Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
45001	2021-05-27 09:20	vbc.exe 81fbda3909166d5283aa85295b8c3394 AsyncRAT backdoor PWS .NET framework Malicious Library .NET EXE PE File OS Processor Check PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key				2.2		27	ZeroCERT

45002	2021-05-27 09:18	covid.exe a7a8c3e6b8854ab03b71a5b128d7b9ce Malicious Library DNS AntiDebug AntiVM .NET EXE PE File PE32 Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS		2		13.6			ZeroCERT

45003	2021-05-27 09:18	Document%20777622.xls a7b63000938bbeb31722acac4a96b004 VBA_macro MSOffice File VirusTotal Malware unpack itself Tofsee	10 Keyword trend analysis Info https://supereclinica.com.br/gestor/ckfinder/plugins/fileeditor/codemirror/Mad1mAVF6Vla1IY.php https://www.ktateeb.vision-building.com/public/graph/uploads/200x300/content_images/CByVubhIO51.php https://smtp.computeraccess.co.in/8Lj6KntHS.php https://donboscoschoolbd.com/fdoMMqJznv.php https://coeniglich.de/oVWjOr1Z3Z.php https://bypuzzle.com.br/avada/wp-content/themes/twentyfifteen/css/5clwWvDJgRsTKvW.php https://proterra.med.br/wp-includes/js/tinymce/themes/advanced/Zg1TbiK17uVn.php https://agentsv2.ivm.mv/user_guide/_static/css/rjWMenNTq.php https://clinicasaludmasculina.com/phone/css/AvGj1IrWszA5cUW.php https://bonsventosnautica.com.br/xhpxAHxeWeE6lH3.php	19 Info supereclinica.com.br(162.241.203.185) - mailcious donboscoschoolbd.com(138.201.27.66) - mailcious proterra.med.br(192.185.217.211) - mailcious smtp.computeraccess.co.in(192.185.154.138) - mailcious coeniglich.de(172.104.152.37) - mailcious clinicasaludmasculina.com(192.185.131.33) - mailcious bonsventosnautica.com.br(162.241.203.116) - mailcious agentsv2.ivm.mv(192.185.36.231) - mailcious www.ktateeb.vision-building.com() bypuzzle.com.br(192.185.215.103) - mailcious 192.185.131.33 - malware 192.185.217.211 - mailcious 138.201.27.66 - mailcious 192.185.36.231 - mailcious 162.241.203.185 - malware 192.185.215.103 - mailcious 162.241.203.116 - mailcious 192.185.154.138 - mailcious 172.104.152.37 - mailcious	4	2.8		20	ZeroCERT

45004	2021-05-27 09:03	PO 7080027.xls f1fcca46fd7af3f90aa67654250e7a05 VBA_macro MSOffice File VirusTotal Malware ICMP traffic unpack itself Tofsee	10 Keyword trend analysis Info https://bellaloveboutique.com/wp-content/themes/salient/includes/partials/tgTzKdqzGivuZ9.php https://forwei.com/image/cache/data/Varios/Cables/0YGwrERy.php https://surustore.com/image/cache/catalog/demo/banners/h0dD8T2aNRz.php https://ootashop.com/catalog/language/ar/extension/captcha/Iz40CaCFx.php https://bycec.in/wp-includes/js/tinymce/plugins/charmap/1MRWRA8z2S2Ajv.php https://marcoislandguidebook.com/wp-includes/js/tinymce/plugins/charmap/xltGrJWiK.php https://labrie-sabette.com/wp-includes/sodium_compat/namespaced/Core/ChaCha20/gp5yHrBp.php https://brandsites.gunwebhosting.com.au/site/wp-includes/Text/Diff/Engine/eUhebviTSOzDZ.php https://dinratnews.net/wp-content/uploads/2020/05/thumbnails/brCyRumj.php https://enlazador.com.es/wp-content/themes/twentynineteen/sass/blocks/mLrfH3gL5MqmI.php	20 Info marcoislandguidebook.com(192.185.79.55) brandsites.gunwebhosting.com.au(122.201.118.64) ootashop.com(199.188.205.57) forwei.com(217.160.0.5) - mailcious labrie-sabette.com(173.230.252.50) - mailcious enlazador.com.es(51.77.67.181) surustore.com(192.158.238.23) dinratnews.net(103.237.38.215) bycec.in(208.91.198.106) bellaloveboutique.com(107.180.58.44) 122.201.118.64 51.77.67.181 217.160.0.5 - malware 192.158.238.23 107.180.58.44 - mailcious 103.237.38.215 - mailcious 173.230.252.50 - mailcious 199.188.205.57 208.91.198.106 - malware 192.185.79.55 - mailcious	4	4.0	M	20	ZeroCERT

