Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Score	Zero	VT	Player
35536	2022-01-19 09:34	12999000002490152554.xls 0c890caa5574298838e2463f2a9eec1f Generic Malware Antivirus Malicious Packer Malicious Library UPX MSOffice File PE File OS Processor Check PE32 DLL VirusTotal Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Auto service powershell.exe wrote Check virtual network interfaces suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check Interception Windows ComputerName DNS Cryptographic key	5 Keyword trend analysis	38 Info scoute.ai(54.254.177.153) soomaal.softuvo.xyz(112.196.72.188) apps.identrust.com(119.207.65.81) ippur.ufrj.br(146.164.84.216) sarvaero.com(95.111.224.35) wordpress.pixeleyenow.com(210.3.48.214) 51.38.71.0 - mailcious 81.0.236.90 - mailcious 210.3.48.214 45.118.115.99 - mailcious 58.227.42.236 - mailcious 54.254.177.153 104.251.214.46 - mailcious 103.75.201.2 - mailcious 79.172.212.216 - mailcious 203.114.109.124 - mailcious 45.118.135.203 - mailcious 45.176.232.124 - mailcious 182.162.106.32 207.38.84.195 - mailcious 158.69.222.101 - mailcious 51.68.175.8 - mailcious 178.79.147.66 - mailcious 192.254.71.210 - mailcious 103.8.26.102 - mailcious 217.182.143.207 - mailcious 45.142.114.231 - mailcious 185.7.214.7 - mailcious 209.59.138.75 - mailcious 112.196.72.188 - mailcious 131.100.24.231 - mailcious 103.8.26.103 - mailcious 212.237.17.99 - mailcious 178.63.25.185 - mailcious 95.111.224.35 146.164.84.216 46.55.222.11 - mailcious 104.168.155.129 - mailcious	16.6		9	ZeroCERT

35537	2022-01-19 09:33	YOCJA-19842.xlsm e7fa5369947b139f8f5d636791b236b8 Generic Malware Malicious Packer Malicious Library UPX Antivirus PE File OS Processor Check PE32 DLL Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Auto service powershell.exe wrote Check virtual network interfaces suspicious process sandbox evasion WriteConsoleW Interception Windows ComputerName DNS Cryptographic key	3 Keyword trend analysis	16 Info chicagocloudgroup.com(40.114.126.95) - mailcious 54.38.242.185 - mailcious 191.252.103.16 - mailcious 51.210.242.234 - mailcious 66.42.57.149 - mailcious 185.148.168.220 - mailcious 62.171.178.147 - mailcious 69.16.218.101 - mailcious 92.255.57.195 104.131.62.48 - mailcious 168.197.250.14 - mailcious 217.182.143.207 - mailcious 40.114.126.95 - mailcious 37.44.244.177 - mailcious 142.4.219.173 - mailcious 45.138.98.34 - mailcious	17.4			ZeroCERT

