Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
44671	2021-06-16 09:03	CRTbrowser.exe dcfbe1432bfb588cec075420669d248d AsyncRAT backdoor PWS .NET framework PE File .NET EXE PE32 VirusTotal Malware Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces suspicious TLD Tofsee	1 Keyword trend analysis	2	1	3.6		49	ZeroCERT

44672	2021-06-16 08:54	3306.exe 369af7277751019de4e0a12b294d24de Gh0st RAT Malicious Packer PE File PE32 VirusTotal Malware AutoRuns sandbox evasion Windows				3.6	M	61	r0d

44673	2021-06-16 08:13	svchost.exe 6572076bc21603b0612703e4dd2e1f67 Generic Malware Admin Tool (Sysinternals Devolutions inc) Malicious Packer PE File PE32 VirusTotal Malware RWX flags setting unpack itself				2.0	M	40	r0d

44674	2021-06-15 22:25	svchost.exe 6572076bc21603b0612703e4dd2e1f67 PE File PE32 VirusTotal Malware RWX flags setting unpack itself DNS				2.4	M	35	ZeroCERT

44675	2021-06-15 22:23	vbc.exe bd75edbd6e80ceb4ebf356cda78263f1 AsyncRAT backdoor PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed		1		9.6		21	ZeroCERT

44676	2021-06-15 22:20	3306.exe 369af7277751019de4e0a12b294d24de PE File PE32 Malware download VirusTotal Malware GhostRAT AutoRuns sandbox evasion Windows Backdoor DNS		1	2	4.2	M	61	ZeroCERT

44677	2021-06-15 22:18	win32.exe a16db782cfe5e230ebf096ca3ff78037 AsyncRAT backdoor PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key				8.0	M	22	ZeroCERT

44678	2021-06-15 22:16	bmw.exe f7bd49ac1e676db8c9f2e3bbd5b03a75 PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows DNS crashed				3.2		25	ZeroCERT

44679	2021-06-15 22:13	o.wbk 3b434e413f2d01c57af401e14b87336e RTF File doc AntiDebug AntiVM Malware download VirusTotal Malware MachineGuid Malicious Traffic Checks debugger exploit crash unpack itself Windows Exploit DNS crashed	1 Keyword trend analysis	1	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.8	M	27	ZeroCERT

44680	2021-06-15 22:11	covid.exe 74084608256e6e4c3434d17217d0993a Generic Malware Malicious Packer PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows RCE DNS crashed				3.8	M	51	ZeroCERT

44681	2021-06-15 22:10	ReferenciaCorreios798.msi 8a2af0e991663612e3569de186ec4ee7 Gen2 Antivirus OS Processor Check MSOffice File suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName				1.8			ZeroCERT

44682	2021-06-15 21:29	Document 81161221.xls d65c8d73d13ed5d4f2973631101c4b34 VBA_macro Generic Malware MSOffice File VirusTotal Malware unpack itself Tofsee DNS	10 Keyword trend analysis Info https://ptti.dexsandbox.com/wp-content/plugins/all-in-one-wp-migration-unlimited-extension/lib/controller/1I68ugOo4iMen.php https://ibnbatutta.pk/POS/scss/icons/weather-icons/css/Kn0LIwp9kdA7G.php https://goodiesmariage.e-m2.net/wp-content/themes/a-one/woocommerce/global/pV8mYVETWrj.php https://zankzakartigosesportivos.com.br/loja/wp-includes/SimplePie/Content/Type/3sLExhiYtVuTS.php https://indusautomobile.com/products/products_files/cyHU7pVS.php https://dev1.naturalgraphic.hu/wp-content/plugins/contact-form-7/includes/css/AelYw0GmG44Zz.php https://mobile-landing.ishr.co.in/wp-content/plugins/widgetkit-for-elementor/vendor/appsero/4vab4JkBLp.php https://event.cyberwoodz.site/wp-includes/js/tinymce/plugins/charmap/sWefpNQap.php https://highend.pk/wp-content/plugins/goodlayers-core-twitter/twitteroauth/src/cCNoEJ4wXkpJ.php https://test.amarcampus24.com/Facebook/HttpClients/certs/BO2MhgW1.php	18 Info indusautomobile.com(18.136.132.202) zankzakartigosesportivos.com.br(191.252.106.110) ibnbatutta.pk(18.136.132.202) highend.pk(18.136.132.202) test.amarcampus24.com(95.216.103.165) mobile-landing.ishr.co.in(164.52.201.122) goodiesmariage.e-m2.net(94.124.84.11) dev1.naturalgraphic.hu(87.229.72.45) ptti.dexsandbox.com(70.32.93.146) event.cyberwoodz.site(119.18.54.94) 119.18.54.94 95.216.103.165 - phishing 94.124.84.11 - mailcious 70.32.93.146 - mailcious 164.52.201.122 - mailcious 191.252.106.110 - mailcious 87.229.72.45 - mailcious 18.136.132.202 - phishing	4	4.0		30	ZeroCERT

