Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
42841	2021-08-17 07:39	console-play.exe a43be7341e3d13810d20b9e64e329c83 Gen2 Gen1 RAT Generic Malware UPX Malicious Library Malicious Packer Anti_VM PE File OS Processor Check PE32 DLL PNG Format GIF Format .NET DLL PE64 VirusTotal Malware Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities AppData folder AntiVM_Disk VM Disk Size Check Windows ComputerName crashed					5.2	M	21	ZeroCERT

42842	2021-08-16 18:12	One Million British Pounds.pdf 9b4e673fb8467b6dac5c13fff8db4213 PDF VirusTotal Malware Windows utilities Windows	5 Keyword trend analysis Info http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip				2.0		17	ZeroCERT

42843	2021-08-16 17:45	One Million British Pounds.pdf 9b4e673fb8467b6dac5c13fff8db4213 PDF VirusTotal Malware					0.6		17	guest

42844	2021-08-16 17:21	askinstall52.exe ed8353cf1e80cb6afd65dedd1f83071a Gen2 Trojan_PWS_Stealer Credential User Data Malicious Packer UPX Malicious Library SQLite Cookie PE File OS Processor Check PE32 Browser Info Stealer VirusTotal Malware PDB suspicious privilege WMI Creates executable files Windows utilities suspicious process WriteConsoleW installed browsers check Tofsee Windows Browser ComputerName RCE	2 Keyword trend analysis	4	1	1	6.4	M	51	ZeroCERT

42845	2021-08-16 17:20	file1.exe efb3e6929403a295ee9f8a0dfcdd591c RAT Generic Malware Anti_VM UPX PE File OS Processor Check .NET EXE PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key crashed	2 Keyword trend analysis	4	2		9.0	M	26	ZeroCERT

42846	2021-08-16 17:14	fileT.exe b5f49db3a9a421773d2eeade6f52bb33 UPX Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.4		37	ZeroCERT

42847	2021-08-16 17:14	se1.exe 30a64c61e75d116f706c23f451abaca5 Gen1 Gen2 Generic Malware UPX Malicious Library Malicious Packer PDF PE File PE32 PNG Format DLL .NET DLL OS Processor Check VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files ICMP traffic unpack itself AppData folder AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Tofsee Browser ComputerName	4 Keyword trend analysis	4	2		7.2		24	ZeroCERT