45005	2021-05-27 07:50	Zaplata.exe 4fd2df0f767d5db670bc28f9fff6b1f4 PE File OS Processor Check PE32 Browser Info Stealer VirusTotal Malware PDB Browser				1.8		46	ZeroCERT

45006	2021-05-26 17:57	0BwVRYsmMqnmVek1UbU9tQnRjS28 d9b498a75f204feb90dbe7e6da25ea11							ZeroCERT

45007	2021-05-26 17:57	vbc.exe 9fda9bae06e1705bc0baafb7ae723257 Malicious Packer PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself				2.0	M	37	r0d

45008	2021-05-26 17:53	bmw1.exe e566e9b44e24135623225c6626391307 PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows DNS crashed				2.8	M	20	ZeroCERT

45009	2021-05-26 17:50	vbc.exe 893f73e3c8296eb13964494da6157511 AsyncRAT backdoor PWS .NET framework Malicious Library SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed				9.4	M	7	ZeroCERT

45010	2021-05-26 17:49	Lammer.exe 49545f0af79ded22054bfd851bb3d864 .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself WriteConsoleW DNS DDNS		2	1	5.8		36	ZeroCERT

45011	2021-05-26 17:48	edjpx01.zip 78b7c12458b63f284b2b0b4386351ddd VirusTotal Malware DNS				1.4		22	ZeroCERT

45012	2021-05-26 17:47	HOO.exe b0c6368fb892e87132504695169245d0 PE File PE32 VirusTotal Malware RWX flags setting unpack itself anti-virtualization crashed				2.4		25	ZeroCERT

45013	2021-05-26 17:44	0BwVRYsmMqnmVek1UbU9tQnRjS28 d9b498a75f204feb90dbe7e6da25ea11							ZeroCERT

45014	2021-05-26 17:40	PO 474050.xls 8cd09ba1a0a1c52115e5419c92342708 VBA_macro MSOffice File VirusTotal Malware unpack itself Tofsee	10 Keyword trend analysis Info https://market-in.org/wp-content/uploads/2020/06/H4RiD4lTF.php https://akachi.co.za/uJPPYNmRbBCB8fm.php https://sklep.northserwis.pl/fckeditor/editor/dialog/common/images/239x8XnABbK.php https://agentsv2.ivm.mv/user_guide/_static/css/rjWMenNTq.php https://mail-call.us/76a7Sg6AAZRX.php https://aims1.ezicodes.com/wp-includes/js/tinymce/skins/lightgray/A2jVIUfifA7zwR.php https://fate.sa/2EWZ1gzKbk.php https://newzroot.com/wp-content/themes/sahifa/css/ilightbox/otlDh6Ov4gImZ0t.php https://creatalca.cl/nacionprogresiva/wp-includes/css/dist/block-directory/3pHa6HkTHtTkK.php https://coeniglich.de/oVWjOr1Z3Z.php	20 Info fate.sa(192.196.158.90) - mailcious akachi.co.za(66.85.46.71) - mailcious sklep.northserwis.pl(82.177.209.21) - mailcious mail-call.us(74.220.219.123) - mailcious coeniglich.de(172.104.152.37) - mailcious newzroot.com(138.201.203.76) - mailcious agentsv2.ivm.mv(192.185.36.231) - mailcious market-in.org(104.21.55.237) - mailcious aims1.ezicodes.com(188.225.225.70) - mailcious creatalca.cl(192.185.16.103) - mailcious 104.21.55.237 82.177.209.21 - mailcious 192.185.36.231 - mailcious 192.196.158.90 - mailcious 188.225.225.70 - mailcious 138.201.203.76 - mailcious 66.85.46.71 - mailcious 172.104.152.37 - mailcious 74.220.219.123 - malware 192.185.16.103 - mailcious	4	3.4	M	34	ZeroCERT

45015	2021-05-26 15:18	origin.exe 8270fec5a4b9cd84da15ab4b61e891ee AgentTesla(IN) Malicious Packer .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself				2.2	M	39	r0d