Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
41671	2021-09-10 17:24	vbc.exe 09abff7fd37311b306d557540ecbb5c0 Malicious Packer PE File PE32 VirusTotal Malware unpack itself Tofsee crashed	1 Keyword trend analysis	2	2	1.8	M	36	ZeroCERT

41672	2021-09-10 17:22	tlogs.exe acce458c80680c29571dd40ced566af1 Themida Packer UPX Antivirus Anti_VM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces suspicious TLD VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed	2 Keyword trend analysis	7	1	12.6	M	36	ZeroCERT

41673	2021-09-10 17:20	readytunes.png 40932e7f31ad53c47c03592a1de47151 Malicious Library PE File OS Processor Check PE32 Dridex TrickBot Malware PDB suspicious privilege Malicious Traffic buffers extracted unpack itself Check virtual network interfaces suspicious process IP Check Kovter ComputerName DNS crashed	7 Keyword trend analysis Info http://wtfismyip.com/text https://185.56.175.122/rob130/TEST22-PC_W617601.F23B783DDF38DBB86097125BBF17EB14/14/exc/E:%200xc0000005%20A:%200x0000000077919A5A/0/ https://185.56.175.122/rob130/TEST22-PC_W617601.F23B783DDF38DBB86097125BBF17EB14/14/path/C:%5CUsers%5Ctest22%5CAppData%5CRoaming%5CAnyLiteGamesYX5S%5Creadytunes.exe/0/ https://185.56.175.122/rob130/TEST22-PC_W617601.F23B783DDF38DBB86097125BBF17EB14/5/file/ https://185.56.175.122/rob130/TEST22-PC_W617601.F23B783DDF38DBB86097125BBF17EB14/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/3r3r57PfZRZnF5NBVnVbZZp15X9911N/ https://185.56.175.122/rob130/TEST22-PC_W617601.F23B783DDF38DBB86097125BBF17EB14/14/NAT%20status/client%20is%20behind%20NAT/0/ https://185.56.175.122/rob130/TEST22-PC_W617601.F23B783DDF38DBB86097125BBF17EB14/14/user/test22/0/	6	4	6.6			ZeroCERT

41674	2021-09-10 17:20	tgrewads.exe 268d55d7e322a47435b83d71d3610f81 PE File OS Processor Check PE32 VirusTotal Malware				0.6		12	ZeroCERT

41675	2021-09-10 10:29	Documents new.xlsb e2c5c7d099745fa74d4653b6d49338d2 Excel Binary Workbook file format(xlsb) VirusTotal Malware Creates executable files unpack itself suspicious process		1		3.6		23	r0d

41676	2021-09-10 10:27	App description.docx 6f194654557e1b52fb0d573a5403e4b1 Word 2007 file format(docx) Vulnerability VirusTotal Malware unpack itself		1		2.8		32	r0d

41677	2021-09-10 09:44	Documents new.xlsb e2c5c7d099745fa74d4653b6d49338d2 VirusTotal Malware Creates executable files RWX flags setting unpack itself suspicious process	1 Keyword trend analysis	1		4.0		23	ZeroCERT

41678	2021-09-10 09:42	App description.docx 6f194654557e1b52fb0d573a5403e4b1 VirusTotal Malware RWX flags setting unpack itself	1 Keyword trend analysis	1		2.6		32	ZeroCERT

41679	2021-09-10 09:41	OvtUb.exe 091a569b997f6e2803119b16fe692dd1 Gen2 UPX Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself ComputerName				1.8		12	ZeroCERT

41680	2021-09-10 09:31	vbc.exe 00ad2714d8e0969242bbeedc2ab765cb RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) DNS AntiDebug AntiVM PE File .NET EXE PE32 GIF Format VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces AppData folder AntiVM_Disk VM Disk Size Check human activity check Tofsee Windows ComputerName Cryptographic key crashed	1 Keyword trend analysis	5	1	14.8	M	22	ZeroCERT

41681	2021-09-10 09:28	Alfanewfile2.exe 9292d5a461d54bde94066b1854ce0bc4 Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself RCE				2.0	M	23	ZeroCERT

41682	2021-09-10 09:28	file.exe e74e8f9adb0df482c191aa372d520587 Darkside Ransomware Cobalt Strike Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself				1.8	M	28	ZeroCERT

41683	2021-09-10 09:26	vbc.exe cc4e312c146a18762fbdb160af306aef RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key				7.2	M	30	ZeroCERT

41684	2021-09-10 09:26	vbc.exe 9c6ece683bf50fca8e4cb1e98cca288e Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself DNS		1		2.6	M	35	ZeroCERT

41685	2021-09-10 09:24	svchost.exe 63eab98c58513c72bb16222502d07f0b NPKI Process Kill UPX Malicious Library FindFirstVolume CryptGenKey Malicious Packer PE File OS Processor Check Device_File_Check PE32 PE64 VirusTotal Cryptocurrency Miner Malware Cryptocurrency suspicious privilege Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows Tor ComputerName DNS		7	8 Info ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 390 ET TOR Known Tor Exit Node Traffic group 26 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 26 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 386 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 201 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 638 ET POLICY TLS possible TOR SSL traffic ET POLICY Cryptocurrency Miner Checkin	6.2	M	30	ZeroCERT