Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
44701	2021-06-08 13:21	WXC.exe 35629d91d42d813e3bd6940439fb9ef2 Generic Malware PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization ComputerName DNS					3.0	M	14	ZeroCERT

44702	2021-06-08 13:18	XPP.exe 7faf83341e5db899efe051b69a718045 Generic Malware PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization ComputerName DNS					3.0	M	12	ZeroCERT

44703	2021-06-08 13:15	Pb3Setp.exe ef4cd87768670dbe24f609336ebed7f7 AsyncRAT backdoor PWS .NET framework BitCoin AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder Tofsee Ransomware Windows ComputerName DNS Cryptographic key crashed	8 Keyword trend analysis Info https://iplogger.org/1jE3z7 https://iplogger.org/1vjFz7 https://topnewsdesign.xyz/?user=pb3_1 - rule_id: 1776 https://topnewsdesign.xyz/?user=pb3_2 - rule_id: 1776 https://topnewsdesign.xyz/?user=pb3_3 - rule_id: 1776 https://topnewsdesign.xyz/?user=pb3_4 - rule_id: 1776 https://topnewsdesign.xyz/?user=pb3_5 - rule_id: 1776 https://topnewsdesign.xyz/?user=pb3_6 - rule_id: 1776	6	1	6	15.0	M	23	ZeroCERT

44704	2021-06-08 12:31	Setup2.exe 623c88cc55a2df1115600910bbe14457 Gen2 Emotet AsyncRAT backdoor Generic Malware VMProtect PE File PE32 DLL .NET DLL OS Processor Check GIF Format Browser Info Stealer VirusTotal Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic unpack itself Check virtual network interfaces AppData folder AntiVM_Disk sandbox evasion IP Check VM Disk Size Check installed browsers check Tofsee Browser ComputerName crashed	8 Keyword trend analysis Info http://ol.gamegame.info/report7.4.php - rule_id: 1518 http://iw.gamegame.info/report7.4.php - rule_id: 1517 http://ip-api.com/json/ http://uyg5wye.2ihsfa.com/api/?sid=244033&key=14a21546c007e98b00ef413b26924f80 - rule_id: 1396 http://uyg5wye.2ihsfa.com/api/fbtime - rule_id: 1396 http://ip-api.com/json/?fields=8198 https://iplogger.org/18hh57 https://www.facebook.com/	13 Info iw.gamegame.info(104.21.21.221) - mailcious email.yg9.me(198.13.62.186) - suspicious uyg5wye.2ihsfa.com(88.218.92.148) - mailcious ol.gamegame.info(172.67.200.215) - mailcious iplogger.org(88.99.66.31) - mailcious ip-api.com(208.95.112.1) www.facebook.com(157.240.215.35) 88.99.66.31 - mailcious 172.67.200.215 88.218.92.148 - malware 208.95.112.1 157.240.215.35 198.13.62.186 - suspicious	2	4	11.4	M	48	ZeroCERT

44705	2021-06-08 12:29	file6.exe f3ffc2d2687032af9b489438f51cc484 PWS .NET framework PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Tofsee Windows DNS Cryptographic key	3 Keyword trend analysis Info http://r2---sn-3u-bh2z7.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=175.208.134.150&mm=28&mn=sn-3u-bh2z7&ms=nvh&mt=1623120979&mv=m&mvi=2&pl=18&rmhost=r6---sn-3u-bh2z7.gvt1.com&shardbypass=yes&smhost=r6---sn-3u-bh2sy.gvt1.com http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe https://update.googleapis.com/service/update2?cup2key=10:1005733331&cup2hreq=dda0a59bb688026faa03c7d250922336e588e1e06e6f8a90db4d467a71650afd	6	3		4.2	M	16	ZeroCERT

