Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
45106	2021-05-26 17:49	Lammer.exe 49545f0af79ded22054bfd851bb3d864 .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself WriteConsoleW DNS DDNS		2	1		5.8		36	ZeroCERT

45107	2021-05-26 17:48	edjpx01.zip 78b7c12458b63f284b2b0b4386351ddd VirusTotal Malware DNS					1.4		22	ZeroCERT

45108	2021-05-26 17:47	HOO.exe b0c6368fb892e87132504695169245d0 PE File PE32 VirusTotal Malware RWX flags setting unpack itself anti-virtualization crashed					2.4		25	ZeroCERT

45109	2021-05-26 17:44	0BwVRYsmMqnmVek1UbU9tQnRjS28 d9b498a75f204feb90dbe7e6da25ea11								ZeroCERT

45110	2021-05-26 17:40	PO 474050.xls 8cd09ba1a0a1c52115e5419c92342708 VBA_macro MSOffice File VirusTotal Malware unpack itself Tofsee	10 Keyword trend analysis Info https://market-in.org/wp-content/uploads/2020/06/H4RiD4lTF.php https://akachi.co.za/uJPPYNmRbBCB8fm.php https://sklep.northserwis.pl/fckeditor/editor/dialog/common/images/239x8XnABbK.php https://agentsv2.ivm.mv/user_guide/_static/css/rjWMenNTq.php https://mail-call.us/76a7Sg6AAZRX.php https://aims1.ezicodes.com/wp-includes/js/tinymce/skins/lightgray/A2jVIUfifA7zwR.php https://fate.sa/2EWZ1gzKbk.php https://newzroot.com/wp-content/themes/sahifa/css/ilightbox/otlDh6Ov4gImZ0t.php https://creatalca.cl/nacionprogresiva/wp-includes/css/dist/block-directory/3pHa6HkTHtTkK.php https://coeniglich.de/oVWjOr1Z3Z.php	20 Info fate.sa(192.196.158.90) - mailcious akachi.co.za(66.85.46.71) - mailcious sklep.northserwis.pl(82.177.209.21) - mailcious mail-call.us(74.220.219.123) - mailcious coeniglich.de(172.104.152.37) - mailcious newzroot.com(138.201.203.76) - mailcious agentsv2.ivm.mv(192.185.36.231) - mailcious market-in.org(104.21.55.237) - mailcious aims1.ezicodes.com(188.225.225.70) - mailcious creatalca.cl(192.185.16.103) - mailcious 104.21.55.237 82.177.209.21 - mailcious 192.185.36.231 - mailcious 192.196.158.90 - mailcious 188.225.225.70 - mailcious 138.201.203.76 - mailcious 66.85.46.71 - mailcious 172.104.152.37 - mailcious 74.220.219.123 - malware 192.185.16.103 - mailcious	4		3.4	M	34	ZeroCERT

45111	2021-05-26 15:18	origin.exe 8270fec5a4b9cd84da15ab4b61e891ee AgentTesla(IN) Malicious Packer .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself					2.2	M	39	r0d

45112	2021-05-26 11:44	IMG_3615_763_8.exe 87eb69c0cf08d284c76acc6666749a91 AsyncRAT backdoor AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege unpack itself DNS		1			2.8	M	13	ZeroCERT

45113	2021-05-26 10:30	document.exe d6a178030c845618787d82658751f393 DLL PE File PE32								Kim.GS

45114	2021-05-26 10:30	document.exe ff030ccb88227fc44d495468a2cc8992 DLL PE File PE32					0.6			guest

45115	2021-05-26 10:27	document.exe ff030ccb88227fc44d495468a2cc8992 DLL PE File PE32					0.6			guest

45116	2021-05-26 10:22	1.exe d6a178030c845618787d82658751f393 DLL PE File PE32								Kim.GS

45117	2021-05-26 10:14	document.exe 46179daceb9602cc1f11c2e002c35f57 PE File								guest

45118	2021-05-26 09:52	origin.exe 8270fec5a4b9cd84da15ab4b61e891ee Malicious Packer .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself DNS					2.8		39	ZeroCERT

45119	2021-05-26 09:52	t.exe ddda0d5616775408eb31992c1d602a8d AsyncRAT backdoor .NET EXE PE File PE32 VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows DNS	2 Keyword trend analysis	3	8 Info ET INFO TLS Handshake Failure SURICATA TLS invalid record type SURICATA TLS invalid record/traffic ET INFO Executable Download from dotted-quad Host SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	1	3.6		18	ZeroCERT

45120	2021-05-26 09:48	New%20Order.exe 9686d7f5778397a1727d314553f126d4 Antivirus .NET EXE PE File PE32 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security powershell.exe wrote suspicious process AppData folder sandbox evasion WriteConsoleW Ransomware Windows ComputerName Cryptographic key crashed					8.6	M	19	ZeroCERT