Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
43516	2021-02-03 14:49	scr.dll 2928f54a3af6cbea7c0d669b246c8bce VirusTotal Malware Malicious Traffic Checks debugger buffers extracted unpack itself malicious URLs DNS	1 Keyword trend analysis	1			4.8	M	35	ZeroCERT

43517	2021-02-03 14:47	svch.exe 2d2df98c3ca178862612a0527503ca5b VirusTotal Malware RWX flags setting unpack itself malicious URLs Tofsee DNS crashed		2	1		4.8	M	37	ZeroCERT

43518	2021-02-03 14:39	proforma.exe 05f8d37087eb2818436f604cea3e5e87 VirusTotal Malware AutoRuns PDB suspicious privilege Check memory Checks debugger WMI unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs WriteConsoleW IP Check Windows ComputerName Cryptographic key crashed keylogger	1 Keyword trend analysis	4	1		10.8	M	47	ZeroCERT

43519	2021-02-03 14:39	Protected Client.vbs 9f969c41db50bac5bf029f83c5456a09 VirusTotal Malware powershell Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut ICMP traffic unpack itself Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Windows Java ComputerName DNS Cryptographic key DDNS keylogger		6	2		16.2	M	8	ZeroCERT

43520	2021-02-03 14:35	ppei.exe ac4cd44715d6bcee3624efeaf5b7b107 VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs ComputerName DNS		1			10.2	M	47	ZeroCERT

43521	2021-02-03 14:35	odinaka.scr b509dff7edd46ff799f8f854d6de3617 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	1 Keyword trend analysis	1		1	14.2	M	39	ZeroCERT

43522	2021-02-03 14:23	licenser.txt.exe edacbd011f5d6d4bd0646ebdff7499ca VirusTotal Malware Buffer PE Malicious Traffic Check memory buffers extracted Creates executable files unpack itself AppData folder malicious URLs Tofsee Windows DNS crashed	4 Keyword trend analysis Info http://redirector.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe http://r7---sn-3u-bh2lz.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe?cms_redirect=yes&mh=Sd&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lz&ms=nvh&mt=1612329375&mv=m&mvi=7&pl=18&shardbypass=yes https://update.googleapis.com/service/update2?cup2key=10:1322616147&cup2hreq=ac01f7a2c251c2866f15c996813e96ee5f7d9eb595388c0690c99723a89081fb https://update.googleapis.com/service/update2	2	4		7.0	M	34	ZeroCERT

43523	2021-02-03 14:22	mii.exe 8315199b3ee08e32cf5d72c94c1827ee VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs ComputerName DNS		1			10.2	M	47	ZeroCERT

43524	2021-02-03 14:13	invoice_45212.doc f05f34a933c910b787d64a63d8514744 Malware Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed		1	5 Info ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		4.4	M		ZeroCERT

43525	2021-02-03 14:11	LFICfpXl.exe 4c656d0392ff282d9081b810eaf750ac Remote Code Execution					0.8	M		ZeroCERT

43526	2021-02-03 14:08	IMG_66307.pdf.exe bb2edd99a1dad9fb9939097093d05d7b VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself malicious URLs Windows DNS Cryptographic key	2 Keyword trend analysis	6			11.4	M	24	ZeroCERT

43527	2021-02-03 14:08	IMG_033847.pdf.exe 355ce5f436f157a68374f43db5fa3aae Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software		1			16.0	M	24	ZeroCERT

43528	2021-02-03 13:21	6lavfdk.exe 77be0dd6570301acac3634801676b5d7 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency MachineGuid Check memory ICMP traffic Collect installed applications malicious URLs sandbox evasion anti-virtualization IP Check installed browsers check Ransomware Browser ComputerName DNS Software	1 Keyword trend analysis	4	1		10.8	M	59	ZeroCERT

43529	2021-02-03 13:19	HoBLAyiLzCsYr1.exe 63e7f1d5aea4b1614282674b825a8755 Remote Code Execution					0.8	M		ZeroCERT

43530	2021-02-03 13:12	hkcmd.exe 5856fcb7ac7eb1fc802340f11b95fb9f VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself suspicious process malicious URLs	4 Keyword trend analysis Info http://www.rizrvd.com/bw82/?DV=AJ+QNFecOlCqC6Mw2IQHABBFVni950JEMBOKB0L9umdbPb2reP+VGKUB+B76IywbLc96v4tpuI6L+8Kj&zbMl=qFe8FTbpGXT048Cp - rule_id: 170 http://www.rizrvd.com/bw82/ - rule_id: 170 http://www.twistedtailgatesweeps1.com/bw82/ http://www.twistedtailgatesweeps1.com/bw82/?DV=kKEA6YlRADARBAvg3KZ9bmPUSI4mVgzFcD+4n/43cuZZWsHaK7WSUQb3y4w9bCImiSvZx+gnlQlACUHf&zbMl=qFe8FTbpGXT048Cp	12 Info www.riggsfarmfenceservices.com() - mailcious www.rumblingrambles.com() - mailcious www.curateherstories.com(34.102.136.180) - mailcious www.rizrvd.com(34.102.136.180) - mailcious www.fundamentaliemef.com(104.238.220.186) - mailcious www.blacksailus.com() - mailcious www.twistedtailgatesweeps1.com(184.168.131.241) www.magiclabs.media(198.49.23.145) - mailcious 104.238.220.186 - mailcious 198.185.159.144 - mailcious 34.102.136.180 - mailcious 184.168.131.241 - mailcious		2	9.0	M	18	ZeroCERT

Submissions

2928f54a3af6cbea7c0d669b246c8bce

2d2df98c3ca178862612a0527503ca5b

05f8d37087eb2818436f604cea3e5e87

9f969c41db50bac5bf029f83c5456a09

ac4cd44715d6bcee3624efeaf5b7b107

b509dff7edd46ff799f8f854d6de3617

edacbd011f5d6d4bd0646ebdff7499ca

8315199b3ee08e32cf5d72c94c1827ee

f05f34a933c910b787d64a63d8514744

4c656d0392ff282d9081b810eaf750ac

bb2edd99a1dad9fb9939097093d05d7b

355ce5f436f157a68374f43db5fa3aae

77be0dd6570301acac3634801676b5d7

63e7f1d5aea4b1614282674b825a8755

5856fcb7ac7eb1fc802340f11b95fb9f

View

Insert

Alert