Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
44881	2021-06-02 17:57	AsyncClient.exe 06bae52519e72b26e8bf335b1910ac49 AsyncRAT backdoor PWS .NET framework PE File .NET EXE OS Processor Check PE32 VirusTotal Malware				1.0	M	39	ZeroCERT

44882	2021-06-02 16:27	http://chek.zennolab.com/proxy... b6dc5502b3a9e484f096210896f467f5 AgentTesla DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	2	2	4.2			조광섭

44883	2021-06-02 14:23	Inv 272590.doc 8566c9b1e8b18b0f23cf21ca5f2d5daf VBA_macro MSOffice File Vulnerability VirusTotal Malware Checks debugger WMI unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName crashed	9 Keyword trend analysis Info https://resaltodigital.com/wp-content/uploads/jupiterx/compiler/jupiterx/qwrSrMZN.php https://tkswift.com/well-known/pki-validation/c/i/a/Iyv91q8QlxVQGfh.php https://rockconsultllc.com/Malik2/wp-content/plugins/bluehost-wordpress-plugin/build/KhPxqrfzEA.php https://stskleen.com.au/wp-content/plugins/woocommerce-services/dist/chunks/CaUGJzgC.php https://brandvoxtech.com/wp-content/plugins/premium-addons-for-elementor/widgets/dep/DPOySTqLqjmhG.php https://pillsdaddy.com/wp-includes/js/tinymce/themes/inlite/vyQ9P2Q9.php https://indiaudyogmart.com/public/lte/plugins/ckeditor/adapters/E9HENiTTi0Z.php https://reachmedical.in/changes/uploads/file_format/5vixBSDMmITU.php https://brasilvioleiro.com.br/wp-content/cache/object/e3c/9ab/rSpBh8UHQx8r.php	18 Info brandvoxtech.com(162.241.123.29) brasilvioleiro.com.br(104.21.23.96) pillsdaddy.com(198.54.115.156) tkswift.com(108.170.13.242) rockconsultllc.com(162.241.244.67) - mailcious resaltodigital.com(160.153.133.162) indiaudyogmart.com(167.86.75.162) stskleen.com.au(198.71.233.109) reachmedical.in(142.4.29.146) 167.86.75.162 160.153.133.162 198.54.115.156 - malware 108.170.13.242 172.67.210.41 162.241.244.67 - mailcious 162.241.123.29 - mailcious 198.71.233.109 - malware 142.4.29.146	2	9.2		23	ZeroCERT

44884	2021-06-02 14:21	racial.drc.exe 9fb8d26ff13e2ab05719119ac06ecc07 Gen1 Gen2 PE File DLL OS Processor Check PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself				1.4		7	ZeroCERT

44885	2021-06-02 11:34	EHH.exe 979555d563632cad528a128a3af233bb Generic Malware Admin Tool (Sysinternals Devolutions inc) Malicious Packer PE File PE32 VirusTotal Malware RWX flags setting unpack itself crashed				1.6	M	18	r0d

44886	2021-06-02 11:29	EHH.exe 979555d563632cad528a128a3af233bb Admin Tool (Sysinternals Devolutions inc) Generic Malware Malicious Packer PE File PE32 VirusTotal Malware unpack itself anti-virtualization				1.6	M	18	r0d

44887	2021-06-02 11:19	DOCUMENT.exe 1c3b8ae594cb4ce24c2680b47cebf808 APT APT29 PE File PE64 DLL OS Processor Check VirusTotal Malware PDB Checks debugger RWX flags setting unpack itself Detects VirtualBox Check virtual network interfaces VMware ComputerName DNS		5		7.0		47	ZeroCERT

44888	2021-06-02 11:11	kn.exe 5bcb9ac769b8c069e202b42b16773af7 Malicious Library DNS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS		2		15.8	M	48	ZeroCERT

44889	2021-06-02 10:37	DOCUMENT.exe 1c3b8ae594cb4ce24c2680b47cebf808 APT APT29 PE File PE64 DLL OS Processor Check VirusTotal Malware PDB Checks debugger RWX flags setting unpack itself Detects VirtualBox Check virtual network interfaces VMware ComputerName				4.8		47	r0d

44890	2021-06-02 10:36	mn.exe 5bcb9ac769b8c069e202b42b16773af7 Malicious Library DNS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS		2		16.2	M	48	ZeroCERT

44891	2021-06-02 10:27	vbc.exe 541369bff43470b5cb1056745b7eec92 Generic Malware PE File PE32 VirusTotal Malware				1.0	M	32	r0d

44892	2021-06-02 10:14	6ha8ua.exe 77be0dd6570301acac3634801676b5d7 Ficker Stealer PE File PE32 Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency MachineGuid Check memory ICMP traffic Collect installed applications sandbox evasion anti-virtualization IP Check installed browsers check Ransomware Stealer Browser ComputerName Software	1 Keyword trend analysis	4	3	8.8	M	57	ZeroCERT

44893	2021-06-02 10:02	freeold.exe 5108b268343f682e45b04f1af1dab2e3 NetWire RAT Admin Tool Sysinternals Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key				8.4	M	47	r0d

44894	2021-06-02 09:52	andre34.exe 8e92a33277fce903f46b4551b9871f8d AsyncRAT backdoor PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself				2.2	M	31	ZeroCERT

44895	2021-06-02 09:51	RequestForQuote.exe 623de5211f56f514f6f149a414d5d6a9 AsyncRAT backdoor PWS .NET framework Generic Malware Anti_VM Malicious Library Antivirus PE File .NET EXE PE32 VirusTotal Malware powershell PDB suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key				5.2		15	ZeroCERT