022-12-26 09:53	setup.exe e5ed0abfd38fb509ef0429dd65318400 Malicious Library UPX PE32 OS Processor Check PE File VirusTotal Malware Buffer PE PDB Checks debugger buffers extracted unpack itself sandbox evasion ComputerName		1		4.4	M	41	ZeroCERT

22774	2022-12-26 09:49	FEejeARafe.exe 7dcf17c42718f20b504aece2115f9276 AntiDebug AntiVM MSOffice File Code Injection ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed		2		5.6			guest

22775	2022-12-26 09:37	bibar.exe 1d641e8215a82151e8925673bfb171a1 RedLine stealer[m] PWS[m] SmokeLoader RAT PWS .NET framework Loki[b] Loki.m NPKI Gen2 Trojan_PWS_Stealer Generic Malware Credential User Data Themida Packer Malicious Library Malicious Packer UPX Anti_VM SQLite Cookie VMProtect Internet API Code inj Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare Check virtual network interfaces suspicious process AppData folder WriteConsoleW VMware anti-virtualization installed browsers check Windows Exploit Browser Email ComputerName Firmware DNS Cryptographic key Software crashed	18 Keyword trend analysis Info http://62.204.41.67/g8sjnd3xe/index.php http://62.204.41.182/g9TTnd3bS/index.php http://1h3art.me/bins/build.exe http://193.42.33.28/game0ver/index.php http://www.kathrynpaige.com/mp3studios_97.exe http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=nbveek.exe&platform=0009&osver=5&isServer=0 http://62.204.41.182/Legs.exe http://62.204.41.165/g8sjnd3xe/index.php http://1h3art.me/bugatti/bd.exe http://62.204.41.182/g9TTnd3bS/Plugins/cred64.dll http://80.76.51.173/system32.exe http://www.kathrynpaige.com/mp3studios97/mp3studios_97.exe http://1h3art.me/bins/bin.exe http://cdn.discordapp.com/attachments/1050469248977346630/1056347612317483008/1.exe http://byh.ajn322bb.com/files/pe/pb1109.exe - rule_id: 25000 http://31.41.244.173/new/linda5.exe http://62.204.41.13/lego/Livability.exe https://www.icodeps.com/ - rule_id: 14280	26 Info learn.microsoft.com(104.74.222.233) cdn.discordapp.com(162.159.135.233) - malware www.icodeps.com(149.28.253.196) - mailcious iplogger.org(148.251.234.83) - mailcious 1h3art.me(37.139.129.107) - mailcious www.kathrynpaige.com(23.160.193.16) byh.ajn322bb.com(172.67.134.92) - malware transfer.sh(144.76.136.153) - malware 148.251.234.83 62.204.41.13 - malware 162.159.134.233 - malware 31.41.244.228 - malware 62.204.41.67 62.204.41.182 104.74.222.233 37.139.129.107 - malware 62.204.41.165 - malware 193.42.33.28 149.28.253.196 - mailcious 80.76.51.173 104.75.21.121 82.115.223.15 144.76.136.153 - mailcious 31.41.244.173 - malware 23.160.193.16 - malware 104.21.25.158 - malware	2	30.4	M	41	ZeroCERT

22776	2022-12-26 09:29	anon.exe d644e121e4e3e53a46f2ddd843048c2d RAT PWS .NET framework UPX PE32 OS Processor Check .NET EXE PE File Browser Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key crashed		1		5.6		51	ZeroCERT

22777	2022-12-26 09:29	clim.exe c6d73b5ece49beea2dfaae5d15aaf774 NPKI RAT PE32 .NET EXE PE File VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces ComputerName		2		2.6		40	ZeroCERT

22778	2022-12-26 09:27	trud.exe 34ac5a0cd20e58be8ab8174a71b3d0fd Generic Malware Malicious Library PE32 PE File VirusTotal Malware PDB unpack itself Windows RCE crashed				3.2		25	ZeroCERT

22779	2022-12-26 09:27	cred64.dll 70134bf4d1cd851b382b2930a2e182ea PWS Loki[b] Loki.m Malicious Library PE32 DLL PE File FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Malicious Traffic Check memory Checks debugger unpack itself Email DNS Software crashed	1 Keyword trend analysis	1		6.0		47	ZeroCERT

22780	2022-12-25 17:35	entrepreneurship and innovatio... 63121460d86faa35602911903c178023 PDF							guest

22781	2022-12-24 09:49	Apple-advanced-security-Securi... 8811cbe5c356e303445c4225396eb362 JPEG Format							Dr

22782	2022-12-24 09:46	LEGAL_NOTICE.rtf 88e03ec4e9cf9cc8359b73c744544a9b exploit crash Exploit crashed				1.0			guest

22783	2022-12-23 18:21	18.exe 57f87bb59a5fc08c37628e7cc674e958 RAT PWS .NET framework AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself				7.4	M	29	ZeroCERT

22784	2022-12-23 18:19	smauga.exe 616dca0ef072cd365654797a3252afe2 Malicious Library PE32 PE File VirusTotal Malware PDB unpack itself Windows RCE crashed				3.4	M	36	ZeroCERT

22785	2022-12-23 18:17	s.exe 27a37d7db6c7a8557b770fb860444825 Malicious Library PE32 PE File VirusTotal Malware PDB unpack itself Windows RCE crashed				3.2		26	ZeroCERT