Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	Zero	VT	Player
35356	2022-01-18 16:43	9.exe e5b9c0f6e09af4b902ea432a0ccf55e5 UPX PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger RWX flags setting unpack itself sandbox evasion Windows ComputerName RCE DNS Cryptographic key crashed		1		8.0	M	29	ZeroCERT

35357	2022-01-18 15:46	invoice.hta c56e30a3b967a477d4bc2cf74a3e5a52 unpack itself crashed				0.6			ZeroCERT

35358	2022-01-18 15:36	8888_1642260354_4389.exe 7b1fb663b7c0fd28682a0ee052cb9827 Generic Malware PE64 PE File VirusTotal Malware		2		1.4	M	35	ZeroCERT

35359	2022-01-18 15:35	EYe3DEfcw7LCaU6T f977d2d82e01d8c453495502ef834d98 Malicious Packer Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware Checks debugger ICMP traffic RWX flags setting unpack itself sandbox evasion ComputerName DNS		13 Info 54.38.242.185 - mailcious 191.252.103.16 - mailcious 51.210.242.234 - mailcious 66.42.57.149 - mailcious 185.148.168.220 - mailcious 62.171.178.147 - mailcious 69.16.218.101 - mailcious 104.131.62.48 - mailcious 168.197.250.14 - mailcious 217.182.143.207 - mailcious 37.44.244.177 - mailcious 142.4.219.173 - mailcious 45.138.98.34 - mailcious		6.4	M	10	ZeroCERT

35360	2022-01-18 14:06	Athens.dll 61295ca80fbecf05b60915d8f6ce8c31 VMProtect Malicious Library PE64 PE File DLL VirusTotal Malware				1.6		11	ZeroCERT

35361	2022-01-18 14:06	Athens.dll 61295ca80fbecf05b60915d8f6ce8c31 VMProtect Malicious Library PE64 PE File DLL VirusTotal Malware				1.6		11	ZeroCERT

35362	2022-01-18 13:33	Athens.dll 61295ca80fbecf05b60915d8f6ce8c31 VMProtect Malicious Library PE64 PE File DLL VirusTotal Malware				1.6		11	JYC

35363	2022-01-18 11:01	cc2.html 8f12c9ff33ea9aa35e97faaeb09f63d7 emotet Generic Malware Antivirus Malicious Packer Malicious Library UPX AntiDebug AntiVM PE File OS Processor Check PE32 DLL VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities Auto service powershell.exe wrote Check virtual network interfaces suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	27 Info mecaglobal.com(198.12.243.55) - malware 51.38.71.0 - mailcious 81.0.236.90 - mailcious 45.118.115.99 - mailcious 58.227.42.236 - mailcious 104.251.214.46 - mailcious 103.75.201.2 - mailcious 79.172.212.216 - mailcious 203.114.109.124 - mailcious 198.12.243.55 - mailcious 45.176.232.124 - mailcious 207.38.84.195 - mailcious 158.69.222.101 - mailcious 51.68.175.8 - mailcious 178.79.147.66 - mailcious 103.8.26.103 - mailcious 103.8.26.102 - mailcious 217.182.143.207 - mailcious 45.142.114.231 - mailcious 185.7.214.7 - mailcious 209.59.138.75 - mailcious 131.100.24.231 - mailcious 192.254.71.210 - mailcious 212.237.17.99 - mailcious 178.63.25.185 - mailcious 46.55.222.11 - mailcious 104.168.155.129 - mailcious	1	16.6	M	6	ZeroCERT

35364	2022-01-18 11:00	cc.html 136d750819a65ac159a43fc64202cb32 Generic Malware Malicious Packer Malicious Library UPX Antivirus AntiDebug AntiVM PE File OS Processor Check PE32 DLL VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities Auto service powershell.exe wrote Check virtual network interfaces suspicious process sandbox evasion WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	27 Info mecaglobal.com(198.12.243.55) - malware 51.38.71.0 - mailcious 81.0.236.90 - mailcious 45.118.115.99 - mailcious 58.227.42.236 - mailcious 104.251.214.46 - mailcious 193.42.36.245 - mailcious 103.75.201.2 - mailcious 79.172.212.216 - mailcious 203.114.109.124 - mailcious 198.12.243.55 - mailcious 45.176.232.124 - mailcious 207.38.84.195 - mailcious 158.69.222.101 - mailcious 51.68.175.8 - mailcious 178.79.147.66 - mailcious 103.8.26.103 - mailcious 103.8.26.102 - mailcious 217.182.143.207 - mailcious 45.142.114.231 - mailcious 209.59.138.75 - mailcious 131.100.24.231 - mailcious 192.254.71.210 - mailcious 212.237.17.99 - mailcious 178.63.25.185 - mailcious 46.55.222.11 - mailcious 104.168.155.129 - mailcious		16.2	M	6	ZeroCERT

35365	2022-01-18 10:49	543_1642355418_3816.exe ffc7e0b51a3320c3f6d1e76163b974bd Gen1 Gen2 Malicious Library UPX Malicious Packer TEST ASPack ScreenShot Steal credential Http API AntiDebug AntiVM PE File PE32 DLL OS Processor Check JPEG Format GIF Format VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Buffer PE MachineGuid Code Injection Malicious Traffic Check memory buffers extracted Creates shortcut Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS crashed	4 Keyword trend analysis Info http://185.163.204.22/bin1axsec http://185.163.204.212/ - rule_id: 11209 http://185.163.204.212//l/f/8maa330BZ2GIX1a3k6gn/f4a3f3c357b3c7193f467f617873a1c04ff25519 - rule_id: 11209 http://185.163.204.212//l/f/8maa330BZ2GIX1a3k6gn/8eb5643c4817d16920c26a3a936412853a3b10a5 - rule_id: 11209	3	3	14.8	M	17	ZeroCERT

35366	2022-01-18 10:48	Order Sheet.exe c7f5e539c0718e15c8de45d5afb5f56b PWS .NET framework Generic Malware Antivirus DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key DDNS		2		14.6		35	ZeroCERT

35367	2022-01-18 10:48	d473b802-eb5f-11e7-8ccc-5944bc... c26a2c5f6154225e8d83c4000306f162 VirusTotal Malware				1.0	M	35	ZeroCERT

35368	2022-01-18 10:47	Specification.exe 1f2c47b057a503a97b115699299ab2bd Generic Malware Antivirus DNS AntiDebug AntiVM PE File PE32 .NET EXE powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key DDNS		2		14.2			ZeroCERT

35369	2022-01-18 10:45	1523_1642354220_8989.exe 5828affd59476cc9ac97334a09e8ca50 Generic Malware Malicious Library UPX PE File OS Processor Check PE32 PDB unpack itself RCE				1.8	M		ZeroCERT

35370	2022-01-18 10:43	Cube_WW14.bmp 3794abecb036d5e4da931ca90efd707c Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware				1.4	M	31	ZeroCERT