35538	2022-01-18 18:29	yyyy.exe 5e22f82de536045419032c6f7d8a366b NSIS Malicious Library UPX PE File PE32 OS Processor Check DLL VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder	15 Keyword trend analysis Info http://www.gledajtv.online/poub/?rByHBJ=WEu+XYmJdXsU67i5ZGxOwwB/1NXHC1DD+cNc/JDDZ0csswUJJOZyZkoGD6irkjdi3oWJ74+3&APcP6V=djI0xT_8YPYT http://www.esloke-1.com/poub/?rByHBJ=C56FyHPkW62/0F94HG1xvbLHdWOZmaAdw/Va4kveEmSHD4uHNji7RY8ztGRe9z3d/TyzRwBG&APcP6V=djI0xT_8YPYT http://www.megdb.xyz/poub/?rByHBJ=qUnoWP75LdCxbsudB8xVV6pjJ/isHCIfJNn75BS+oosKGKXqkR5NHwaIE7MtflkSovNZYr2s&APcP6V=djI0xT_8YPYT http://www.jlg-consulting.net/poub/?rByHBJ=pCHbPKcPdibm0qNbkPOqkdMCV9UKlDcT13WZWMwD7GTxia6yaw2nW/QzYgADwVGwPhsvvSL1&APcP6V=djI0xT_8YPYT http://www.lyetras.com/poub/?rByHBJ=zGJxWy7A1INXY2yWu17ezjgOqrZ8DTjvkiutFIYB3/E7WE0MNuZUc+x9yzAXnek7o8Rz+XMN&APcP6V=djI0xT_8YPYT http://www.solvid.biz/poub/?rByHBJ=N5O/+JOYoK2vkWWsljNEHeLi4Nls66s7n60NsdO5kJfD2nsArU0/TYDMMJO+1WqJp7uqX5f2&APcP6V=djI0xT_8YPYT http://www.cartwheeldesigns.com/poub/?rByHBJ=fPctErIJp7TB80QenfL/MHELk77poc5Eaz6BrUWt1XWyDa8VkP7jHlNrnsVAYWyrzxD0ieOA&APcP6V=djI0xT_8YPYT http://www.prime-spot.store/poub/?rByHBJ=fDncAxjf/WuEuiHgVD8YfbX+qBirojTCYa8YdCI1aGTY8+Zqyou6dT8UIkYOFk21zV88oMg2&APcP6V=djI0xT_8YPYT http://www.totalpopsociety.com/poub/?rByHBJ=lfRl+MBHLig0GassKphsvC9EBLx30WwkT1HxuuEwT2mvSBH7k9Jd+53pr+UGZZOb2fuWyXyw&oZN=6lbLphf0F http://www.instantbookings.space/poub/?rByHBJ=1TKK4lnaxrFwB9BO5Lu5NogG8efLC6Q55tH5vrHd+rI6mWsMSM1oOCFigPJFiUUwrFoDNrB8&APcP6V=djI0xT_8YPYT http://www.yourboxpr.com/poub/?rByHBJ=8maW02J8GKvnK80n/YdtOyqnxZkNn84HwAYMKCftrcBvF/d/WOoP77ntURxSIu9h1g3Gw8VN&APcP6V=djI0xT_8YPYT http://www.pgonline222.online/poub/?rByHBJ=Nk+aN1bRMKhnFo9Hc3+W1QaD58hk5qJIxzMy7wOwfrya9eMMA/EvLfKDNpUUN/aTDFx4dRfE&APcP6V=djI0xT_8YPYT http://www.idoocam.com/poub/?rByHBJ=EoV27gdOwKRSK80YiabSuXcQMKtbyYutxXW9NBlYNq+nnwcf7p7ZglncbEcUHiKh97H757q/&APcP6V=djI0xT_8YPYT http://www.workwithmarym.com/poub/?rByHBJ=d9eOwmdY8Pd76spQA0HvRFA+fuRX1c9i8s4p4xUsR/LACNISNw0oV7gFgw2ZvCf1Yu530Fvi&APcP6V=djI0xT_8YPYT http://www.tcmylg.com/poub/?rByHBJ=6KNzk94yN9ZIqoA5V/Xhfqhc+NUd4+ruUbl6TqcEZ6qDB6mVbKP2eZ0Gcs8a4HAZTy8fubmN&APcP6V=djI0xT_8YPYT	30 Info www.totalpopsociety.com(23.227.38.74) www.jlg-consulting.net(172.217.175.83) www.yourboxpr.com(23.227.38.74) www.cartwheeldesigns.com(74.220.219.13) www.instantbookings.space(34.102.136.180) www.workwithmarym.com(52.71.133.130) www.esloke-1.com(217.160.0.88) www.solvid.biz(172.217.175.83) www.prime-spot.store(23.227.38.74) www.xn--vuqp5fg3jm71ahpf.net() www.tcmylg.com(172.67.176.254) www.lyetras.com(209.142.79.20) www.swangchitmongolsombat.com() www.pgonline222.online(13.251.172.64) www.gledajtv.online(142.250.196.147) www.megdb.xyz(104.21.19.233) www.idoocam.com(154.81.159.67) 104.21.19.233 172.67.176.254 172.217.24.115 209.142.79.20 142.250.207.83 52.71.133.130 - mailcious 74.220.219.13 34.102.136.180 - mailcious 154.81.159.67 142.250.204.51 217.160.0.88 23.227.38.74 - mailcious 13.251.172.64 - mailcious	6.4		20	ZeroCERT

