Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	Zero	VT	Player
35296	2022-01-19 17:32	nfxv.exe e745cce4bd299146c76b5deb19bba167 NSIS Malicious Library UPX PE File PE32 OS Processor Check DLL VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder DNS	4 Keyword trend analysis Info http://www.chevalsk.com/nk6l/?EZU4Dv=EaZkIt/dsbgGmtP3z3fG5X1OrV1k+ItimY3tDs5cepHzfg8Rj7GgJx6GdJ5RhaIBRqlzCCHC&DzrLW=VBZHT4kXndKXKr - rule_id: 6265 http://www.thursdaynightthriller.com/nk6l/?EZU4Dv=AN7S2hjxBoh5dvyBzN77TguLKoDYI21oePmvmL/vS/ZQ4bXIPo339kasuVG0R4RVRfx/vH7m&DzrLW=VBZHT4kXndKXKr - rule_id: 10481 http://www.savannah.biz/nk6l/?EZU4Dv=eVoobpk08Ao/3dw6I5o5MXQ/qxwkKCVWTCdj7oEIoOx/sFvmvM8fKMLoa24rKKM7mdp49Knl&DzrLW=VBZHT4kXndKXKr http://www.55midwoodave.com/nk6l/?EZU4Dv=CDwvi98reBkY67qhgiNC3eKXSm6dbGovFpsfTnlmKV4X0J8aoEF93h3dc4hN/aSmA2UhmbuC&DzrLW=VBZHT4kXndKXKr	10	2	6.6	M	34	ZeroCERT

35297	2022-01-19 17:31	AxVZTvof0xPasb9nP a3bb2614f2dd81a4420b80f88ffc0dc8 Malicious Packer Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware Checks debugger ICMP traffic RWX flags setting unpack itself sandbox evasion ComputerName DNS		13 Info 54.38.242.185 - mailcious 191.252.103.16 - mailcious 51.210.242.234 - mailcious 66.42.57.149 - mailcious 185.148.168.220 - mailcious 62.171.178.147 - mailcious 69.16.218.101 - mailcious 104.131.62.48 - mailcious 168.197.250.14 - mailcious 217.182.143.207 - mailcious 37.44.244.177 - mailcious 142.4.219.173 - mailcious 45.138.98.34 - mailcious		6.6		21	ZeroCERT

35298	2022-01-19 17:29	beerpeer.exe e7de72de8a439bab253a17638878f7d7 Generic Malware Malicious Library UPX Antivirus PE64 PE File OS Processor Check GIF Format VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Check memory Checks debugger WMI Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process Windows ComputerName DNS Cryptographic key		1		7.0		9	ZeroCERT

35299	2022-01-19 17:29	okeywed.exe 2e2ef271e5626bcaac8f237a24657e9e RAT PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName crashed				9.0		16	ZeroCERT

35300	2022-01-19 15:27	2.ps1 6422ede9aadd1a768cb57fe06c1155ad RAT Gen2 Gen1 Generic Malware Antivirus Malicious Packer Malicious Library UPX PE64 PE File OS Processor Check VirusTotal Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI heapspray Creates executable files unpack itself Windows utilities Auto service powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Firmware DNS Cryptographic key crashed	2 Keyword trend analysis	1		15.8		13	ZeroCERT

35301	2022-01-19 15:27	LogBack.exe 72c6966aeb1678235e6dfc6f53bcf7fd Gen2 Gen1 Malicious Packer Malicious Library UPX PE64 PE File OS Processor Check VirusTotal Malware unpack itself ComputerName				2.4		49	ZeroCERT

35302	2022-01-19 14:59	Doc-transfer_form.bat c64049c3adebb2d82e2f1da49c24b48b PWS .NET framework Generic Malware Antivirus AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key				11.8		31	ZeroCERT

35303	2022-01-19 14:06	Jbbmfq.exe c467bc0aecc324a9f19d73d43397acdf Loki PWS Loki[b] Loki.m RAT .NET framework Generic Malware Malicious Packer Antivirus UPX DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	4	1	17.2	M	31	ZeroCERT

35304	2022-01-19 14:06	okeyt.exe 7a430c03bbdc0d31c398f891c344ac02 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName Cryptographic key crashed				9.6	M	38	ZeroCERT

35305	2022-01-19 14:04	HpsrSpoofer3.exe db1cb546c05ce3a129d921d3e2044aca Malicious Library UPX PE File PE32 VirusTotal Malware				1.2	M	47	ZeroCERT

35306	2022-01-19 14:04	.csrss.exe fb21dbd40d32aad4ee6d1ddbc35a84ba Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself				1.4	M	24	ZeroCERT

