Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	VT	Player
40546	2021-10-16 13:08	trend-1804618933.xls 7219c4992a9852eaf8b619b165c17cc7 Downloader MSOffice File RWX flags setting unpack itself suspicious process Tofsee	3 Keyword trend analysis	6	2	4.0		guest

40547	2021-10-16 13:05	trend-1804391448.xls 883e781ec9576dddd2277c73bc0bf26e Downloader MSOffice File RWX flags setting unpack itself suspicious process Tofsee	3 Keyword trend analysis	6	2	4.0		guest

40548	2021-10-16 13:04	New Order.exe ab21627d840ca71be2fd3d2397657a54 AgentTesla(IN) RAT Generic Malware UPX Antivirus Malicious Packer Malicious Library DNS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key DDNS crashed		2	1	15.8		ZeroCERT

40549	2021-10-16 13:03	Hjs~0093876353673-98376536783.... 7d63624fabc2c8179bc4935080fc0604 RAT PWS .NET framework Generic Malware UPX DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS		2	1	15.0	28	ZeroCERT

40550	2021-10-16 13:01	FSD~039876363-30987.Com 6dff455b59af4478e43bf4ef5daa9f6f RAT PWS .NET framework Generic Malware UPX DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW human activity check Windows ComputerName DNS DDNS		2	1	15.4	24	ZeroCERT

40551	2021-10-16 13:01	Deposit Payment.exe c3e635b8e9d4fea44f5c5f9aee4edb3f RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) UPX SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed				13.8		ZeroCERT

40552	2021-10-16 12:58	ADH_Quotation_Sheet-Q202107055... 8b79c77c9736b590089dc899c6129abf RAT Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process human activity check Tofsee Windows DNS Cryptographic key crashed	1 Keyword trend analysis	4	1	13.8	22	ZeroCERT

40553	2021-10-16 12:56	VWT_0397467389948-039874674.ex... eb84b407ad189ab0024269c8ccb42ddb RAT PWS .NET framework Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS		2	1	15.0	26	ZeroCERT

40554	2021-10-16 12:55	SB_09837635673-309873653673.ex... 91f4fb77450caf87383a80bca76af4b9 Gen2 Gen1 Generic Malware Malicious Library UPX DNS AntiDebug AntiVM PE File OS Processor Check PE32 VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process sandbox evasion WriteConsoleW human activity check Windows ComputerName RCE DNS DDNS crashed		2	1	16.4	33	ZeroCERT

40555	2021-10-16 12:54	SMS LOGS.COM 6a4e8dbad4bd58452d15a706ff60bea5 AgentTesla NetWire RAT RAT email stealer browser info stealer Generic Malware Google Chrome User Data Malicious Packer Malicious Library UPX Socket DNS KeyLogger ScreenShot AntiDebug AntiVM PE64 PE File OS Processor Check VirusTotal Malware AutoRuns MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key DDNS		2		10.0	30	ZeroCERT

40556	2021-10-16 12:53	PURCHASE ORDER _467889899098.x... 90a7b2355d1a256a4dc4e72caca1fb35 RAT Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW human activity check Tofsee Windows ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	5	1	16.4	20	ZeroCERT

40557	2021-10-16 12:53	ORIGINAL DOCUMENTS BL, C.I. & ... a0747b376c17728fe2731e9e98d1b017 Gen2 Gen1 Generic Malware Malicious Library UPX Anti_VM AntiDebug AntiVM PE File OS Processor Check PE32 Buffer PE AutoRuns PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious process sandbox evasion Windows RCE crashed				6.2		ZeroCERT

40558	2021-10-16 12:45	New Order List & Specification... 39f59475d4b4672638a90ac2e475cd90 AgentTesla browser info stealer Generic Malware Google Chrome User Data Malicious Library UPX Create Service Socket Code injection Sniff Audio KeyLogger Escalate priviledges Downloader AntiDebug AntiVM PE File OS Processor Check PE32 Buffer PE AutoRuns PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files suspicious process AppData folder sandbox evasion Windows RCE DNS DDNS crashed keylogger		2	1	12.0		ZeroCERT

40559	2021-10-16 12:43	New Order.exe 1c347ce8723c87e82c1d22de5e1fe046 RAT PWS .NET framework Generic Malware Antivirus DNS AntiDebug AntiVM PE File PE32 .NET EXE powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key DDNS crashed		3	1	15.0		ZeroCERT

40560	2021-10-16 12:42	KRSEL000005628644.PNG.scr bd8f7a95d63891f57462cfa5b2179888 Gen2 Gen1 Generic Malware Malicious Library UPX Malicious Packer DNS AntiDebug AntiVM PE File OS Processor Check PE32 VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName RCE DNS DDNS crashed		2	1	15.8	44	ZeroCERT