44706	2021-06-08 12:29	app.exe f0e0670ed51fa999a58e0efeb03a8b54 Generic Malware Malicious Packer PE File OS Processor Check PE32 Malware PDB Malicious Traffic unpack itself Tofsee Windows RCE DNS crashed	3 Keyword trend analysis Info http://edgedl.me.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe https://update.googleapis.com/service/update2?cup2key=10:3869903145&cup2hreq=b5bb740be31ccef7629e0c1b45c31948a4619778d00020170d1deed9c66f5b6c https://update.googleapis.com/service/update2	5	4		3.8	M		ZeroCERT

44707	2021-06-08 12:25	file8.exe e8a064a89592dd0838137155a048a5a3 AsyncRAT backdoor PE File .NET EXE OS Processor Check PE32 PE64 VirusTotal Malware Malicious Traffic Tofsee Windows DNS crashed	2 Keyword trend analysis	2	4		4.2	M	49	ZeroCERT

44708	2021-06-08 12:24	file7.exe d62aad019ac19432a4e859684dea793e AsyncRAT backdoor PWS .NET framework BitCoin AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces suspicious TLD installed browsers check Tofsee Windows Browser ComputerName Cryptographic key crashed	3 Keyword trend analysis	6	2	1	11.2	M	38	ZeroCERT

44709	2021-06-08 12:22	setup.exe 3150a1bf870aa243738b71875a62c51b Process Kill PE File OS Processor Check PE32 Device_File_Check Browser Info Stealer VirusTotal Malware Malicious Traffic Check memory buffers extracted ICMP traffic Windows utilities suspicious process AppData folder anti-virtualization Tofsee Windows Browser DNS	4 Keyword trend analysis Info http://www.waaer435fc.com/index.php/api/a http://www.waaer435fc.com/index.php/api/fb http://edgedl.me.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe https://update.googleapis.com/service/update2?cup2key=10:1929671218&cup2hreq=c069310cfc1ab8df9c466b265e40c1b95d7f7ef5967930c7bce8b28276cd14bd	4	1		7.2	M	41	ZeroCERT

44710	2021-06-08 12:22	BTQbrowser.exe b12fbbf68290508b870ea4f9d38a25b4 AsyncRAT backdoor PWS .NET framework BitCoin AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Check virtual network interfaces suspicious TLD Tofsee Windows Cryptographic key	1 Keyword trend analysis	4	1	1	10.0	M	28	ZeroCERT

44711	2021-06-08 11:46	ayowa.exe 8b3db2945a73ca4d3ffc48166eaf8d6b PWS .NET framework PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName DNS Cryptographic key Software crashed		1			7.4		30	ZeroCERT

44712	2021-06-08 11:42	Invoice~details012.exe 6cad5773b9830105a0862848919987ce AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself crashed					8.6	M	23	ZeroCERT

44713	2021-06-08 10:50	jooyu.exe aed57d50123897b0012c35ef5dec4184 Gen2 Emotet PE File OS Processor Check PE32 Browser Info Stealer VirusTotal Malware PDB Malicious Traffic Check memory Creates executable files ICMP traffic Check virtual network interfaces AppData folder IP Check Tofsee Browser RCE DNS	6 Keyword trend analysis Info http://uyg5wye.2ihsfa.com/api/?sid=207933&key=e00ce96d56b1d7110bbce62b19af1adf - rule_id: 1396 http://uyg5wye.2ihsfa.com/api/fbtime - rule_id: 1396 http://ip-api.com/json/ https://script.google.com/macros/s/AKfycbyeDUociDSMjODhy_ZapM5zzyoJ3zrch9n5IUJeKIM3UQOEtZs/exec?loc=KR&app=Staoism&payoutcents=0.08&ver=3.5&ip=175.208.134.150 https://iplogger.org/18hh57 https://www.facebook.com/	10	2	2	7.8	M	57	ZeroCERT

44714	2021-06-08 10:49	file22.exe 4b7f05a9dc569f83f9a2aed17d165e29 PE File PE32 RCE					1.4			ZeroCERT

44715	2021-06-08 10:49	JNB.exe 5f4b0a0fc9e6d760a09f5b87826e6212 Generic Malware PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself ComputerName DNS		1			2.4		14	ZeroCERT