Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
41746	2021-09-08 10:13	dohcrypted.exe 6d3632abf3c43b6da3bcef47d3343da1 Generic Malware UPX Malicious Packer PE File PE32 VirusTotal Malware RWX flags setting unpack itself AntiVM_Disk VM Disk Size Check					2.8	M	61	ZeroCERT

41747	2021-09-08 10:13	sureboizx.exe c92c0b6795aed0105803141b35b2a31c Generic Malware PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key					1.8	M	21	ZeroCERT

41748	2021-09-08 10:11	DONBUILD.exe 54e4176aa7edcbc7ed79e0080422998e RAT Generic Malware UPX PE File PE32 .NET EXE VirusTotal Malware Buffer PE PDB Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	3	2		4.8	M	17	ZeroCERT

41749	2021-09-08 10:11	topboizx.exe 717e06c7704f3f9ea2307879791ace04 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					10.8	M	22	ZeroCERT

41750	2021-09-08 10:09	DLT_85620000107.exe 18ca3863bfd1ea32400b29d56e2fdf1f PWS .NET framework Generic Malware Antivirus AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut ICMP traffic unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed	8 Keyword trend analysis Info http://www.bloombathbombs.com/wdhc/ http://www.xn--i1b6ewaaie7gm.com/wdhc/?XRm0zD6x=0LiCscd4a7tI1zgKVF8S+rUGSV/54ZmkWb1WgMQi+fSgg1lYhx/FQ5t44sMewl7CbCPqX6d4&V4=CXFL6 http://www.ez-skin.com/wdhc/?XRm0zD6x=hHcB1VF6gDirRlefmXVbqwZcvdb0sQI2CijSGZ0QjQGvt1HSnIQLaIN/81JJPY4ZtN7YRgzA&V4=CXFL6 http://www.webtinchap.com/wdhc/ http://www.ez-skin.com/wdhc/ http://www.xn--i1b6ewaaie7gm.com/wdhc/ http://www.bloombathbombs.com/wdhc/?XRm0zD6x=Es2RL7ETYJMjLsjERN1lcxAyqHM3gPvC7jfKXp5P0BAnxIVDyWZz5xeNY17RRs6Z+z5zNg1k&V4=CXFL6 http://www.webtinchap.com/wdhc/?XRm0zD6x=OWqWFeXUvcYjnVbfh3wKs9xVY9LZ1xcjdI/DmFSv+ONwutCEFIA/Zdh+BBdL9yWKptOZcTg1&V4=CXFL6	13 Info www.webtinchap.com(172.217.175.83) www.ez-skin.com(23.227.38.74) www.toyotadongthap.com() dns.google(8.8.4.4) www.bloombathbombs.com(23.227.38.74) time.google.com(216.239.35.4) www.mygahannaohhomes.com() www.xn--i1b6ewaaie7gm.com(34.98.99.30) www.thefundraisingguru.com() 142.250.204.115 23.227.38.74 - mailcious 216.239.35.0 34.98.99.30 - phishing	1		13.0		14	ZeroCERT

41751	2021-09-08 10:09	update365_0831042.exe 00d86a679c41b1dbe1b5de1926cf771a RAT Generic Malware Antivirus PE File PE32 .NET EXE VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process Windows ComputerName Cryptographic key					5.0	M	22	ZeroCERT

41752	2021-09-08 10:07	bankzx.exe 604eadeb6c2ff6e10801d33156daff00 PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key	1 Keyword trend analysis	4	2		10.0	M	36	ZeroCERT

41753	2021-09-08 10:06	judecrypted.exe d1afdf5f45a0fe6b6629f82c19e178d1 PE File PE32 VirusTotal Malware Tofsee	1 Keyword trend analysis	2	2		1.0	M	30	ZeroCERT

41754	2021-09-08 10:04	0n1y_53r10u5.exe 1a077c94c3eb2f099100f3bb12315334 Themida Packer Anti_VM PE File PE32 VirusTotal Malware unpack itself Windows utilities Checks Bios Detects VirtualBox Detects VMWare WriteConsoleW VMware anti-virtualization Windows ComputerName Firmware crashed					6.6	M	40	ZeroCERT

