Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
45136	2021-05-26 09:26	ConsoleApp1.exe 17b32d5270a778baa555f13bb3c25b14 AsyncRAT backdoor Gen1 AntiDebug AntiVM .NET EXE PE File PE32 DLL OS Processor Check JPEG Format Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check Tofsee OskiStealer Stealer Windows Browser Email ComputerName Trojan DNS Downloader Password	11 Keyword trend analysis	4	15 Info ET POLICY Data POST to an image file (jpg) ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO TLS Handshake Failure SURICATA TLS invalid record type SURICATA TLS invalid record/traffic SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2 ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) ET MALWARE Single char EXE direct download likely trojan (multiple families) ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	13.4	M	22	ZeroCERT

45137	2021-05-26 09:26	vbc.exe 9fda9bae06e1705bc0baafb7ae723257 PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself DNS				2.6	M	35	ZeroCERT

45138	2021-05-26 09:25	%E5%A4%A9%E9%99%8D%E6%BF%80%E5... 81df021fd7a1275df23a861bb0dd436a Anti_VM PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself DNS crashed				3.8	M	52	ZeroCERT

45139	2021-05-26 09:17	p4.exe 69a8c51720e4b71360018614cd7a8123 AsyncRAT backdoor PWS .NET framework Malicious Library AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself				7.6		50	ZeroCERT

45140	2021-05-26 09:09	Oski_KelvinBryant.exe 08c192a4b1b2ffefcb59f04230682f8d PE File OS Processor Check PE32 VirusTotal Malware ComputerName DNS		1		3.0		43	ZeroCERT

45141	2021-05-26 09:07	Document%20093250.xls 662ed1aced50cad399d305467f290fea VBA_macro MSOffice File VirusTotal Malware Checks debugger WMI unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName DNS crashed	1 Keyword trend analysis	3	1	8.0		20	ZeroCERT

45142	2021-05-26 09:04	p6.exe 0ff51f81af4ba59f7a3be211066a0f8c PWS .NET framework Malicious Library .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows ComputerName DNS Cryptographic key		1		3.2		38	ZeroCERT

45143	2021-05-26 09:02	richedit.exe b89786dcab1dc0b2c71d410c73a9bf8d PE File PE32 VirusTotal Malware Check memory unpack itself				2.2	M	31	ZeroCERT

45144	2021-05-26 09:00	PL_175_063_107.exe e2f9e8c9bc0c758d98ee96ff0779076c AsyncRAT backdoor SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces VMware IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4	9.2		13	ZeroCERT

45145	2021-05-26 08:59	Kill$.exe 84351b76b5750af1b8da4b9b3572ca6a AgentTesla Antivirus Anti_VM DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Code injection Http API Internet API Steal credential ScreenShot Downloader P2P AntiDebug AntiVM PE64 PE File VirusTotal Malware suspicious privilege Code Injection Check memory WMI Creates executable files Windows utilities suspicious process WriteConsoleW shadowcopy delete Windows ComputerName				7.2	M	23	guest

45146	2021-05-26 08:58	IMG_078_36_110.exe 7991a1408bbb33e32dab67230cb4a0ff AsyncRAT backdoor SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4	8.0		17	ZeroCERT

45147	2021-05-26 01:39	ACC.exe 1b566412e52165a3ef457cc7dd0ecfba AsyncRAT backdoor PWS .NET framework Malicious Library Antivirus .NET EXE PE File PE32 VirusTotal Malware powershell PDB suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key		1		7.0	M	26	guest

45148	2021-05-25 18:13	4hKre9EL6dUlIXf.exe 44ce3829d2bed5adf00008a95b6b57c2 PWS .NET framework Malicious Library SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed				11.0		13	ZeroCERT

45149	2021-05-25 18:11	phantom2.exe 24dc854336a585ea23251476947215f0 Raccoon Stealer Glupteba PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows crashed				2.0	M	18	ZeroCERT

45150	2021-05-25 18:10	svchost.exe 760f463b1279b98b75fe6aa0417f83a5 PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself suspicious process anti-virtualization				2.6		17	ZeroCERT