35539	2022-01-18 16:47	invoice.exe 9fca8332a98b2475b8c5243f70ce5058 Darkside Ransomware Cobalt Strike Malicious Library UPX PE File PE32 VirusTotal Malware PDB unpack itself RCE			2.8	M	30	ZeroCERT

35540	2022-01-18 16:46	8879_1642270780_4802.exe 236b3dc043d26a121949e4d5cfb13d1d RedLine stealer[m] Malicious Library UPX AntiDebug AntiVM PE File OS Processor Check PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications Check virtual network interfaces installed browsers check Windows Browser ComputerName Cryptographic key Software crashed	2 Keyword trend analysis	6	12.4	M	29	ZeroCERT

35541	2022-01-18 16:45	645_1642427720_7114.exe 80ea5601dfddd352cad47e20c2e77f86 Malicious Library UPX PE File PE32 VirusTotal Malware PDB unpack itself RCE			2.8	M	31	ZeroCERT

35542	2022-01-18 16:43	Updated_Payments_Statements.li... 8bdf50e9270b6f6e3c461be75999305d Darkside Ransomware Cobalt Strike Generic Malware Antivirus Malicious Library UPX AntiDebug AntiVM GIF Format PE File PE32 OS Processor Check VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted heapspray Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Interception Windows ComputerName DNS Cryptographic key		1	13.6	M	9	ZeroCERT

35543	2022-01-18 16:43	payment.exe fae3f90c433730f1920f947057a90bde Malicious Library UPX PE File OS Processor Check PE32 PDB unpack itself			1.0	M		ZeroCERT

35544	2022-01-18 16:43	9.exe e5b9c0f6e09af4b902ea432a0ccf55e5 UPX PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger RWX flags setting unpack itself sandbox evasion Windows ComputerName RCE DNS Cryptographic key crashed		1	8.0	M	29	ZeroCERT

35545	2022-01-18 15:46	invoice.hta c56e30a3b967a477d4bc2cf74a3e5a52 unpack itself crashed			0.6			ZeroCERT

35546	2022-01-18 15:36	8888_1642260354_4389.exe 7b1fb663b7c0fd28682a0ee052cb9827 Generic Malware PE64 PE File VirusTotal Malware		2	1.4	M	35	ZeroCERT

35547	2022-01-18 15:35	EYe3DEfcw7LCaU6T f977d2d82e01d8c453495502ef834d98 Malicious Packer Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware Checks debugger ICMP traffic RWX flags setting unpack itself sandbox evasion ComputerName DNS		13 Info 54.38.242.185 - mailcious 191.252.103.16 - mailcious 51.210.242.234 - mailcious 66.42.57.149 - mailcious 185.148.168.220 - mailcious 62.171.178.147 - mailcious 69.16.218.101 - mailcious 104.131.62.48 - mailcious 168.197.250.14 - mailcious 217.182.143.207 - mailcious 37.44.244.177 - mailcious 142.4.219.173 - mailcious 45.138.98.34 - mailcious	6.4	M	10	ZeroCERT

35548	2022-01-18 14:06	Athens.dll 61295ca80fbecf05b60915d8f6ce8c31 VMProtect Malicious Library PE64 PE File DLL VirusTotal Malware			1.6		11	ZeroCERT

35549	2022-01-18 14:06	Athens.dll 61295ca80fbecf05b60915d8f6ce8c31 VMProtect Malicious Library PE64 PE File DLL VirusTotal Malware			1.6		11	ZeroCERT

35550	2022-01-18 13:33	Athens.dll 61295ca80fbecf05b60915d8f6ce8c31 VMProtect Malicious Library PE64 PE File DLL VirusTotal Malware			1.6		11	JYC