Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
22861	2022-12-19 22:03	Xerox Scan_12.7z a96da4ce2449067fa6eebae54ebc5a34 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.4			guest

22862	2022-12-19 18:12	Clip1.exe 2160b328dfdbbe8080a40f80ae87af73 NPKI Malicious Library UPX PE32 OS Processor Check PE File Malware download VirusTotal Malware AutoRuns Creates executable files unpack itself Windows utilities suspicious process AppData folder Windows ComputerName DNS	2 Keyword trend analysis	2	4	2	5.8	M	29	ZeroCERT

22863	2022-12-19 16:15	build2.exe 6a7892ece7e8bf85628e0e769560b7cb Malicious Library UPX PE32 OS Processor Check PE File VirusTotal Malware PDB unpack itself Windows crashed					3.0		55	ZeroCERT

22864	2022-12-19 10:07	rtpehnnzbxoa.exe 31e5f2a6588723aadefaf5595482d955 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 VirusTotal Malware crashed					1.4	M	43	ZeroCERT

22865	2022-12-19 10:03	WW20.exe 5debae710acc279440b0fb96ad7ba5ef AgentTesla PWS[m] browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library UPX Create Service DGA Socket ScreenShot DNS BitCoin Internet API Code injection Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledg Browser Info Stealer VirusTotal Malware AutoRuns Code Injection Malicious Traffic Checks debugger Creates executable files exploit crash unpack itself Windows utilities Disables Windows Security suspicious process malicious URLs suspicious TLD sandbox evasion WriteConsoleW IP Check installed browsers check Tofsee Windows Exploit Browser ComputerName DNS crashed	6 Keyword trend analysis Info http://metazone1.com/api/tracemap.php http://metazone1.com/api/firegate.php http://107.182.129.251/download/it_tab.png http://107.182.129.251/download/it_tab.jpeg https://ipinfo.io/widget https://vk.com/doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJRGQ2TANA:1661413520:uZNj68vRUvQaydRD8wpAK8zluN0I7otw5AHbA1ZlN9T&api=1&no_preview=1	13 Info vk.com(87.240.132.67) iplis.ru(148.251.234.93) - mailcious ipinfo.io(34.117.59.81) metazone1.com(31.31.196.244) iplogger.org(148.251.234.83) - mailcious 45.10.52.33 - mailcious 148.251.234.83 148.251.234.93 - mailcious 163.123.143.4 - mailcious 87.240.129.133 34.117.59.81 107.182.129.251 - malware 31.31.196.244 - mailcious	13 Info SURICATA Applayer Mismatch protocol both directions ET INFO Observed URL Shortening Service Domain (vk .com in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET INFO Executable Download from dotted-quad Host ET DROP Spamhaus DROP Listed Traffic Inbound group 9 ET INFO URL Shortening Service Domain in DNS Lookup (vk .com) ET INFO TLS Handshake Failure ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET POLICY IP Check Domain (iplogger .org in TLS SNI)		15.0	M	32	ZeroCERT

22866	2022-12-19 10:03	FEejeARafe.exe bac43db85fb7279c44edb5dee47dcfeb Emotet Gen2 Gen1 Generic Malware Malicious Library UPX AntiDebug AntiVM PE32 OS Processor Check PE File PNG Format JPEG Format MSOffice File DLL PE64 VirusTotal Malware AutoRuns suspicious privilege Code Injection Checks debugger buffers extracted WMI RWX flags setting exploit crash unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Tofsee Windows Exploit ComputerName DNS crashed	1 Keyword trend analysis	5	1		9.2		5	ZeroCERT

22867	2022-12-19 10:02	1.exe bac43db85fb7279c44edb5dee47dcfeb Emotet Gen2 Gen1 Generic Malware Malicious Library UPX AntiDebug AntiVM PE32 OS Processor Check PE File PNG Format JPEG Format MSOffice File DLL PE64 VirusTotal Malware AutoRuns suspicious privilege Code Injection Checks debugger WMI RWX flags setting exploit crash unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Tofsee Windows Exploit ComputerName DNS crashed	1 Keyword trend analysis	5	1		8.2		5	ZeroCERT

22868	2022-12-19 09:48	동아시아연구원 사례비 지급 서식.docx... bf41074e39bb3abbe4e4640401e7e655 VBA_macro Word 2007 file format(docx) VirusTotal Malware RWX flags setting					2.2		31	ZeroCERT

22869	2022-12-19 09:46	joker.exe 499eb765cd2bafb837b6f5dd48fb948a Malicious Library Malicious Packer PE32 PE File PDB unpack itself Windows RCE crashed					2.4	M		ZeroCERT

22870	2022-12-19 09:44	anon.exe 6f5561ff694caf8e381d115496ba9d1d RAT PWS .NET framework UPX PE32 OS Processor Check .NET EXE PE File Browser Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key crashed		1			5.6	M	45	ZeroCERT

22871	2022-12-19 09:44	installer.exe 62843ec5a756d35abea6fca30f20e93f Gen2 Malicious Library Malicious Packer UPX Antivirus OS Processor Check PE File PE64 VirusTotal Malware PDB MachineGuid RCE					3.2	M	29	ZeroCERT

22872	2022-12-19 09:42	linda5.exe 3403db2a5cdf576df616c97666fdef9c Malicious Library UPX PE32 OS Processor Check PE File DLL PDB unpack itself suspicious process AppData folder RCE					1.8			ZeroCERT

22873	2022-12-19 09:42	hobnob.exe d4f736595e0394cae20981b7b406a434 Malicious Library UPX PE32 OS Processor Check PE File VirusTotal Malware Buffer PE PDB Checks debugger buffers extracted unpack itself sandbox evasion ComputerName		1			3.4	M	18	ZeroCERT

22874	2022-12-19 09:27	동아시아연구원 사례비 지급 서식.docx... bf41074e39bb3abbe4e4640401e7e655 VBA_macro Word 2007 file format(docx) VirusTotal Malware					1.8		31	ZeroCERT

22875	2022-12-19 09:26	build.exe a387fd727600c5e8298696572b2f2f73 RAT PWS .NET framework PE32 .NET EXE PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself ComputerName					2.2		34	ZeroCERT