Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
44971	2021-05-28 09:43	seleja.exe 38976248b5751e588795a5c9c4ca0327 PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows crashed					2.8	M	18	r0d

44972	2021-05-28 08:28	covid.exe 5bcb9ac769b8c069e202b42b16773af7 Malicious Library DNS AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Tofsee Windows ComputerName DNS DDNS	2 Keyword trend analysis	6	4		16.6		21	ZeroCERT

44973	2021-05-28 08:26	seleja.exe 38976248b5751e588795a5c9c4ca0327 PE File OS Processor Check PE32 VirusTotal Malware PDB Malicious Traffic unpack itself Tofsee Windows DNS crashed	3 Keyword trend analysis Info http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe http://r2---sn-3u-bh2z7.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=175.208.134.150&mm=28&mn=sn-3u-bh2z7&ms=nvh&mt=1622157617&mv=m&mvi=2&pl=18&shardbypass=yes https://update.googleapis.com/service/update2?cup2key=10:1895035685&cup2hreq=72915f2a185bd04d4a4507b96e78435e1e4d450e3fccbcf7802dca34e4dee720	2	1		4.6		18	ZeroCERT

44974	2021-05-28 08:24	vMGUvT6JSOA3UIz.exe d08412601dc64d6dc5e3945d550ad9a9 AsyncRAT backdoor PWS .NET framework Malicious Library .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key		1			4.2	M	40	ZeroCERT

44975	2021-05-28 08:22	Delivery Order 92281186.xls 7967d491dfb9148f1bb51cdb3acedbab VBA_macro MSOffice File VirusTotal Malware unpack itself Tofsee DNS	10 Keyword trend analysis Info https://surustore.com/image/cache/catalog/demo/banners/h0dD8T2aNRz.php https://ntf.gov.sb/components/com_acysms/views/unsubscribe/tmpl/8Wa80ysYUv6Klh.php https://brandsites.gunwebhosting.com.au/site/wp-includes/Text/Diff/Engine/eUhebviTSOzDZ.php https://bellaloveboutique.com/wp-content/themes/salient/includes/partials/tgTzKdqzGivuZ9.php https://prediction2020.com/wp-content/plugins/really-simple-ssl/testssl/cloudflare/jDN6wmFidG65.php https://ootashop.com/catalog/language/ar/extension/captcha/Iz40CaCFx.php https://ourcomm.co.uk/wp-content/plugins/buddyboss-platform/bp-moderation/classes/SXDetkgsnPP.php https://srivinaysalian.com/wp-content/plugins/catch-instagram-feed-gallery-widget/public/css/jYfe4b9imB.php https://marcoislandguidebook.com/wp-includes/js/tinymce/plugins/charmap/xltGrJWiK.php https://alpax.elcanotradingcorp.com/public/bower_components/jquery/src/ajax/oAIZxkctW.php	20 Info marcoislandguidebook.com(192.185.79.55) - mailcious brandsites.gunwebhosting.com.au(122.201.118.64) - mailcious ootashop.com(199.188.205.57) - mailcious ntf.gov.sb(192.185.32.234) - mailcious alpax.elcanotradingcorp.com(108.167.181.248) - mailcious ourcomm.co.uk(217.160.0.196) - mailcious surustore.com(192.158.238.23) - mailcious prediction2020.com(107.160.244.54) - mailcious bellaloveboutique.com(107.180.58.44) - mailcious srivinaysalian.com(216.37.42.46) - mailcious 192.185.32.234 - mailcious 108.167.181.248 - mailcious 216.37.42.46 - mailcious 107.160.244.54 - mailcious 192.158.238.23 - mailcious 122.201.118.64 - mailcious 107.180.58.44 - mailcious 199.188.205.57 - mailcious 192.185.79.55 - mailcious 217.160.0.196 - malware	4	1	3.8	M	20	ZeroCERT

44976	2021-05-28 08:22	test.exe 0e24059570f9655711ba4454c21c9e2e AsyncRAT backdoor .NET EXE PE File PE32 VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows	1 Keyword trend analysis	4	8 Info ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA TLS invalid record type SURICATA TLS invalid record/traffic ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET HUNTING Request to .XYZ Domain with Minimal Headers ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download		3.2	M	25	ZeroCERT

44977	2021-05-28 08:21	file3.exe 4fbb9246662af8c36caf102eccf4bff0 AsyncRAT backdoor BitCoin AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	2		12.4		8	ZeroCERT

44978	2021-05-28 08:20	vbc.exe ca1cad0dfeee9119a7bef5911c8f194e SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself suspicious process WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger		1			13.4	M	24	ZeroCERT

44979	2021-05-28 08:11	vuga.exe 6a5d0132df698a0743d0a5a8a1515cfc AsyncRAT backdoor AgentTesla(IN) Malicious Packer .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Windows Browser Email ComputerName Cryptographic key Software crashed					5.6	M	37	ZeroCERT

44980	2021-05-28 08:09	ConsoleApp10.exe d2470e33e04e12bdc2acf475f40da080 AsyncRAT backdoor PWS .NET framework SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces VMware IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4		9.6		33	ZeroCERT

44981	2021-05-28 08:07	336601.7z f958bdca722740cdb24e86b349be4f96 Escalate priviledges KeyLogger AntiDebug AntiVM VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself DNS					3.2		30	ZeroCERT

44982	2021-05-28 08:06	PKL.exe b375d47d63b41b7e1aca548742b01382 PE File PE32 VirusTotal Malware RWX flags setting unpack itself anti-virtualization crashed					2.6		36	ZeroCERT

44983	2021-05-27 17:42	relese.exe 67c0f9f7a63db607929cfbae83442911 AsyncRAT backdoor NPKI Gen2 AntiDebug AntiVM PE File OS Processor Check PE32 DLL .NET DLL PNG Format JPEG Format MSOffice File .NET EXE PE64 VirusTotal Malware PDB Code Injection buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder Tofsee Windows Exploit RCE DNS crashed	3 Keyword trend analysis Info http://cacerts.digicert.com/DigiCertGlobalRootG2.crt http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.6.1&processName=Svc_host.exe&platform=0009&osver=5&isServer=0 https://go.microsoft.com/fwlink/?linkid=850289&tfm=.NETFramework,Version=v4.6.1&processName=Svc_host.exe&platform=0009&osver=5&isServer=0	5	1		7.6		48	ZeroCERT

44984	2021-05-27 17:41	file.exe 7a2f5bc93c259322c16e5a94f7139031 PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows crashed					3.0	M	24	ZeroCERT

44985	2021-05-27 13:48	vbc.exe 6adc941dcd82ed0869059fbdb520fc0a AsyncRAT backdoor PWS .NET framework Malicious Library SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed					9.4		17	Kim.GS