Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	Zero	VT	Player
35326	2022-01-19 11:49	vbc.exe 8c88a72783f38705fe08730dfe01b40c NSIS Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	1		8.8	M	28	ZeroCERT

35327	2022-01-19 11:49	rae.exe 088eb3f50215d88895e7f2215607e5d0 Gen1 Generic Malware Malicious Library UPX TEST Anti_VM PE64 PE File OS Processor Check DLL VirusTotal Malware Check memory Creates executable files crashed				1.8	M	27	ZeroCERT

35328	2022-01-19 11:49	1.exe 7fa457acce5d5487edb709a286052b79 Gen1 Gen2 UPX Malicious Library Malicious Packer TEST ASPack PE File PE32 DLL OS Processor Check VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency MachineGuid Malicious Traffic Check memory buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS crashed	4 Keyword trend analysis Info http://185.163.204.212//l/f/iG04cH4BZ2GIX1a3Foik/3f73650a26f7f66bc40c1ae9d176ca9cbf7fee6b - rule_id: 11209 http://185.163.204.22/sandysysmanch1 http://185.163.204.212/ - rule_id: 11209 http://185.163.204.212//l/f/iG04cH4BZ2GIX1a3Foik/73eee44e44919848c055e1526d06276c45f92e2e - rule_id: 11209	4	3	10.0	M	27	ZeroCERT

35329	2022-01-19 11:48	vbc.exe 701d8283da50a554d491d88adaa4987c PWS .NET framework Generic Malware Antivirus AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process suspicious TLD WriteConsoleW Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis Info http://www.6vvvvvwmetam.top/g2fg/?yh3ph8FP=7MwZ+vOrfEgzUtsfuOlT2LSD+fzzGZWqIzMgCoXtWmmRTV45oYq7mAL+n/mela4rzWfPWPsl&Sj=CpCLzL0 http://www.sandspringsramblers.com/g2fg/?yh3ph8FP=ge+LGbGU0sPhp615V0+Q+kydhBjB2swQkkhiZuS7Y+AByk961UG+1nlCefd7NlhDtpt/h7RC&Sj=CpCLzL0 - rule_id: 8687	6	1	12.0	M	32	ZeroCERT

35330	2022-01-19 11:46	6247996184071914.exe 284412fc352ae353414347de9079227b RAT PWS .NET framework Generic Malware Antivirus UPX Malicious Packer Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	3 Keyword trend analysis	6		16.8	M	19	ZeroCERT

35331	2022-01-19 11:44	7611168006129179.exe 160b96acafac45a88412986f20804ed2 RAT Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	3 Keyword trend analysis	8		15.4	M	28	ZeroCERT

35332	2022-01-19 11:43	.win32.exe 8871c3cc72ab3378479b80c4422f5c70 Loki NSIS Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	1	10.0	M	27	ZeroCERT

35333	2022-01-19 11:42	0596482445864510.exe 168678fe11459d971f16b66a55ee8bef RAT Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	3 Keyword trend analysis	6		15.6	M	30	ZeroCERT

