Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
41686	2021-09-10 09:14	InterviewScheduler.exe ee8c3bbddd0f11aed64ca4d3ae167da8 Generic Malware Malicious Packer UPX Malicious Library PE File PE64 VirusTotal Malware crashed					2.0	M	10	ZeroCERT

41687	2021-09-10 09:14	falsh%20update!.exe 8562340b6ba907f77a6beb7b3a297fd5 Gen2 Malicious Library PE File PE64 OS Processor Check VirusTotal Malware Check memory Checks debugger RCE DNS		1			4.0	M	8	ZeroCERT

41688	2021-09-10 09:10	0909_3451428758904.doc 3ee23248727895122d5f3d43fb3b3813 Generic Malware VBA_macro MSOffice File GIF Format Malware Malicious Traffic Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Check virtual network interfaces IP Check ComputerName	2 Keyword trend analysis	4	1		7.4			guest

41689	2021-09-10 09:04	0909_2427575404904.doc 167b1314b18f45b5bb79bcc6f975a822 Generic Malware VBA_macro MSOffice File GIF Format Malware Malicious Traffic Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Check virtual network interfaces suspicious TLD IP Check ComputerName	2 Keyword trend analysis	4	1		7.8			guest

41690	2021-09-10 09:01	ACH Payment advice.xls 32c5a46b56efa1bf2f1725e010a2fc60 AgentTesla browser info stealer Generic Malware VBA_macro Google Chrome User Data Antivirus Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection ScreenShot Downloader AntiDebug AntiVM MSOffice File VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI heapspray Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows Java ComputerName DNS Cryptographic key DDNS keylogger	2 Keyword trend analysis	6	3	1	19.0	M	16	ZeroCERT

41691	2021-09-10 03:40	PolarisBiosEditor.exe 450d54f0dfae9bf0d947142bd2043345 Generic Malware PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself ComputerName					3.0		34	guest

41692	2021-09-09 21:18	court.docx 55998cb43459159a5ed4511f00ff3fc8 VirusTotal Malware RWX flags setting					2.0		29	ZeroCERT

41693	2021-09-09 21:15	CSD_AppLaunch.exe 039c162d7fcd8640b337173e323f94d8 RAT Generic Malware PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself					1.4		4	ZeroCERT

41694	2021-09-09 21:10	detalhes_atualizacao.doc a02cfacbf32e9ff66464de27faa58543 VBA_macro Generic Malware Antivirus MSOffice File VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut RWX flags setting unpack itself suspicious process Windows ComputerName DNS Cryptographic key		1			10.0		34	ZeroCERT

41695	2021-09-09 20:27	linesloters.png 03328209b7e90eb369be9ea61e397fce Malicious Library AntiDebug AntiVM PE File OS Processor Check PE32 Dridex TrickBot VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic buffers extracted RWX flags setting unpack itself Check virtual network interfaces suspicious process IP Check Kovter ComputerName DNS crashed	12 Keyword trend analysis Info http://checkip.amazonaws.com/ https://105.27.205.34/rob129/TEST22-PC_W617601.F97E9F96FBBCAFF12D1BFF629355E03B/5/pwgrabc64/ - rule_id: 5031 https://75.176.235.182/rob129/TEST22-PC_W617601.F97E9F96FBBCAFF12D1BFF629355E03B/5/pwgrabb64/ https://181.129.167.82/rob129/TEST22-PC_W617601.F97E9F96FBBCAFF12D1BFF629355E03B/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/LbVFVPVfb5LZ5LHJthlplTtHtr/ https://128.201.76.252/rob129/TEST22-PC_W617601.F97E9F96FBBCAFF12D1BFF629355E03B/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/qCnOnFqZFemSxYDtFyOhK0/ https://179.189.229.254/rob129/TEST22-PC_W617601.F97E9F96FBBCAFF12D1BFF629355E03B/14/user/test22/0/ - rule_id: 5030 https://179.189.229.254/rob129/TEST22-PC_W617601.F97E9F96FBBCAFF12D1BFF629355E03B/5/file/ - rule_id: 5030 https://128.201.76.252/rob129/TEST22-PC_W617601.F97E9F96FBBCAFF12D1BFF629355E03B/14/path/C:%5CUsers%5Ctest22%5CAppData%5CRoaming%5CAnyLiteGames1UKR%5Clinesloters.exe/0/ https://179.189.229.254/rob129/TEST22-PC_W617601.F97E9F96FBBCAFF12D1BFF629355E03B/14/exc/E:%200xc0000005%20A:%200x0000000077919A5A/0/ - rule_id: 5030 https://179.189.229.254/rob129/TEST22-PC_W617601.F97E9F96FBBCAFF12D1BFF629355E03B/14/NAT%20status/client%20is%20behind%20NAT/0/ - rule_id: 5030 https://179.189.229.254/rob129/TEST22-PC_W617601.F97E9F96FBBCAFF12D1BFF629355E03B/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/VPl9TPtfLZnjvttj5LTTZzTF/ - rule_id: 5030 https://181.129.167.82/rob129/TEST22-PC_W617601.F97E9F96FBBCAFF12D1BFF629355E03B/10/62/UCMKGRRKSBMWO/7/	8	3	6	10.8	M	29	ZeroCERT

41696	2021-09-09 20:03	Protected Client.js b2c47a2918eef35baf623e2e42c5b694 AgentTesla browser info stealer Generic Malware Google Chrome User Data Antivirus Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection ScreenShot Downloader AntiDebug AntiVM Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI heapspray Creates shortcut ICMP traffic unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows Java ComputerName DNS Cryptographic key DDNS keylogger	1 Keyword trend analysis	6	3		17.0	M		ZeroCERT

41697	2021-09-09 20:02	Documents new.xlsb e2c5c7d099745fa74d4653b6d49338d2 VirusTotal Malware Creates executable files RWX flags setting unpack itself suspicious process	1 Keyword trend analysis	1			4.0		25	ZeroCERT

41698	2021-09-09 16:36	mix07092.exe ceee3b5981e743a66cd818320564298f Themida Packer Anti_VM PE File .NET EXE PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key crashed	1 Keyword trend analysis	3	1		10.2	M	33	ZeroCERT

41699	2021-09-09 16:34	lv.exe 25a6cb0f02405cdb54aef3696a91d405 Gen1 Gen2 Themida Packer Generic Malware Malicious Library Malicious Packer PE File PE32 DLL PE64 VirusTotal Malware Check memory Creates executable files unpack itself Checks Bios Detects VMWare AppData folder VMware anti-virtualization Windows Firmware crashed					6.8	M	39	ZeroCERT

41700	2021-09-09 16:33	ChairSyllabuses_2021-09-04_05-... 56bf0659c6d08974d34baa2a8206524e Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.2	M	42	ZeroCERT