Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	Zero	VT	Player
35371	2022-01-18 10:42	new_etc.exe d07f491116eceea7ea138e02d19bd996 RAT Generic Malware Malicious Packer UPX Antivirus PE64 PE File VirusTotal Malware AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key		3		8.6	M	40	ZeroCERT

35372	2022-01-18 10:40	QUOTATION-693-04 Offer - 17.01... 92c170d431f6791b3ff26d14bdf71894 PWS .NET framework Generic Malware Antivirus DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key		1		14.6		27	ZeroCERT

35373	2022-01-18 10:37	klase.exe d50817149d85f72edd3a9e31a0e47cec RAT PWS .NET framework Generic Malware PE64 PE File VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself ComputerName crashed				3.2	M	42	ZeroCERT

35374	2022-01-18 10:37	vbbnh.exe 017f6137bb09d75043e4e11c378b8857 RAT PWS .NET framework Generic Malware PE64 PE File VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself ComputerName crashed				3.2	M	41	ZeroCERT

35375	2022-01-18 10:36	CONTRACT_INVOICE20220117.pdf.e... 1f7fd908b30b14089fe7c21cd0cfc54c Generic Malware Antivirus DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key		1		15.8		26	ZeroCERT

35376	2022-01-18 10:36	sadas_2.exe 8c3c1de2f59324e6c7b77088a7ef6822 RAT Generic Malware Malicious Packer Antivirus PE64 PE File VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process Windows ComputerName Cryptographic key				6.8	M	38	ZeroCERT

35377	2022-01-18 10:36	tty.exe 2190f0f31c5ea9edcee517b09bd71611 NPKI Generic Malware Antivirus PE64 PE File VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName Cryptographic key				6.4	M	43	ZeroCERT

35378	2022-01-18 10:33	11.exe ae78469c4528062d15635a69c6444f1d Generic Malware PE64 PE File VirusTotal Malware				1.6	M	51	ZeroCERT

35379	2022-01-18 10:33	putty.exe 4d94112c0748ff7b76fc79651f0f00cf Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself				1.6	M	34	ZeroCERT

35380	2022-01-18 10:29	shipping_content_file.jar e3dba28a1ee161da74def4d4417b201e Gen1 NPKI Generic Malware Malicious Library UPX Malicious Packer OS Processor Check MSOffice File PE File PE32 DLL VirusTotal Email Client Info Stealer Malware AutoRuns Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder WriteConsoleW IP Check Windows Java Email ComputerName DNS crashed	2 Keyword trend analysis	11 Info str-master.pw(142.93.110.250) - mailcious objects.githubusercontent.com(185.199.111.133) - malware github.com(52.78.231.108) - mailcious repo1.maven.org(199.232.192.209) ip-api.com(208.95.112.1) 142.93.110.250 - mailcious 15.164.81.167 - malware 151.101.40.209 185.203.118.75 208.95.112.1 185.199.110.133 - malware	1	9.0	M	12	ZeroCERT

35381	2022-01-18 10:26	JcDnYBSKpyfU 10f5439bf6c4a72a845ba8945620bdc3 Malicious Packer Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware Checks debugger ICMP traffic RWX flags setting unpack itself sandbox evasion ComputerName DNS		13 Info 54.38.242.185 - mailcious 191.252.103.16 - mailcious 51.210.242.234 - mailcious 66.42.57.149 - mailcious 185.148.168.220 - mailcious 62.171.178.147 - mailcious 69.16.218.101 - mailcious 104.131.62.48 - mailcious 168.197.250.14 - mailcious 217.182.143.207 - mailcious 37.44.244.177 - mailcious 142.4.219.173 - mailcious 45.138.98.34 - mailcious		6.4		10	ZeroCERT

35382	2022-01-18 10:26	MediaPlayer.exe c07f4cb050b38f534e8ca8cab866fa71 Malicious Library UPX PE File OS Processor Check PE32 PDB unpack itself				0.6			ZeroCERT

35383	2022-01-18 10:19	Service.bmp dabae535097a94f593d5afad04acd5ea Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware Malicious Traffic Check memory buffers extracted suspicious TLD DNS	2 Keyword trend analysis	8	1	4.6	M	47	ZeroCERT

35384	2022-01-18 10:19	lionlee.exe 3bd42085584a11f32b619102c57eba91 Ave Maria WARZONE RAT Generic Malware Malicious Packer Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware MachineGuid Check memory WMI unpack itself AntiVM_Disk VM Disk Size Check ComputerName RCE crashed		2		4.4	M	46	ZeroCERT

35385	2022-01-18 10:17	OLDTEXE.exe b628fc267d7a45f2fc59e9f9ae9a7b26 PWS .NET framework Hide_EXE Generic Malware Antivirus PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process AppData folder Windows ComputerName Cryptographic key				4.8	M	45	ZeroCERT