35334	2022-01-19 11:41	vbc.exe 7d9f7b92a0d9fc1f456d6fbe4dd7e45b NSIS Malicious Library UPX PE File PE32 OS Processor Check DLL VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files ICMP traffic unpack itself AppData folder	14 Keyword trend analysis Info http://www.cryptointelcenter.com/yrcy/?af-8_FRh=eTXppb+Rr4kW+16L+94Uc3N4PNKEAa99UMY5PNUNRo7JACG1s5ehu582zmfvu3VPuE1l2JR8&UlSp=GVgTZXS0Kvx0RZ - rule_id: 8738 http://www.mintnft.tours/yrcy/?af-8_FRh=BjhL5bcixwHcKXvifHywySpeHratASXU2kFaj+jp5xhYRitlSwQ7EwdTW85PbyRrwgBiZ+JP&UlSp=GVgTZXS0Kvx0RZ - rule_id: 9686 http://www.shinepatio.com/yrcy/?af-8_FRh=39G/p+/dbd4fHdx59sHjQ8bDbKrvYJ+BsCbZfkMw2XUpd3ix8JFrIWmM/tmXtrla45p+uKkp&UlSp=GVgTZXS0Kvx0RZ - rule_id: 9449 http://www.babyvv.com/yrcy/?af-8_FRh=Ojp71h4aKs4cdkIQuWP72/n+RoNRnpaof24VM+BH4QfQ4+XO0FnozVCmQ258dYyfq3+9Enhv&UlSp=GVgTZXS0Kvx0RZ - rule_id: 9226 http://www.laqueenbeautybar.supplies/yrcy/?af-8_FRh=v3r6hW98u/E1e6DFfHCkxkGayxrL9igaQBwyCSAaMVPNp+0Lw1V9xolEMlqxiG2EK4RkWm4p&UlSp=GVgTZXS0Kvx0RZ - rule_id: 8917 http://www.cryptointelcenter.com/yrcy/?af-8_FRh=eTXppb+Rr4kW+16L+94Uc3N4PNKEAa99UMY5PNUNRo7JACG1s5ehu582zmfvu3VPuE1l2JR8&DxoHn=2djD8 - rule_id: 8738 http://www.drmichaelirvine.com/yrcy/?af-8_FRh=aw6RPX4C+h2jRvxSKzrdN77eUH6zVw/uBwCUGBgH66uHu3DhjC1vmmh9WqU0RPTTS1I3MpdI&UlSp=GVgTZXS0Kvx0RZ - rule_id: 7483 http://www.chatteusa.com/yrcy/?af-8_FRh=kG+pOBB3U3Ilq8kYCEXExRZHPjWz3j0TRg4xV/R7oIaf7FI1uH1KolZLEi7ZYuPa7d/UNp8o&UlSp=GVgTZXS0Kvx0RZ - rule_id: 8746 http://www.trist-n.tech/yrcy/?af-8_FRh=EwH+Udvumf2FQ86g/qJW6cE6pczTPX3xDKJIypteSQDTw5e9cVKdYuCH6xoGGJlbfs2iXkl4&UlSp=GVgTZXS0Kvx0RZ - rule_id: 9225 http://www.cyberitconsultingz.com/yrcy/?af-8_FRh=QW+Fq8rHxZGV0ebjmjz8VkKqwq7bI787VFjftiDrOYqZ24iCngy0uCUBT1g4PtWf/ki4RbFc&UlSp=GVgTZXS0Kvx0RZ - rule_id: 8919 http://www.taksimbet13.com/yrcy/?af-8_FRh=UgOf6/Cftv57TYKrPowHp6id703WqmJdhHoza7aGazFsFUzvOIqFFsP9hgo/+yKPdJLhB5Cn&UlSp=GVgTZXS0Kvx0RZ - rule_id: 10502 http://www.shinepatio.com/yrcy/?af-8_FRh=39G/p+/dbd4fHdx59sHjQ8bDbKrvYJ+BsCbZfkMw2XUpd3ix8JFrIWmM/tmXtrla45p+uKkp&DxoHn=2djD8 - rule_id: 9449 http://www.cletechsolutions.com/yrcy/?af-8_FRh=6oj+cRAbTTzt/2NBJRHF0KzLhmFT0afQnvz1X6yVwGfVu9zh+SVYbLRsBqi/up4gZGLNczfN&UlSp=GVgTZXS0Kvx0RZ - rule_id: 7478 http://www.uptimisedmc.com/yrcy/?af-8_FRh=nrIEEN2N6+wAvdKru25aJSUm0s9lHkKN4oj62KexRH1KRGyWdm/sk68W533J7wHDkfehxy4o&UlSp=GVgTZXS0Kvx0RZ - rule_id: 8745	27 Info www.mintnft.tours(34.102.136.180) www.waltersswholesale.com() www.hf59184.com() - mailcious www.uptimisedmc.com(162.241.217.102) www.trist-n.tech(198.54.117.212) www.jkbswj.com() - mailcious www.taksimbet13.com(185.162.228.2) www.laqueenbeautybar.supplies(206.188.192.2) www.babyvv.com(163.197.179.174) www.shinepatio.com(104.21.78.224) www.drmichaelirvine.com(54.71.30.209) www.cletechsolutions.com(192.0.78.24) www.cyberitconsultingz.com(162.0.232.168) www.cryptointelcenter.com(66.96.147.104) www.chatteusa.com(23.227.38.74) 206.188.192.2 - mailcious 66.96.147.104 - mailcious 162.241.217.102 - mailcious 163.197.179.174 - mailcious 34.102.136.180 - mailcious 172.67.137.222 198.54.117.216 - phishing 44.231.165.140 - mailcious 162.0.232.168 - malware 192.0.78.25 - mailcious 23.227.38.74 - mailcious 185.162.228.2 - mailcious	14 Info http://www.cryptointelcenter.com/yrcy/ http://www.mintnft.tours/yrcy/ http://www.shinepatio.com/yrcy/ http://www.babyvv.com/yrcy/ http://www.laqueenbeautybar.supplies/yrcy/ http://www.cryptointelcenter.com/yrcy/ http://www.drmichaelirvine.com/yrcy/ http://www.chatteusa.com/yrcy/ http://www.trist-n.tech/yrcy/ http://www.cyberitconsultingz.com/yrcy/ http://www.taksimbet13.com/yrcy/ http://www.shinepatio.com/yrcy/ http://www.cletechsolutions.com/yrcy/ http://www.uptimisedmc.com/yrcy/	6.6	M	24	ZeroCERT