35307	2022-01-19 14:03	9867015865498708.exe 74297c562b78e23485d6a5376ac4e07d PWS Loki[b] Loki.m RAT Generic Malware Antivirus DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3		17.2	M	24	ZeroCERT

35308	2022-01-19 14:02	vbc.exe d9ab8b5b7f9a66c8f521beecfe16037b NSIS Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	1		11.0	M	41	ZeroCERT

35309	2022-01-19 14:00	vbc.exe 6c5f97adbd42158f2b8f9e029a24059a NSIS Malicious Library UPX PE File PE32 OS Processor Check DLL VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder	10 Keyword trend analysis Info http://www.ffmagic.com/h0id/?rVIHh6=7epTMlnSjVzogB6F1J82zXe4vn1wDPwBCXyxCcGyoxS6OVCPCZpYtdi7jdw+gVLG6kD3XSJd&AP0hDJ=3fytC http://www.luiscarloslopes.website/h0id/?rVIHh6=HLu5bh5IJwwQKbFRCE4HY85cw/itbuBzqled9uOD2xJqZ8KEIlpQWBzdHdK2YlcSvaL8Fzu2&AP0hDJ=3fytC - rule_id: 9190 http://www.mmhshuttle.com/h0id/?rVIHh6=6hdYm3H9Un/kc96bAkkjPM5/F5pnI2rWW+xPPXSbmJ+Dm34gW45Bb2hdl6xriTracpNhUXJb&AP0hDJ=3fytC http://www.wittig-technologies.com/h0id/?rVIHh6=/bANzrwUH+B14z+Vd084ROMP6mBoTL0+1lS8Jvc3EcmMLW9Pyol0yMr7C6vmxCR8v8ZAqMou&AP0hDJ=3fytC http://www.3-h0.online/h0id/?rVIHh6=fw3GpwklRKOrlTpzCnSfVRP6Vs8TjuW5HO9CeS49eHd3yUb5/W4z2b3rPrTK7qw+8kdaP+eV&AP0hDJ=3fytC - rule_id: 8719 http://www.deadbeatingheart.com/h0id/?rVIHh6=ssn4QqgFtpTGpqE8pkpmO91Lgm6TXA5CcUprdFU7c/oLWL8+4ASzSTIvpmrU8VGICQssNYUb&AP0hDJ=3fytC http://www.yourpinmaster.com/h0id/?rVIHh6=+bZ/V1P3ObBm+baXCPsv5Mw1oB4OnAq46e6RWFppcTozg3FWp5avYTZpHxseoolIMo3s7aHO&AP0hDJ=3fytC - rule_id: 9198 http://www.rosevilletavernandgrillpa.com/h0id/?rVIHh6=YeEuvnyG1pWjB0HvI2fxX0Q/OTVG1sf/CM180BwIJ08Sos5YcDW9MhUniB5pR6Q9it/ykP3N&AP0hDJ=3fytC http://www.cryptotreasures.xyz/h0id/?rVIHh6=+E7w+hERRcC1djAlMk8u41Hg0zL/UuN5Mhddt87UeafYmvSTKGVVtheL+a/4JdM6pqWxLvb2&AP0hDJ=3fytC http://www.biyell.com/h0id/?rVIHh6=9Xv/6UapQNLYTjOxWPElcyia7ue16W5gcM09KGkOgyN6q16nq8Uq1HCN1s2xx+qgCsQcM1fq&AP0hDJ=3fytC	23 Info www.biyell.com(103.75.46.107) www.wittig-technologies.com(198.54.117.218) www.cryptotreasures.xyz(104.21.62.154) www.k12accred.net() - mailcious www.rosevilletavernandgrillpa.com(75.2.115.196) www.luiscarloslopes.website(34.102.136.180) www.ffmagic.com(120.77.247.33) www.yourpinmaster.com(192.3.204.226) www.bizantinelabs.xyz() www.3-h0.online(91.195.240.94) www.pandemicsafetyscience.com(91.195.240.94) www.deadbeatingheart.com(3.33.152.147) www.mmhshuttle.com(3.33.152.147) 198.54.117.218 - mailcious 104.21.62.154 3.33.152.147 192.3.204.226 - malware 15.197.142.173 - mailcious 34.102.136.180 - mailcious 75.2.115.196 - mailcious 120.77.247.33 103.75.46.107 91.195.240.94 - phishing	3	6.0	M	38	ZeroCERT

35310	2022-01-19 14:00	dddddsdsdssds.exe 97221305ce5f05743f46f1998db359ba Generic Malware PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key				2.4	M	31	ZeroCERT