41755	2021-09-08 10:02	kernel.exe 8c4b4ab56eb5d879334e5f92ed70ecc3 RAT Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows ComputerName Cryptographic key crashed	1 Keyword trend analysis	2	1	1	10.4	M	28	ZeroCERT

41756	2021-09-08 10:02	vbc.exe dad20c2f942a638d3d556961f92af143 PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key	6 Keyword trend analysis Info http://www.mercurydatas.com/24ng/?EZUTzDu=73RKxnoEEGPHaiqYHtD+jTsNxYvkw6Ei3DrZaFJsPwj3AJHixVrZdfXfQY48NHPO2bpqzq2Z&DzrLW=VBZtT4dPwd244h - rule_id: 4594 http://www.sunshineenergyind.com/24ng/?EZUTzDu=35iWi52lGojBS87VvIGnpLKhNq28n3UubyUFC8niPWNy7gVZgtz7k+ypAgcpiko10aWgDcvJ&DzrLW=VBZtT4dPwd244h http://www.myfreezic.com/24ng/?EZUTzDu=YF1kztGDlRJpsfA9HLEjfHWM3KfZfu6pVivDrAZmlPi8ADA1cW10jKFzSf6SS65dyB8FAXy7&DzrLW=VBZtT4dPwd244h - rule_id: 4978 http://www.getzlppi.com/24ng/?EZUTzDu=L5LGxFrJmFFW7+IY9g8iVUirVSu4fjeQj90+j0oTYvKK8rEJklo6J2dxJua7XjT6OpHJ/fPt&DzrLW=VBZtT4dPwd244h - rule_id: 4824 http://www.brightstarqr.com/24ng/?EZUTzDu=8v1BaeXDdHouIcyDdFDGzu6REvBUz6OB3JNjO8R+mAtpk36d8yYIQhxbWZgde9Q6oLtpMRoQ&DzrLW=VBZtT4dPwd244h - rule_id: 4826 http://www.inanavcifitnessclub.com/24ng/?EZUTzDu=7B/mxEe684X+Fe8GJ5WQJKEToqxOKLoYRHSlnqT22Suhy7fkAEyyqsV6IsAMnECK+ppvVgFJ&DzrLW=VBZtT4dPwd244h - rule_id: 4825	16 Info www.jogiyoga.support() www.brightstarqr.com(54.157.58.70) www.mercurydatas.com(91.194.91.202) www.tonailcure.icu() www.equltycol.com() www.operationbuy.com() www.getzlppi.com(34.102.136.180) www.sunshineenergyind.com(99.83.154.118) www.inanavcifitnessclub.com(209.99.40.222) www.myfreezic.com(103.139.0.32) 103.139.0.32 - mailcious 209.99.40.222 - mailcious 18.205.36.100 99.83.154.118 - mailcious 34.102.136.180 - mailcious 91.194.91.202 - mailcious	2	5	8.0	M	30	ZeroCERT

41757	2021-09-08 09:59	apines.exe 5dc89acaae4edda1b0519ff9657b763a Malicious Library PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself RCE					2.2	M	33	ZeroCERT

41758	2021-09-08 09:59	enumusers0904.exe 109c2133f17fa4e495f63c99429835f9 UPX PE File PE32 VirusTotal Malware Check memory WriteConsoleW					3.0	M	38	ZeroCERT

41759	2021-09-08 09:58	rrrem.exe c4ffb0ae8bc377ff6062360971fb1037 AgentTesla RAT PWS .NET framework browser info stealer Generic Malware Google Chrome User Data UPX Antivirus Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection Downloader AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware powershell Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut ICMP traffic unpack itself powershell.exe wrote suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS Cryptographic key crashed		11			14.4	M	17	ZeroCERT

41760	2021-09-08 09:56	BLT-750108002.exe 4e3f9aaa521bd82e3b2902d528e51685 RAT PWS .NET framework Generic Malware UPX Antivirus AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware powershell Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut ICMP traffic RWX flags setting unpack itself powershell.exe wrote suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key crashed		10			12.2	M	28	ZeroCERT