Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
42856	2021-08-16 10:46	testingcrypta.exe 69ad94630f3e0bf328ddee4b54e3f057 RAT PWS .NET framework Generic Malware PE File .NET EXE PE32 VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself ComputerName					2.8	M	52	ZeroCERT

42857	2021-08-16 10:45	file.exe 7eb6505eaf18fd1b29a09f3c52a4f678 UPX Malicious Library AntiDebug AntiVM PE File OS Processor Check PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces WriteConsoleW installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	5	2		16.4	M	15	ZeroCERT

42858	2021-08-16 10:42	AcrobatDC.exe aba32a475dcafdf4c6357205803e4cc0 Generic Malware Antivirus AntiDebug AntiVM PE File .NET EXE PE32 Malware download NetWireRC VirusTotal Malware powershell Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files ICMP traffic unpack itself Windows utilities suspicious process WriteConsoleW BitRAT Windows ComputerName Cryptographic key crashed keylogger		4	2		15.8	M	34	ZeroCERT

42859	2021-08-16 10:42	JoSetp.exe 93b71fada8f1a1d612ba00c5e32d76b1 RAT Generic Malware PE File .NET EXE PE32 PE64 AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName					4.8			ZeroCERT

42860	2021-08-16 10:40	unknown.exe c82d1c3b051608e96dc6a2e08612080c RAT PWS .NET framework Generic Malware UPX PE File OS Processor Check .NET EXE PE32 Browser Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName Cryptographic key crashed	2 Keyword trend analysis	4	1	1	5.4	M		ZeroCERT

42861	2021-08-16 10:38	Shtate.txt.ps1 af241c2ca6817d254292dd3e521470fc Generic Malware Antivirus VirusTotal Malware unpack itself WriteConsoleW Windows Cryptographic key					1.2	M	8	ZeroCERT

42862	2021-08-15 13:11	456.exe 39d6ec1892af37c0fd5c5c2ea89ea782 Worm Phorpiex Malicious Packer UPX Malicious Library PE File PE32 VirusTotal Malware AutoRuns PDB Check memory buffers extracted Windows utilities suspicious process AntiVM_Disk WriteConsoleW Firewall state off VM Disk Size Check Windows DNS		6	5 Info ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port) ET INFO Session Traversal Utilities for NAT (STUN Binding Request) ET INFO Session Traversal Utilities for NAT (STUN Binding Response) ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true change port flag true) ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag true)		6.6		34	ZeroCERT

42863	2021-08-15 13:01	flx11.exe aa587896aed2ffa708a0d2f636856034 RAT NPKI Generic Malware Malicious Library UPX DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug AntiVM PE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	4	2		13.6	M	40	ZeroCERT

42864	2021-08-15 13:01	warzone.exe 2c088bc2980ba15e3500f929a7d13019 Ave Maria WARZONE RAT Malicious Packer UPX Malicious Library PE File OS Processor Check PE32 VirusTotal Malware Check memory AntiVM_Disk VM Disk Size Check RCE					2.4	M	56	ZeroCERT

42865	2021-08-15 12:55	140821.exe 625449cacdf5d7e4b0fb8b2e98d5a845 Generic Malware Anti_VM PE File .NET EXE PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key crashed	2 Keyword trend analysis	3	2	1	9.2	M	19	ZeroCERT

42866	2021-08-15 12:54	runvd.exe aa95e1e1d2c37f9a0323f8b9fd07d477 UPX Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.2	M	24	ZeroCERT

42867	2021-08-15 12:52	dcc7975c8a99514da06323f0994cd7... 832f80a11d3c25ff036d5227c9b03d46 UPX Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.0	M	17	ZeroCERT

42868	2021-08-15 12:52	a.exe 627fc88e4e32885ef3eb655f353d3d73 Worm Phorpiex Malicious Packer UPX Malicious Library PE File PE32 VirusTotal Malware AutoRuns PDB Malicious Traffic Check memory buffers extracted Creates executable files Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW Firewall state off VM Disk Size Check Windows DNS	1 Keyword trend analysis	7	9 Info ET INFO Session Traversal Utilities for NAT (STUN Binding Request) ET DROP Spamhaus DROP Listed Traffic Inbound group 25 ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port) ET INFO Session Traversal Utilities for NAT (STUN Binding Response) ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true change port flag true) ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag true) ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		9.2	M	44	ZeroCERT

42869	2021-08-15 12:50	pub1.exe eef819b619f37c1a25eee1b173154760 UPX Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.2	M	25	ZeroCERT

42870	2021-08-15 12:49	nc.exe 20e27f9073210db80a1fc8dea3138a09 UPX Malicious Library PE File PE64 OS Processor Check VirusTotal Malware PDB					1.6	M	32	ZeroCERT