Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
41716	2021-09-09 09:16	0_WFSR.dll.dll c5ac37fbe684e1a02f20aa99e599b266 Malicious Library PE File DLL PE32 VirusTotal Malware unpack itself Windows crashed					2.2		14	ZeroCERT

41717	2021-09-09 09:13	vbc.exe c9ddf1bb09008b98a0a4555724cc6ceb Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself RCE					2.0	M	25	ZeroCERT

41718	2021-09-09 09:12	tik.exe 2436aadd7124bfff17bf344d22a8552f Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut ICMP traffic unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed		2			13.0	M	43	ZeroCERT

41719	2021-09-09 09:09	yarozx.exe 3d63160bc30d8291f27e46ecfe70d38a RAT PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed		1			10.2	M	20	ZeroCERT

41720	2021-09-09 09:09	BIN.exe 4103a2b04ede0d36e5079f6799cdfa14 Admin Tool (Sysinternals etc ...) UPX PE File PE32 VirusTotal Malware RWX flags setting unpack itself DNS crashed		1			4.0	M	31	ZeroCERT

41721	2021-09-09 09:07	ghi.exe fa61d6fc42b8f654ea665c5e9bf35f10 RAT Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows ComputerName Cryptographic key crashed	1 Keyword trend analysis	2	1		10.8	M	41	ZeroCERT

41722	2021-09-09 09:07	svchost.exe fc8ce0eb1a60a03e0b167b680af1625d Generic Malware PE File PE32 VirusTotal Malware suspicious privilege unpack itself Windows DNS keylogger		1			7.4	M	48	ZeroCERT

41723	2021-09-09 09:05	vbc.exe c1785d8700149baeae56390c9d543d7b AgentTesla RAT PWS .NET framework browser info stealer Generic Malware Google Chrome User Data Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection Downloader AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key		4			14.4	M	25	ZeroCERT

41724	2021-09-09 09:05	3_Microsoft.Windows.Applicatio... eba153737466deaebf551beb08a4640a Malicious Library PE File DLL PE32 VirusTotal Malware unpack itself Windows crashed					2.2		13	ZeroCERT

41725	2021-09-09 09:04	linesloters.png ec330c275ef5bc70e187e7d167b03484 Malicious Library AntiDebug AntiVM PE File OS Processor Check PE32 Dridex TrickBot Malware PDB suspicious privilege Code Injection Malicious Traffic buffers extracted RWX flags setting unpack itself Check virtual network interfaces suspicious process IP Check Kovter ComputerName DNS crashed	11 Keyword trend analysis Info http://icanhazip.com/ https://185.56.175.122/rob129/TEST22-PC_W617601.99B3C97B5F99BD1F3B34A1F586177F69/14/user/test22/0/ https://185.56.175.122/rob129/TEST22-PC_W617601.99B3C97B5F99BD1F3B34A1F586177F69/5/file/ https://185.56.175.122/rob129/TEST22-PC_W617601.99B3C97B5F99BD1F3B34A1F586177F69/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/3sJT83o5WJMcS5vFWYdczdMViZ/ https://185.56.175.122/rob129/TEST22-PC_W617601.99B3C97B5F99BD1F3B34A1F586177F69/14/NAT%20status/client%20is%20behind%20NAT/0/ https://179.189.229.254/rob129/TEST22-PC_W617601.99B3C97B5F99BD1F3B34A1F586177F69/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/tHiBidsluI48eG4clGcD6KL/ https://179.189.229.254/rob129/TEST22-PC_W617601.99B3C97B5F99BD1F3B34A1F586177F69/14/path/C:%5CUsers%5Ctest22%5CAppData%5CRoaming%5CAnyLiteGamesFXVN%5Clinesloters.exe/0/ https://182.253.210.130/rob129/TEST22-PC_W617601.99B3C97B5F99BD1F3B34A1F586177F69/5/pwgrabb64/ - rule_id: 3682 https://182.253.210.130/rob129/TEST22-PC_W617601.99B3C97B5F99BD1F3B34A1F586177F69/5/pwgrabb64/ https://185.56.175.122/rob129/TEST22-PC_W617601.99B3C97B5F99BD1F3B34A1F586177F69/14/exc/E:%200xc0000005%20A:%200x00000000771D9A5A/0/ https://185.56.175.122/rob129/TEST22-PC_W617601.99B3C97B5F99BD1F3B34A1F586177F69/10/62/XFNRLHZRPDJ/7/	7	4	1	10.4			ZeroCERT

41726	2021-09-09 09:03	abdcffc9bcf6d5c536c89f879e95ed... 7411bd9a32735dfdeee38ee1f6629a7f Malicious Library PE File OS Processor Check PE32 DLL VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder sandbox evasion IP Check Tofsee ComputerName	6 Keyword trend analysis Info http://ip-api.com/json/?fields=8198 http://crl.identrust.com/DSTROOTCAX3CRL.crl http://x1.c.lencr.org/ https://a.goatgame.co/userf/dat/2201/sqlite.dat - rule_id: 4651 https://a.upstloans.net/report7.4.php - rule_id: 4649 https://a.goatgame.co/userf/dat/sqlite.dll - rule_id: 4717	13 Info google.vrthcobj.com(34.97.69.225) - mailcious a.goatgame.co(104.21.79.144) - malware a.upstloans.net(172.67.179.248) - mailcious crl.identrust.com(23.43.165.66) ip-api.com(208.95.112.1) b.upstloans.net(172.67.179.248) - mailcious x1.c.lencr.org(104.76.75.146) 104.21.79.144 - malware 182.162.106.26 104.74.211.103 34.97.69.225 - mailcious 208.95.112.1 104.21.31.210 - mailcious	2	3	8.0	M	42	ZeroCERT

41727	2021-09-09 08:54	taSPcCva.rtf 7ddc68d92fe65b2509f16c6a27876347 VirusTotal Malware RWX flags setting					1.4		15	ZeroCERT

41728	2021-09-09 08:51	RFQ-Order_Sheet#43254363-Sept-... 68038cd6686e726c8d5fcfdf5b62d37a Malicious Library PE File PE32 Emotet VirusTotal Malware AutoRuns Code Injection buffers extracted Creates executable files RWX flags setting unpack itself Tofsee Windows crashed	1 Keyword trend analysis	2	1		7.4		40	ZeroCERT

41729	2021-09-09 08:51	Invoice-No.-9004_20210908.xlsb cc064043229bad8f94a41de8a6ce8721 VirusTotal Malware RWX flags setting unpack itself					1.6		5	ZeroCERT

41730	2021-09-08 18:17	nd.exe 63425ec377156298620b9a0c79554172 Buhtrap Group PE File PE32 VirusTotal Malware unpack itself Tofsee crashed	1 Keyword trend analysis	2	2		1.8	M	42	r0d