44683	2021-06-15 21:29	dra.exe 45efa9779ec5f51bbc501dbb6bbbba3e PE File PE32 DLL FormBook Malware download Malware suspicious privilege Malicious Traffic Check memory Creates executable files ICMP traffic unpack itself AppData folder sandbox evasion	22 Keyword trend analysis Info http://www.hsrinspection.com/m3rc/ http://www.viviangee.net/m3rc/?b6A=Rplm9ZqkocxsD1M2zCYp9ODm03Tc7pnEYF+n5DVW0jtW3LTkfcu4r4feG1BsyNdfxHjYp08N&DbG=_FNHAz http://www.kefeiping.com/m3rc/ http://www.maxitoto.com/m3rc/ http://www.santini7.com/m3rc/ http://www.freelancer.wales/m3rc/?b6A=vL/RHxiiiA6u7g+ZGZfobymAyKebmLvVPY5f78CFbN0fsGmg6D75zafzNEP9qK3SWFVf46aQ&DbG=_FNHAz http://www.labarberiadesamu.com/m3rc/ http://www.doggyfacemask.com/m3rc/?b6A=UXOqYe4yz8Pi0UKgaUgsOC44vhizhugIUR06OG+umyYC3D+36kE8fDkh9IpHC0BszMvOWUcL&DbG=_FNHAz http://www.viviangee.net/m3rc/ http://www.organicdiehards.com/m3rc/ http://www.saniorsterimist.com/m3rc/?b6A=vNvwbHLDs+IaKx0w1Hv/ZWBa+J7PIhB53QsaR9MgcX0xsiI0S4uabBM9pipP375GIXc2+Qx5&DbG=_FNHAz http://www.organicdiehards.com/m3rc/?b6A=7l1dbUSMqiDCPeHOzPCqrsLFP4EMXlU6s3N8gk39dzqxxPEiSmIbwEBw6Wqnn9G2VeHN7XSQ&DbG=_FNHAz http://www.freelancer.wales/m3rc/ http://www.mariozumbo.com/m3rc/ http://www.saniorsterimist.com/m3rc/ http://www.kefeiping.com/m3rc/?b6A=00f7XnZ77eR+ZPoUDpgH5WKnQHYwVtXdSNlA52O0h+x+ojc0ZxK0f0q8uWqAoTov+CMFjoRu&DbG=_FNHAz http://www.labarberiadesamu.com/m3rc/?b6A=DZEGsv+h7s6k44YWTLVCOSGbjGwSX4OmVosSHww9KUAgDGuXS6X+MiKYVeg0pRrBRDIxpZD6&DbG=_FNHAz http://www.mariozumbo.com/m3rc/?b6A=XCXzuKg2k9a+ogKZadqJ9sW19M+mbdj1MLj4Anh+qQwLyFIOTWXYYCXG+329GNYCuWcPru2M&DbG=_FNHAz http://www.doggyfacemask.com/m3rc/ http://www.hsrinspection.com/m3rc/?b6A=6ivwu2O01wZybJFfZW4+p4/n/lkfFnP+AOXcDPKcKPOyCgcVYKILNBaN/8LndKKO88XlZXWQ&DbG=_FNHAz http://www.maxitoto.com/m3rc/?b6A=pnku5hmj8WKU3hkmKLy4HZI7N1i3BR9gbmEPZX4a5A4ZTdSC9okSQVQ4zwXhC6gDMz3rcZyp&DbG=_FNHAz http://www.santini7.com/m3rc/?b6A=FBhqxmBTCormjYJi3gM2ZGbMe05dgsPd8PijTuRmHntLbgLTqp/bgG26o8jehaWERBe+Zble&DbG=_FNHAz	24 Info www.6-8-8-8-8.website() www.labarberiadesamu.com(54.237.120.40) www.kefeiping.com(170.33.9.230) www.doggyfacemask.com(34.102.136.180) www.thelashingladybug.com() www.organicdiehards.com(34.102.136.180) www.viviangee.net(192.0.78.24) www.freelancer.wales(176.74.27.65) www.asconstructionin.com() www.saniorsterimist.com(66.96.162.145) www.danuvia.net() www.maxitoto.com(3.223.115.185) www.santini7.com(18.130.194.62) www.hsrinspection.com(69.167.154.15) www.mariozumbo.com(34.102.136.180) 66.96.162.145 170.33.9.230 54.237.120.40 34.102.136.180 - mailcious 18.130.194.62 176.74.27.65 - mailcious 3.223.115.185 - mailcious 192.0.78.25 - mailcious 69.167.154.15	2	5.0			ZeroCERT

44684	2021-06-15 21:28	imagen01.jpg 793707365df26450bc8642f518a540f0 PE File PE32 PE64 VirusTotal Malware Malicious Traffic buffers extracted Creates shortcut unpack itself Windows utilities suspicious process AntiVM_Disk sandbox evasion VM Disk Size Check Tofsee Windows Tor DNS keylogger	1 Keyword trend analysis	3	4	7.4	M	43	ZeroCERT

44685	2021-06-15 21:23	document-37-1849.xls c41a21a821bcdea1d3ab26ebef055eed MSOffice File VirusTotal Malware Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows	1 Keyword trend analysis	2		6.6		7	ZeroCERT