Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	Zero	VT	Player
35416	2022-01-20 10:37	nuvo.exe 02e260d43fa91e067838b68b19435124 NSIS Malicious Library UPX PE File PE32 DLL VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files ICMP traffic unpack itself AppData folder	1 Keyword trend analysis	5		6.8		36	ZeroCERT

35417	2022-01-20 10:36	mxvo.exe cf89c1b58d036b71b28ca319f81fc851 NSIS Malicious Library UPX PE File PE32 DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger Creates executable files unpack itself AppData folder Windows Browser Email ComputerName Cryptographic key Software crashed keylogger				9.6	M	20	ZeroCERT

35418	2022-01-20 10:35	cuvo.exe b0fd06d3d98801c819d319e2238b4759 NSIS Malicious Library UPX PE File PE32 DLL VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder DNS	3 Keyword trend analysis Info http://www.jcaemporium.com/h4d0/?wPT=L3pPXGwen6pUYqPQQzYWToOcKquCpzTTtO2KnW63IwMfvgU4mYIynbpZCQ8VDuD/YG4mjj7Y&oZN=6lSdIlC8F - rule_id: 10576 http://www.aztrac.net/h4d0/?wPT=ZVnDutH8K8qydZ0l7hGi48FKIHwGumJASDU+BHUJokYrxh0mKqpLv8VGpZshoRDaAeLTGE0I&oZN=6lSdIlC8F http://www.voxelsoxx.xyz/h4d0/?wPT=7yYhM5+3jNdjx4UR/iAJ2qbq7KguY9UwJKRriv7N9UN1WJGKJ2USdF0wPLLxZ6j7zHkWcMk1&oZN=6lSdIlC8F - rule_id: 10553	8	2	6.4	M	25	ZeroCERT

35419	2022-01-20 10:34	6163_1642543802_3593.exe 52d9de1b02eed8ce15b8ad55814aca24 RedLine stealer[m] AntiDebug AntiVM PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1		12.0	M	29	ZeroCERT

35420	2022-01-20 10:33	nazi.exe 2559e97c13e731d9f37b1630dff2bb1e Generic Malware PE64 PE File VirusTotal Malware DNS		1		2.2	M	45	ZeroCERT

35421	2022-01-20 10:29	1_update.ps1 6246ca1053e78ea3a0e2490a73a1fd4d Generic Malware Antivirus VirusTotal Malware powershell unpack itself powershell.exe wrote WriteConsoleW Windows Cryptographic key				2.0		12	guest

35422	2022-01-20 10:29	sharefolder.exe 3cfeb69b9157e9219d222c601f0fbd4b njRAT Generic Malware UPX PE File PE32 .NET EXE VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself DNS		2		3.4	M	31	ZeroCERT

35423	2022-01-20 10:28	1466350393404834.exe 8b86e421aeff872640274b9ab7bfe646 RAT Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	3 Keyword trend analysis	6		15.6	M	32	ZeroCERT

35424	2022-01-20 10:26	damianozx.exe ff4a25eead2b9059d8daaf8dc914307e RAT PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName crashed				9.4	M	39	ZeroCERT

35425	2022-01-20 10:25	V2LD0vsK5Gg50dHb 397fbe9df87a5fa046c2273f3c17e38d emotet Malicious Packer Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware Malicious Traffic Checks debugger ICMP traffic RWX flags setting unpack itself sandbox evasion ComputerName RCE DNS	1 Keyword trend analysis	30 Info 51.38.71.0 - mailcious 81.0.236.90 - mailcious 178.63.25.185 - mailcious 45.118.115.99 - mailcious 58.227.42.236 - mailcious 104.251.214.46 - mailcious 103.75.201.2 - mailcious 79.172.212.216 - mailcious 176.104.106.96 - mailcious 203.114.109.124 - mailcious 45.118.135.203 - mailcious 45.176.232.124 - mailcious 207.38.84.195 - mailcious 158.69.222.101 - mailcious 51.68.175.8 - mailcious 178.79.147.66 - mailcious 103.8.26.103 - mailcious 103.8.26.102 - mailcious 217.182.143.207 - mailcious 45.142.114.231 - mailcious 216.158.226.206 - mailcious 209.59.138.75 - mailcious 131.100.24.231 - mailcious 192.254.71.210 - mailcious 212.237.56.116 - mailcious 212.237.17.99 - mailcious 173.212.193.249 - mailcious 50.116.54.215 - mailcious 46.55.222.11 - mailcious 104.168.155.129 - mailcious	1	7.4	M	12	ZeroCERT

35426	2022-01-20 10:23	sfx_123_310.exe 3a6ebd3377afdb9efc2195e7b6a00a69 Malicious Library UPX AntiDebug AntiVM PE File OS Processor Check PE32 DLL VirusTotal Malware PDB Code Injection Checks debugger Creates executable files unpack itself AppData folder RCE				4.6		49	ZeroCERT

35427	2022-01-20 10:23	autosubplayer.exe e3c40b8582665b99c550607b1b6e396e Malicious Library UPX PE File PE32 DLL Check memory Creates executable files unpack itself AppData folder				2.0			ZeroCERT

35428	2022-01-20 10:20	v10044361_1keu.exe a6da86804e0d429def43bbd9c11ca129 UPX PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted WMI RWX flags setting unpack itself Collect installed applications sandbox evasion installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		2		10.4		21	ZeroCERT

35429	2022-01-20 10:20	jENwrgafB7p8NwZ ffd6fae5e42ab50ef3f4bf0c8d9f59a1 emotet Malicious Packer Malicious Library UPX PE File OS Processor Check PE32 DLL Malware Malicious Traffic Checks debugger ICMP traffic RWX flags setting unpack itself sandbox evasion ComputerName RCE DNS	1 Keyword trend analysis	30 Info 51.38.71.0 - mailcious 81.0.236.90 - mailcious 178.63.25.185 - mailcious 45.118.115.99 - mailcious 58.227.42.236 - mailcious 104.251.214.46 - mailcious 103.75.201.2 - mailcious 79.172.212.216 - mailcious 176.104.106.96 - mailcious 203.114.109.124 - mailcious 45.118.135.203 - mailcious 45.176.232.124 - mailcious 207.38.84.195 - mailcious 158.69.222.101 - mailcious 51.68.175.8 - mailcious 178.79.147.66 - mailcious 103.8.26.103 - mailcious 103.8.26.102 - mailcious 217.182.143.207 - mailcious 45.142.114.231 - mailcious 216.158.226.206 - mailcious 209.59.138.75 - mailcious 131.100.24.231 - mailcious 192.254.71.210 - mailcious 212.237.56.116 - mailcious 212.237.17.99 - mailcious 173.212.193.249 - mailcious 50.116.54.215 - mailcious 46.55.222.11 - mailcious 104.168.155.129 - mailcious	1	6.8	M		ZeroCERT

35430	2022-01-20 10:19	.winlogon.exe 9eedecb718c16d02f2482875051ecdec RAT NPKI email stealer Generic Malware TEST Socket DNS Code injection KeyLogger Escalate priviledges Downloader persistence AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer VirusTotal Email Client Info Stealer Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS crashed	1 Keyword trend analysis	3		11.6	M	33	ZeroCERT