Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
45376	2021-05-25 18:11	phantom2.exe 24dc854336a585ea23251476947215f0 Raccoon Stealer Glupteba PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows crashed				2.0	M	18	ZeroCERT

45377	2021-05-25 18:10	svchost.exe 760f463b1279b98b75fe6aa0417f83a5 PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself suspicious process anti-virtualization				2.6		17	ZeroCERT

45378	2021-05-25 18:09	phantom.exe 2e2c59afbb7175fbafabe95d0d2730a4 Raccoon Stealer Glupteba PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows DNS crashed				3.2		23	ZeroCERT

45379	2021-05-25 18:06	4Hs8qbk2vS4KWX6.exe f0a1ef38fc601323f5f24a68dc5d02a4 PWS .NET framework Malicious Library SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed				10.6			ZeroCERT

45380	2021-05-25 18:06	mna.exe df8c895d1e6b9fb4e3914a6c4b7e3a31 PWS .NET framework Malicious Library SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed				12.8		30	ZeroCERT

45381	2021-05-25 16:05	065f50e43b633113_dxmpr.exe 2c25930da215dccac6d3d3c18860e2f1 PE File PE32 DLL VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder human activity check Windows ComputerName DNS DDNS		2		8.6	M	18	r0d

45382	2021-05-25 15:26	ee.txt 4124e889a26b37658b95119b69bb8c39 NPKI Antivirus Malware Malicious Traffic DNS	3 Keyword trend analysis	2	1	1.8			ZeroCERT

45383	2021-05-25 15:21	kj.txt ebf79868631fd00264098d59e917e3e9 NPKI Antivirus Malware Malicious Traffic DNS	3 Keyword trend analysis	2		1.8			ZeroCERT

45384	2021-05-25 10:22	http://176.111.174.74/ACC.exe 1b566412e52165a3ef457cc7dd0ecfba AgentTesla AsyncRAT backdoor PWS .NET framework Malicious Library DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed		1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 22 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure	6.0	M	26	Kim.GS

45385	2021-05-25 10:04	nd.exe 2c25930da215dccac6d3d3c18860e2f1 PE File PE32 DLL VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder human activity check Windows ComputerName DNS DDNS		3		9.6	M	18	ZeroCERT

45386	2021-05-25 10:02	vbc.exe 9c0ab971e60116467107fe8dd787e5cf Malicious Library Escalate priviledges KeyLogger ScreenShot Downloader persistence AntiDebug AntiVM PE File PE32 VirusTotal Malware DNS				2.4	M	18	ZeroCERT

45387	2021-05-25 10:01	Kill$.exe 84351b76b5750af1b8da4b9b3572ca6a AgentTesla Antivirus Anti_VM DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Code injection Http API Internet API Steal credential ScreenShot Downloader P2P AntiDebug AntiVM PE64 PE File VirusTotal Malware suspicious privilege Code Injection Check memory WMI Creates executable files Windows utilities suspicious process WriteConsoleW shadowcopy delete Windows ComputerName DNS				7.6		14	ZeroCERT

45388	2021-05-25 10:01	94tjF7QB1LlfpIm.exe e7b6e0339e511aef97733309f4fc7c62 PWS .NET framework Malicious Library .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key				2.2	M	25	ZeroCERT

45389	2021-05-25 10:00	svch.exe 13023b4453e98378bf05047bd0bbb9f8 Raccoon Stealer Glupteba PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows DNS crashed				3.6	M	37	ZeroCERT

45390	2021-05-25 09:59	................................. 3e8e5efd15868dd7c922882c75b136a3 RTF File doc AntiDebug AntiVM FormBook Malware download VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger exploit crash unpack itself Windows Exploit DNS crashed	2 Keyword trend analysis	6	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET INFO Packed Executable Download ET MALWARE FormBook CnC Checkin (GET) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5.0	M	29	ZeroCERT