Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	Zero	VT	Player
35266	2022-01-20 09:42	exclusivezx.exe 73988544045703a34b3217a93a414e39 RAT PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName DNS crashed		2		11.0	M	26	ZeroCERT

35267	2022-01-20 09:40	5510542784046312.exe f49ec9a85b03f6f03d3e05329ba80f91 RAT Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	3 Keyword trend analysis	6		15.4	M	28	ZeroCERT

35268	2022-01-20 09:40	bryantzx.exe 98dbb3a09173419e5b0ea454d47f5bd2 PWS Loki[b] Loki.m .NET framework Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	2		13.8	M	36	ZeroCERT

35269	2022-01-20 09:39	Confirm Invoice Payment.pdf.ex... a61ffe0d35b03412243beb998d032775 RAT PWS .NET framework Generic Malware TEST PE File PE32 .NET EXE VirusTotal Malware PDB Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces	1 Keyword trend analysis	2		3.6		22	ZeroCERT

35270	2022-01-20 09:39	JCM.exe 860b0a92b07e6a2ef28c93195537f86d RAT PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4		13.0	M	20	ZeroCERT

35271	2022-01-20 09:38	0377654_642.xlsm f8e68c7017b69142a2ac0aab8cbe8582 Generic Malware Antivirus Malicious Packer Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Auto service powershell.exe wrote Check virtual network interfaces suspicious process sandbox evasion WriteConsoleW Interception Windows ComputerName DNS Cryptographic key	3 Keyword trend analysis	15 Info seven-lines.com(178.208.83.22) 178.208.83.22 54.38.242.185 - mailcious 185.148.168.220 - mailcious 51.210.242.234 - mailcious 191.252.103.16 - mailcious 62.171.178.147 - mailcious 69.16.218.101 - mailcious 92.255.57.195 - mailcious 104.131.62.48 - mailcious 168.197.250.14 - mailcious 217.182.143.207 - mailcious 37.44.244.177 - mailcious 142.4.219.173 - mailcious 45.138.98.34 - mailcious		16.8		17	ZeroCERT

35272	2022-01-20 09:31	905347967268907.xls 5be91dbfe71e171c5e33cf97f6e9d018 Generic Malware Antivirus Malicious Packer Malicious Library UPX MSOffice File PE File OS Processor Check PE32 DLL Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Auto service powershell.exe wrote Check virtual network interfaces suspicious process sandbox evasion WriteConsoleW Interception Windows ComputerName DNS Cryptographic key	8 Keyword trend analysis Info http://fr7.anbo5288.cc/-/Q7qLFrKJSlabny0snc/ - rule_id: 11350 http://fr7.anbo5288.cc/-/Q7qLFrKJSlabny0snc/ http://peterpolz.to-create.eu/cgi-bin/toRO9wV0IQu6/ - rule_id: 11349 http://peterpolz.to-create.eu/cgi-bin/toRO9wV0IQu6/ http://185.7.214.7/fer/fer.html - rule_id: 11347 http://185.7.214.7/fer/fer.html http://185.7.214.7/fer/fer.png - rule_id: 11348 http://185.7.214.7/fer/fer.png	30 Info peterpolz.to-create.eu(185.46.123.38) fr7.anbo5288.cc(128.199.157.63) 51.38.71.0 - mailcious 81.0.236.90 - mailcious 45.118.115.99 - mailcious 58.227.42.236 - mailcious 104.251.214.46 - mailcious 103.75.201.2 - mailcious 79.172.212.216 - mailcious 203.114.109.124 - mailcious 178.63.25.185 - mailcious 185.46.123.38 45.176.232.124 - mailcious 207.38.84.195 - mailcious 158.69.222.101 - mailcious 51.68.175.8 - mailcious 178.79.147.66 - mailcious 103.8.26.103 - mailcious 103.8.26.102 - mailcious 217.182.143.207 - mailcious 45.142.114.231 - mailcious 128.199.157.63 185.7.214.7 - mailcious 209.59.138.75 - mailcious 131.100.24.231 - mailcious 192.254.71.210 - mailcious 212.237.17.99 - mailcious 45.118.135.203 - mailcious 46.55.222.11 - mailcious 104.168.155.129 - mailcious	4	17.0			ZeroCERT

