Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	Zero	VT	Player
35401	2022-01-20 11:29	peterzx.exe 1480bf265b8dd3635c93eff4633f8847 RAT PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName crashed				9.6	M	41	ZeroCERT

35402	2022-01-20 11:28	2208604999.exe 8f61511977720cdbb365d74f6603d96b RAT Generic Malware PDF AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Windows Browser ComputerName DNS Cryptographic key crashed	6 Keyword trend analysis Info http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip http://trietlongvinhvien.info//.tmb/ID4/2208604999.jpg http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip	4		16.0	M	26	ZeroCERT

35403	2022-01-20 11:27	9127_1642523738_5245.exe ac82210b61c0931e7e429b58b6ffeb14 RedLine stealer[m] AntiDebug AntiVM PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI ICMP traffic unpack itself Collect installed applications Check virtual network interfaces installed browsers check Windows Browser ComputerName Cryptographic key Software crashed	2 Keyword trend analysis	6	1	13.8	M	41	ZeroCERT

35404	2022-01-20 11:24	xms.ps1 e397087edf21ad9da907b595691ce15e Generic Malware Antivirus Malicious Packer Malicious Library UPX PE64 PE File OS Processor Check VirusTotal Cryptocurrency Miner Malware Cryptocurrency powershell AutoRuns suspicious privilege Malicious Traffic Check memory buffers extracted Creates executable files ICMP traffic unpack itself Windows utilities Auto service powershell.exe wrote Check virtual network interfaces suspicious process suspicious TLD WriteConsoleW Firewall state off Windows ComputerName Firmware DNS Cryptographic key		3		14.8	M	21	ZeroCERT

35405	2022-01-20 11:24	7390_1642600879_2389.exe 965e83dcd89fe1e42fa4b620691a354e UPX PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted WMI RWX flags setting unpack itself Collect installed applications Check virtual network interfaces installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		2		11.8	M	29	ZeroCERT

35406	2022-01-20 11:22	sistem.exe_11849.exe d121a4b3c39ae2c993ad5d00a8d69a0b Malicious Library UPX PE File PE32 DLL OS Processor Check suspicious privilege Check memory Creates executable files unpack itself AppData folder sandbox evasion				3.4			ZeroCERT

35407	2022-01-20 10:50	7269_1642536281_9742.exe 22442baf58dbb4e3b03964ffce0de3eb RedLine stealer[m] UPX AntiDebug AntiVM PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Collect installed applications Check virtual network interfaces installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed	3 Keyword trend analysis	8		14.4	M	22	ZeroCERT

35408	2022-01-20 10:47	BYiW5fs7bTwL3dw.exe 575dd0654b98ef57269689581b55952e PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4		13.0	M	46	ZeroCERT

35409	2022-01-20 10:45	askinstall42.exe f0e43f8eb5cae55d90a78a8f24d1abac AgentTesla Gen2 Trojan_PWS_Stealer browser info stealer BitCoin Credential User Data Generic Malware Google Chrome Malicious Packer TEST Malicious Library SQLite Cookie UPX Create Service DGA Socket DNS Internet API Code injection Sniff Audio H Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Checks debugger WMI Creates executable files exploit crash unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW installed browsers check Windows Exploit Browser ComputerName RCE crashed	1 Keyword trend analysis	4	1	10.4	M	41	ZeroCERT

35410	2022-01-20 10:44	setup.exe 77d0c22767db50a05cf0d28a1e53a2e5 Malicious Library UPX PE File OS Processor Check PE32 PDB unpack itself				1.0	M		ZeroCERT

35411	2022-01-20 10:42	435432.exe d1d3db051642c074fe259337fc7b5fc9 RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS crashed		1		9.4	M	23	ZeroCERT

35412	2022-01-20 10:41	images.pdf e28ae2f26a165ab891248f17b064f2e7 Malicious Library UPX PE64 PE File OS Processor Check VirusTotal Malware unpack itself DNS		1		2.4	M	23	ZeroCERT

35413	2022-01-20 10:40	Document_019827736.exe c8ac277fb045754c22f7a349e76b660f PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4		14.0	M	44	ZeroCERT

35414	2022-01-20 10:39	49r4e5lah2sztqb.exe 82ae4ac0c2bfe907f9645b411cef0ab4 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4		14.0	M	46	ZeroCERT

35415	2022-01-20 10:38	rtst1053.exe 7ce07d94af910e6ffd34fa72ae3060a4 Gen2 ASPack Malicious Library UPX PE64 PE File OS Processor Check PE32 Browser Info Stealer VirusTotal Malware PDB Malicious Traffic Check memory Creates executable files Check virtual network interfaces AppData folder AntiVM_Disk sandbox evasion IP Check VM Disk Size Check Browser RCE	3 Keyword trend analysis	4	2	7.4	M	53	ZeroCERT