Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	Zero	VT	Player
35281	2022-01-19 18:01	054051873-734596.xlsm 88c58c8bcec46e2ea81ba586254e8098 Generic Malware Malicious Packer Malicious Library UPX Antivirus PE File OS Processor Check PE32 DLL VirusTotal Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Auto service powershell.exe wrote Check virtual network interfaces suspicious process sandbox evasion WriteConsoleW Interception Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	16 Info kastamonulezzetrehberi.com(185.98.60.242) - malware 185.98.60.242 - malware 54.38.242.185 - mailcious 185.148.168.220 - mailcious 51.210.242.234 - mailcious 66.42.57.149 - mailcious 191.252.103.16 - mailcious 62.171.178.147 - mailcious 69.16.218.101 - mailcious 92.255.57.195 - mailcious 104.131.62.48 - mailcious 168.197.250.14 - mailcious 217.182.143.207 - mailcious 37.44.244.177 - mailcious 142.4.219.173 - mailcious 45.138.98.34 - mailcious	2	17.4	M	15	ZeroCERT

35282	2022-01-19 17:59	Generativeness.exe ca74b9b7f7a2ccb31a3d3976468c94f4 Gen1 RAT Eredel Stealer Extended Generic Malware Malicious Library UPX PE File OS Processor Check PE32 PE64 .NET EXE VirusTotal Malware PDB MachineGuid Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder	1 Keyword trend analysis	4		4.8		43	ZeroCERT

35283	2022-01-19 17:56	34323432.exe a2edb7ca38220264338abce030589028 RAT PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed				8.2			ZeroCERT

35284	2022-01-19 17:53	8531_1642532969_5321.exe 56c7847956720db5e8e681cb7c57ccac RAT Eredel Stealer Extended Gen1 Generic Malware UPX Malicious Library PE File PE32 .NET EXE PE64 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Collect installed applications Check virtual network interfaces AppData folder sandbox evasion installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	7		14.0	M	21	ZeroCERT

35285	2022-01-19 17:50	768_1642528196_8884.exe 7b956c49b8f5e0bc6d0b7745e468e932 Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself				1.8	M	28	ZeroCERT

35286	2022-01-19 17:44	csrss.exe ae3e2124ee5758fe2512ee412d9edf02 Loki PWS Loki[b] Loki.m RAT .NET framework Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	1	13.8	M	20	ZeroCERT

35287	2022-01-19 17:43	18.exe 99ce3e4d73b6432c121bc53495ff6205 RAT Eredel Stealer Extended Gen1 Generic Malware UPX Malicious Library PE File PE32 .NET EXE PE64 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Collect installed applications Check virtual network interfaces AppData folder sandbox evasion installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	7		14.2	M	23	ZeroCERT

35288	2022-01-19 17:40	game.exe 661b3c360b31b0ef1ea0a43f24688d9e Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself				1.4	M	25	ZeroCERT

35289	2022-01-19 17:39	GuyYvg-537.xlsm c63938abd6377d5c1d48dc02e43ba7ab Generic Malware Malicious Packer Malicious Library UPX Antivirus PE File OS Processor Check PE32 DLL Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Auto service powershell.exe wrote Check virtual network interfaces suspicious process sandbox evasion WriteConsoleW Interception Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	16 Info kastamonulezzetrehberi.com(185.98.60.242) - malware 185.98.60.242 - malware 54.38.242.185 - mailcious 185.148.168.220 - mailcious 51.210.242.234 - mailcious 66.42.57.149 - mailcious 191.252.103.16 - mailcious 62.171.178.147 - mailcious 69.16.218.101 - mailcious 92.255.57.195 - mailcious 104.131.62.48 - mailcious 168.197.250.14 - mailcious 217.182.143.207 - mailcious 37.44.244.177 - mailcious 142.4.219.173 - mailcious 45.138.98.34 - mailcious		16.8	M		ZeroCERT

35290	2022-01-19 17:38	XdeEXA37805.xlsm e7271a99e40464ad275d37f322a42026 Generic Malware Antivirus Malicious Packer Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Auto service powershell.exe wrote Check virtual network interfaces suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check Interception Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	16 Info kastamonulezzetrehberi.com(185.98.60.242) - malware 185.98.60.242 - malware 54.38.242.185 - mailcious 185.148.168.220 - mailcious 51.210.242.234 - mailcious 66.42.57.149 - mailcious 191.252.103.16 - mailcious 62.171.178.147 - mailcious 69.16.218.101 - mailcious 92.255.57.195 - mailcious 104.131.62.48 - mailcious 168.197.250.14 - mailcious 217.182.143.207 - mailcious 37.44.244.177 - mailcious 142.4.219.173 - mailcious 45.138.98.34 - mailcious		17.2	M	14	ZeroCERT

35291	2022-01-19 17:38	.wininit.exe c79f4b9b0e781a14c5b81280d0feb111 Loki PWS Loki[b] Loki.m RAT .NET framework Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	3	1	13.2	M	20	ZeroCERT

35292	2022-01-19 17:36	.winlogon.exe 9ef36aa4e7363a9248007a8cfaf10de4 PWS .NET framework NPKI email stealer Generic Malware Malicious Library UPX TEST DNS Code injection KeyLogger Escalate priviledges Downloader persistence AntiDebug AntiVM PE File PE32 .NET EXE PE64 OS Processor Check DLL Browser Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	3		13.0	M	25	ZeroCERT

35293	2022-01-19 17:35	28DnnQ 8c845dc825ff1726c17890c0295bfd72 Malicious Packer Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware Checks debugger ICMP traffic RWX flags setting unpack itself sandbox evasion ComputerName DNS		13 Info 54.38.242.185 - mailcious 191.252.103.16 - mailcious 51.210.242.234 - mailcious 66.42.57.149 - mailcious 185.148.168.220 - mailcious 62.171.178.147 - mailcious 69.16.218.101 - mailcious 104.131.62.48 - mailcious 168.197.250.14 - mailcious 217.182.143.207 - mailcious 37.44.244.177 - mailcious 142.4.219.173 - mailcious 45.138.98.34 - mailcious		6.4	M	19	ZeroCERT

35294	2022-01-19 17:34	csrss.exe 0eb0c2c0460fca7a732b6277d3440850 Admin Tool (Sysinternals etc ...) Malicious Library UPX PE File PE32 VirusTotal Malware RWX flags setting unpack itself RCE crashed	3 Keyword trend analysis Info https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1642581099&rver=7.3.6962.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fonedrive.live.com%2Fdownload%3Fcid%3D31C396648A8D4C3D%26resid%3D31C396648A8D4C3D%2521121%26authkey%3DAPo8wjOlxFQGdng&lc=1033&id=250206&cbcxt=sky&cbcxt=sky https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1642581098&rver=7.3.6962.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fonedrive.live.com%2Fdownload%3Fcid%3D31C396648A8D4C3D%26resid%3D31C396648A8D4C3D%2521121%26authkey%3DAPo8wjOlxFQGdng&lc=1033&id=250206&cbcxt=sky&cbcxt=sky https://onedrive.live.com/download?cid=31C396648A8D4C3D&resid=31C396648A8D4C3D%21121&authkey=APo8wjOlxFQGdng	4		4.0	M	37	ZeroCERT

35295	2022-01-19 17:33	21.exe 4eb288f840ede91ac74ae91b7f82cbac Emotet NPKI Generic Malware Malicious Library UPX Antivirus PE64 PE File OS Processor Check VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process Windows ComputerName Cryptographic key				4.4		10	ZeroCERT