35273	2022-01-20 09:30	RMT18122.vbs 790d4e4139b05312a0c85ced4466ec02 AgentTesla Gen2 browser info stealer Generic Malware Google Chrome User Data Antivirus Malicious Packer Malicious Library Create Service Socket DNS Code injection Sniff Audio KeyLogger Escalate priviledges Downloader AntiDebug AntiVM PE File PE32 DLL VirusTotal Malware VBScript powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI heapspray wscript.exe payload download Creates shortcut Creates executable files ICMP traffic unpack itself Check virtual network interfaces suspicious process AppData folder WriteConsoleW Windows ComputerName DNS Cryptographic key keylogger Dropper	1 Keyword trend analysis	5		10.0	M	6	ZeroCERT

35274	2022-01-20 09:19	8775220308147463.xls 76c11124bf3b762351093c424880a516 Generic Malware Antivirus Malicious Packer Malicious Library UPX MSOffice File PE File OS Processor Check PE32 DLL Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Auto service powershell.exe wrote Check virtual network interfaces suspicious process suspicious TLD sandbox evasion WriteConsoleW Interception Windows ComputerName DNS Cryptographic key	4 Keyword trend analysis	30 Info peterpolz.to-create.eu(185.46.123.38) fr7.anbo5288.cc(128.199.157.63) 51.38.71.0 - mailcious 81.0.236.90 - mailcious 45.118.115.99 - mailcious 58.227.42.236 - mailcious 104.251.214.46 - mailcious 103.75.201.2 - mailcious 79.172.212.216 - mailcious 203.114.109.124 - mailcious 178.63.25.185 - mailcious 185.46.123.38 45.176.232.124 - mailcious 207.38.84.195 - mailcious 158.69.222.101 - mailcious 51.68.175.8 - mailcious 178.79.147.66 - mailcious 103.8.26.103 - mailcious 103.8.26.102 - mailcious 217.182.143.207 - mailcious 45.142.114.231 - mailcious 128.199.157.63 185.7.214.7 - mailcious 209.59.138.75 - mailcious 131.100.24.231 - mailcious 192.254.71.210 - mailcious 212.237.17.99 - mailcious 45.118.135.203 - mailcious 46.55.222.11 - mailcious 104.168.155.129 - mailcious		17.4			ZeroCERT

35275	2022-01-20 09:18	MFUM-455871.xlsm 25fde11ef3cfb28d66468b42923961cb Generic Malware Antivirus Malicious Packer Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Auto service powershell.exe wrote Check virtual network interfaces suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check Interception Windows ComputerName DNS Cryptographic key keylogger	2 Keyword trend analysis	15 Info kastamonulezzetrehberi.com(185.98.60.242) - malware 185.98.60.242 - malware 54.38.242.185 - mailcious 185.148.168.220 - mailcious 51.210.242.234 - mailcious 191.252.103.16 - mailcious 62.171.178.147 - mailcious 69.16.218.101 - mailcious 92.255.57.195 - mailcious 104.131.62.48 - mailcious 168.197.250.14 - mailcious 217.182.143.207 - mailcious 37.44.244.177 - mailcious 142.4.219.173 - mailcious 45.138.98.34 - mailcious	2	17.8	M	17	ZeroCERT

35276	2022-01-20 09:18	905347967268907.xls 5be91dbfe71e171c5e33cf97f6e9d018 KeyLogger ScreenShot AntiDebug AntiVM MSOffice File Code Injection unpack itself				2.0			ZeroCERT

35277	2022-01-20 08:09	http://192.210.214.174/PmtAdv/... 790d4e4139b05312a0c85ced4466ec02 Create Service DGA Socket DNS Internet API Hijack Network Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot P2P persistence Steal credential Http API AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Windows Exploit DNS crashed	1 Keyword trend analysis	1		6.0	M	6	ZeroCERT

35278	2022-01-20 07:54	AxVZTvof0xPasb9nP 81e77ccebc0c638812cd75368710b856 Malicious Packer Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware Checks debugger ICMP traffic RWX flags setting unpack itself sandbox evasion ComputerName DNS		13 Info 54.38.242.185 - mailcious 191.252.103.16 - mailcious 51.210.242.234 - mailcious 66.42.57.149 - mailcious 185.148.168.220 - mailcious 62.171.178.147 - mailcious 69.16.218.101 - mailcious 104.131.62.48 - mailcious 168.197.250.14 - mailcious 217.182.143.207 - mailcious 37.44.244.177 - mailcious 142.4.219.173 - mailcious 45.138.98.34 - mailcious		6.6		21	ZeroCERT

35279	2022-01-19 18:20	pngebanoe.hta.html 72f2b5e794eb3c55b38720bbaadb3385 VirusTotal Malware unpack itself crashed				1.0		1	ZeroCERT

35280	2022-01-19 18:04	pngebanoe.hta 72f2b5e794eb3c55b38720bbaadb3385 unpack itself crashed				0.6			ZeroCERT