42848	2021-08-16 17:13	bin.exe c04f6348e7b59525aa07c2cff05891ce Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	16 Keyword trend analysis Info http://www.77k6tgikpbs39.net/n8ba/ http://www.revenueremedyintensive.com/n8ba/ http://www.backtothesimplethings.com/n8ba/?DbG=xPi5BDAtN164TC5fR/YHv5A7cLya1z2oKd7qTfbpeU/RmLs8x5l99M9VFgsqQjT/mjAeNsxH&QZ0=ehutZJ_xFDE4-J http://www.77k6tgikpbs39.net/n8ba/?DbG=RtTzTU3TYCJ9InQDD9LSAzrYY/u3W4uB/I26NcaQBFhoVTbvwK5wRjd6LNsy02kDp7Xu5STA&QZ0=ehutZJ_xFDE4-J http://www.jwpropertiestn.com/n8ba/ http://www.theredcymbalsco.com/n8ba/ http://www.narrowpathwc.com/n8ba/?DbG=RqoVB/kTevwYNrpQ68VGCKAD0SwVXhGBA25gncTDeHVSc/TtzgJJgXlZbrh2RaVrYM4D7bqC&QZ0=ehutZJ_xFDE4-J http://www.wintonplaceoh.com/n8ba/?DbG=AVTd1ZN4UWfa3pMJYW+9mBRbWrEnsObc4GxuOgTv+oU74bastT2cYQ1nQ05mxdjtjivpiZLt&QZ0=ehutZJ_xFDE4-J http://www.wintonplaceoh.com/n8ba/ http://www.lovebirdsgifts.com/n8ba/ http://www.narrowpathwc.com/n8ba/ http://www.theredcymbalsco.com/n8ba/?DbG=9vokcWjtebBvVvQIm09VADFSZD35cLZafvs2RAD44ecvqP5w34gv75tdUdLM9TjFHQmC7+ER&QZ0=ehutZJ_xFDE4-J http://www.revenueremedyintensive.com/n8ba/?DbG=fjeLxrlSEmxa2v6Iswzjwnp9Wxx3OUlSu0eu4rQFB14R0a5Bf9lkAiD4eJRBXMjz+ES00FjE&QZ0=ehutZJ_xFDE4-J http://www.jwpropertiestn.com/n8ba/?DbG=iMNnVuY89oKM10l9tPU+imZoGlggyOcz8eg49RCofBwHfpsW2i76gWArogbU3aUeVu/gQ7ID&QZ0=ehutZJ_xFDE4-J http://www.backtothesimplethings.com/n8ba/ http://www.lovebirdsgifts.com/n8ba/?DbG=oiX0BtPaohd4yUWgi2fqZtos1OZweULA7b8umTfs2FuW0w1nHJyzCnpMFCunVwxOw3eqbn8k&QZ0=ehutZJ_xFDE4-J	18 Info www.shopliyonamaaghin.net() www.lostbikeproject.com() www.wintonplaceoh.com(198.71.233.107) www.revenueremedyintensive.com(34.102.136.180) www.77k6tgikpbs39.net(103.120.14.249) www.lovebirdsgifts.com(23.227.38.74) www.jwpropertiestn.com(208.91.197.27) www.backtothesimplethings.com(47.245.33.84) www.theredcymbalsco.com(184.168.131.241) www.narrowpathwc.com(182.50.132.242) 198.71.233.107 - mailcious 47.245.33.84 184.168.131.241 - mailcious 208.91.197.27 - mailcious 34.102.136.180 - mailcious 182.50.132.242 - mailcious 23.227.38.74 - mailcious 103.120.14.249	1		7.8	M		ZeroCERT

42849	2021-08-16 17:10	louises.exe b73776df4ad9e9763950e26d35f35311 NPKI RAT Generic Malware Malicious Library UPX DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug AntiVM P Browser Info Stealer FTP Client Info Stealer VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	4	2	1	13.2	M	23	ZeroCERT

42850	2021-08-16 17:10	vbc.exe e62d40e9bd1eeab66cb3c781d543b64f UPX Malicious Library PE File OS Processor Check PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory unpack itself installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .ml Domain ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious .ml Domain ET INFO HTTP Request to a .ml domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		7.4	M	29	ZeroCERT

42851	2021-08-16 17:07	clr.exe 508167b2c34732f05f11f2531b2498a2 NPKI Generic Malware Malicious Packer Anti_VM UPX Malicious Library PE File PE64 VirusTotal Malware unpack itself					1.8		13	ZeroCERT

42852	2021-08-16 17:07	BattingsTruncate_2021-08-15_17... ed55b31cd1e8ce41e33d6fc8bd4540b7 UPX Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.2		24	ZeroCERT

42853	2021-08-16 11:32	LabelTEXT.txt.html 4c5ef42b7b79c802e416448ded85c52b Generic Malware Antivirus AntiDebug AntiVM VirusTotal Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process Windows ComputerName Cryptographic key	1 Keyword trend analysis	1			5.6		15	ZeroCERT

42854	2021-08-16 11:04	LabelTEXT.txt.html 4c5ef42b7b79c802e416448ded85c52b Generic Malware VirusTotal Malware crashed					0.8		15	ZeroCERT

42855	2021-08-16 10:49	fw4.exe e3e9e202fbe8ddff674ab73c728a7c89 UPX Malicious Library PE File OS Processor Check PE32 VirusTotal Malware unpack itself					1.4	M	38	ZeroCERT