35335	2022-01-19 11:41	xvcxcvxvx.ps1 1603913e41a739484e311b6c572b4703 Generic Malware Antivirus PE File PE32 .NET DLL DLL VirusTotal Malware powershell Creates executable files unpack itself Windows utilities Check virtual network interfaces AppData folder WriteConsoleW Windows ComputerName Cryptographic key	2 Keyword trend analysis	4		6.0	M	3	ZeroCERT

35336	2022-01-19 11:41	3100003070410006doc2pdf.exe 865402c884897272e4228fc09f74d9b2 RAT Generic Malware Antivirus PDF AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check installed browsers check Windows Browser ComputerName Cryptographic key crashed	6 Keyword trend analysis Info http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip http://ozzyingilizce.com/wp-content/sgu/Cccct.jpeg	2		17.4	M	27	ZeroCERT

35337	2022-01-19 11:37	csrss.exe a4c13722c598f133907c003dd0672743 Loki NSIS Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	1	11.6	M	24	ZeroCERT

35338	2022-01-19 11:37	03661025458.exe fae4e457b5286900c04ebf12a4bd7844 RAT Generic Malware Antivirus AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed	2 Keyword trend analysis	5		11.6	M	19	ZeroCERT

35339	2022-01-19 11:37	blessed-1gg.html 8cafba8b9bf6d8223d678a826ece2e7f Generic Malware TEST Antivirus AntiDebug AntiVM PNG Format powershell AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	25 Keyword trend analysis Info https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png https://www.blogger.com/comment-iframe.g?blogID=8965474558532949541&pageID=8365284475519832641&blogspotRpcToken=3720207 https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png https://fonts.googleapis.com/css?family=Open+Sans:300 https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/comment-iframe.g?blogID%3D8965474558532949541%26pageID%3D8365284475519832641%26blogspotRpcToken%3D3720207%26bpli%3D1&followup=https://www.blogger.com/comment-iframe.g?blogID%3D8965474558532949541%26pageID%3D8365284475519832641%26blogspotRpcToken%3D3720207%26bpli%3D1&go=true https://www.blogger.com/static/v1/widgets/2922743057-widgets.js https://www.google-analytics.com/analytics.js https://www.blogger.com/img/share_buttons_20_3.png https://fonts.gstatic.com/s/opensans/v27/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4gaVQ.woff https://www.blogger.com/static/v1/widgets/1529571102-css_bundle_v2.css https://www.blogger.com/static/v1/jsbin/3261120736-comment_from_post_iframe.js https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://hogyatohonathawarnameinmargya.blogspot.com/p/blessed-1gg.html%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://hogyatohonathawarnameinmargya.blogspot.com/p/blessed-1gg.html%26type%3Dblog%26bpli%3D1&go=true https://www.blogger.com/static/v1/jsbin/2287435483-ieretrofit.js https://www.google.com/css/maia.css https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxM.woff https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg https://fonts.googleapis.com/css?lang=ko&family=Product+Sans\|Roboto:400,700 https://www.blogger.com/img/blogger-logotype-color-black-1x.png https://www.blogger.com/dyn-css/authorization.css?targetBlogID=8965474558532949541&zx=00ef967e-52bd-4145-aae3-9569cec9110f https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc-.woff https://www.blogger.com/comment-iframe.g?blogID=8965474558532949541&pageID=8365284475519832641&blogspotRpcToken=3720207&bpli=1 https://resources.blogblog.com/img/icon18_edit_allbkg.gif https://www.blogger.com/blogin.g?blogspotURL=https://hogyatohonathawarnameinmargya.blogspot.com/p/blessed-1gg.html&type=blog https://www.blogger.com/static/v1/v-css/281434096-static_pages.css https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fhogyatohonathawarnameinmargya.blogspot.com%2Fp%2Fblessed-1gg.html&type=blog&bpli=1	16 Info resources.blogblog.com(216.58.220.137) www.google.com(142.250.207.4) www.gstatic.com(216.58.220.131) fonts.googleapis.com(216.58.197.234) accounts.google.com(142.251.42.173) www.google-analytics.com(142.251.42.174) fonts.gstatic.com(142.250.196.99) www.blogger.com(216.58.220.137) 142.250.204.35 142.250.207.78 172.217.24.105 172.217.27.35 142.250.204.106 142.250.66.36 142.250.66.41 172.217.24.109		7.6			ZeroCERT

35340	2022-01-19 11:36	ve.html 5c2e8fbd656903baac1dbcf81ac19e78 Generic Malware Malicious Packer Malicious Library UPX Antivirus AntiDebug AntiVM MSOffice File PE File OS Processor Check PE32 DLL VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Auto service powershell.exe wrote Check virtual network interfaces suspicious process sandbox evasion WriteConsoleW Windows Exploit ComputerName DNS Cryptographic key crashed	3 Keyword trend analysis	37 Info atplengineering.com(148.66.159.242) scoute.ai(54.254.177.153) - malware www2.s12.xrea.com(150.95.8.112) - malware soomaal.softuvo.xyz(112.196.72.188) - malware apps.identrust.com(23.43.165.66) ippur.ufrj.br(146.164.84.216) sarvaero.com(95.111.224.35) - malware wordpress.pixeleyenow.com(210.3.48.214) - malware 51.38.71.0 - mailcious 210.3.48.214 - malware 45.118.115.99 - mailcious 58.227.42.236 - mailcious 54.254.177.153 - malware 79.172.212.216 - mailcious 148.66.159.242 203.114.109.124 - mailcious 45.176.232.124 - mailcious 207.38.84.195 - mailcious 51.68.175.8 - mailcious 178.79.147.66 - mailcious 192.254.71.210 - mailcious 103.8.26.102 - mailcious 217.182.143.207 - mailcious 45.142.114.231 - mailcious 46.55.222.11 - mailcious 185.7.214.7 - mailcious 209.59.138.75 - mailcious 112.196.72.188 - mailcious 131.100.24.231 - mailcious 103.8.26.103 - mailcious 121.254.136.27 212.237.17.99 - mailcious 178.63.25.185 - mailcious 95.111.224.35 - malware 146.164.84.216 150.95.8.112 - malware 104.168.155.129 - mailcious		17.2	M	7	ZeroCERT