Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
33091	2022-03-28 16:59	617_1648110517_8623.exe 9db6560c8f7658593c8a86f7f1c4af27 UPX ScreenShot AntiDebug AntiVM PE File PE32 PE64 VirusTotal Malware Code Injection Check memory Checks debugger AppData folder ComputerName					3.6	M	25	ZeroCERT

33092	2022-03-28 16:59	1885_1648027133_3712.exe c89f78c28ab5461266f8cdaae2793b95 RAT PWS .NET framework UPX OS Processor Check .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1			6.0	M	38	ZeroCERT

33093	2022-03-28 16:57	1254_1648083736_365.exe 313d85740e024976cb225c78e361e8a4 UPX ScreenShot AntiDebug AntiVM PE File PE32 PE64 VirusTotal Malware Code Injection Malicious Traffic Check memory Checks debugger AppData folder Tofsee Discord ComputerName DNS	1 Keyword trend analysis	2	3		5.0	M	37	ZeroCERT

33094	2022-03-28 16:57	5423_1648404768_3323.exe 5c662be15b6354d4b48b0c30a6635b2d ASProtect UPX AntiDebug AntiVM PE File PE32 Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Buffer PE MachineGuid Code Injection Malicious Traffic Check memory buffers extracted unpack itself Windows utilities Collect installed applications suspicious process AppData folder sandbox evasion WriteConsoleW anti-virtualization installed browsers check Mars Stealer Stealer Windows Browser Email ComputerName	2 Keyword trend analysis	2	1	2	14.6	M	25	ZeroCERT

33095	2022-03-28 16:54	6313_1648414584_5663.exe 03cb931a5114bbc60526858fb7d5f77f RAT .NET EXE PE File PE32 MachineGuid Check memory Checks debugger ICMP traffic unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee	1 Keyword trend analysis	4	1		4.0			ZeroCERT

33096	2022-03-28 16:54	6012_1648401214_7634.exe b1413ac584b27dc8d1b443b347354fb1 RAT PWS .NET framework .NET EXE PE File PE32 MachineGuid Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee	1 Keyword trend analysis	4	1		2.2			ZeroCERT

33097	2022-03-28 16:52	9648_1648412414_6552.exe a8582b4021c880db55feabb9039940ee RAT .NET EXE PE File PE32 Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee	2 Keyword trend analysis	4	1		4.6			ZeroCERT

33098	2022-03-28 16:52	8004_1648159844_1520.exe 1148ed6905d245b255b9216da947728f RAT Generic Malware UPX OS Processor Check .NET EXE PE File PE32 DLL PE64 VirusTotal Malware PDB Check memory Checks debugger Creates executable files unpack itself					2.2	M	26	ZeroCERT

33099	2022-03-28 16:50	7310_1648224681_720.exe 222482cd08582e86ab141a619d907afc PWS[m] RedLine stealer[m] AntiDebug AntiVM PE File PE32 VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		1			10.0	M	28	ZeroCERT

33100	2022-03-28 16:50	7258_1648163367_5773.exe 89b7e7dcd6fed1c551b52f1702d9d70a RAT PWS .NET framework Generic Malware Malicious Library UPX OS Processor Check .NET EXE PE File PE32 DLL PE64 VirusTotal Malware PDB Check memory Checks debugger Creates executable files unpack itself					2.6	M	42	ZeroCERT

33101	2022-03-28 13:47	13_1647960020_5631.exe e5c6ea778ea68c873d067e4dd4ea160a Obsidium protector UPX .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger RWX flags setting unpack itself sandbox evasion Windows ComputerName RCE Cryptographic key crashed		1			7.2		22	ZeroCERT

33102	2022-03-28 13:35	jaureg.exe 2e89a7aae558e9be86042e2bd7e65803 Gen2 Gen1 Malicious Library UPX OS Processor Check PE File PE32 VirusTotal Malware ICMP traffic unpack itself ComputerName		2			4.2		32	ZeroCERT

33103	2022-03-28 13:33	gunzipped.exe c2301b62539adcba29dcf6a3200bd017 Malicious Library UPX PE File PE32 OS Processor Check DLL Emotet VirusTotal Malware Code Injection Check memory Creates executable files unpack itself AppData folder					4.6		51	ZeroCERT

33104	2022-03-28 13:26	ecua.exe 7619f3bf412f68ce1449545c814fb097 RAT UPX .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself ComputerName					1.6		17	ZeroCERT

33105	2022-03-28 11:30	PbSkdCOW 676cb205bda59fa2e34fbee6651399d7 Malicious Packer Malicious Library UPX OS Processor Check DLL PE File PE32 VirusTotal Malware Checks debugger RWX flags setting unpack itself sandbox evasion ComputerName RCE DNS		32 Info 196.218.30.83 - mailcious 188.44.20.25 - mailcious 212.24.98.99 - mailcious 58.227.42.236 - mailcious 185.8.212.130 - mailcious 209.126.98.206 - mailcious 5.9.116.246 - mailcious 138.185.72.26 - mailcious 195.201.151.129 - mailcious 103.75.201.2 - mailcious 197.242.150.244 - mailcious 159.8.59.82 - mailcious 216.120.236.62 - mailcious 51.91.7.5 - mailcious 153.126.146.25 - mailcious 82.165.152.127 - mailcious 119.193.124.41 - mailcious 45.118.135.203 - mailcious 189.232.46.161 - mailcious 79.172.212.216 - mailcious 158.69.222.101 - mailcious 164.68.99.3 - mailcious 217.182.25.250 - mailcious 151.106.112.196 - mailcious 107.182.225.142 - mailcious 51.91.76.89 - malware 131.100.24.231 - mailcious 72.15.201.15 - mailcious 212.237.17.99 - mailcious 173.212.193.249 - mailcious 50.116.54.215 - mailcious 192.99.251.50 - mailcious			5.6	M	9	ZeroCERT