Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
45406	2021-05-24 18:20	sIIpO8jjC02iQCT.exe 3d9a120a83e330ab0f26454a46b9e1e7 PWS .NET framework Malicious Library .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key					2.8		24	ZeroCERT

45407	2021-05-24 18:19	banh.exe 8dc45cee87ca5370db8341c7755c8b9e PWS .NET framework Malicious Library SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName Cryptographic key crashed					9.4		20	ZeroCERT

45408	2021-05-24 18:17	brazzz.exe 011ef8c61ebdce09c170eff3311c4a0a Malicious Library .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key					3.0		36	ZeroCERT

45409	2021-05-24 18:17	rYMtUTp556Z02qL.exe 76c61f35c06b4d510bc59d3f8aa42fea AsyncRAT backdoor PWS .NET framework Malicious Library .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows Cryptographic key					2.0		8	ZeroCERT

45410	2021-05-24 18:15	vbc.exe c43ff70c1a60486bda3a8f005e5bf26f PWS .NET framework Malicious Library SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed					10.2		40	ZeroCERT

45411	2021-05-24 18:15	YpB5uPa1YKwLPKt.exe 5c8003788c729d9c9d6f91c62aef10f4 PWS .NET framework Malicious Library .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key					2.2		23	ZeroCERT

45412	2021-05-24 18:14	bin---09.exe c2db9ae19f2ed393fb6ae0703dc30b2c PWS .NET framework Malicious Packer AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself	17 Keyword trend analysis Info http://www.adultpeace.com/p2io/?GF=4oufm6g7w9cVhgu+mDBWoA8I6Q2bNaX51teMhl/6i5f1woTl8Y4Ohfe29cQ9y7IaJQfIj0iK&llvt=fTRHzZwpYvUX0J http://www.pyithuhluttaw.net/p2io/?GF=NEaCbUvvAYINigSHmrIJ7dR/yfSp7Xbba3vcNBHjwVcKt6Qbvd0czP/RWKD03CMJ7FmiFKIL&llvt=fTRHzZwpYvUX0J http://www.adultpeace.com/p2io/ http://www.ololmychartlogin.com/p2io/ http://www.bigplatesmallwallet.com/p2io/?GF=O674xtRxkGNoF6c3kGCKbVIXJyLg/Uv1kE5kvfYRu46mJjBrOhkzeBS5wyL3I0uQtRm1X0si&llvt=fTRHzZwpYvUX0J http://www.ololmychartlogin.com/p2io/?GF=2q6D4S4KFKmlXKAOo+dmfNOnFlWkohYFDzximTpdHsIuBKx0b3v/5p4ytrwsGJikHaDfqBb+&llvt=fTRHzZwpYvUX0J http://www.alfenas.info/p2io/ http://www.alfenas.info/p2io/?GF=qSqSgno9cBloRqN5VLtR5zfvl4qKeuO7jrdOV5f2r4ZX0X85kelskx3YtL4YRmLXGzhxb6Nv&llvt=fTRHzZwpYvUX0J http://www.leonardocarrillo.com/p2io/?GF=Z8FkwwkotLBkQtrDqM/eMJCTIQtJD+6S4GTF4HzAZ8KQRsKSHf3+L+a292aesc2eaUyoVCup&llvt=fTRHzZwpYvUX0J http://www.hfjxhs.com/p2io/ http://www.ruhexuangou.com/p2io/?GF=WkKybY+GL5E6d0NB6hKPcEEM/Z4gp4PnllJ4lZDhA9T5haocRpsPFcselLWyxf3h/8OpmW/H&llvt=fTRHzZwpYvUX0J http://www.ruhexuangou.com/p2io/ http://www.essentiallyourscandles.com/p2io/ http://www.bigplatesmallwallet.com/p2io/ http://www.pyithuhluttaw.net/p2io/ http://www.essentiallyourscandles.com/p2io/?GF=tOwaJov3Qh/So8Abi3+vLu8KpTdHs2Vuljr6rtQHuYg94Ec45hj5yXZ1J0+xHcOVWF/IMli4&llvt=fTRHzZwpYvUX0J http://www.hfjxhs.com/p2io/?GF=DTtQlm+Z53HZQQxwVrobrkMYYvpq+NlfspfnNNuMzI98GFQb/uTk0OsIpqJyOE0lLdOWa4eE&llvt=fTRHzZwpYvUX0J	18 Info www.leonardocarrillo.com() www.ruhexuangou.com(23.82.57.32) www.adultpeace.com(163.44.239.73) www.pyithuhluttaw.net(103.91.67.83) www.bigplatesmallwallet.com(66.235.200.147) www.essentiallyourscandles.com(23.227.38.74) www.hfjxhs.com(156.241.53.161) www.ololmychartlogin.com(23.82.12.29) www.alfenas.info(34.102.136.180) 66.235.200.147 - phishing 163.44.239.73 156.241.53.161 209.99.40.222 - mailcious 34.102.136.180 - mailcious 23.82.57.32 23.82.12.29 - suspicious 23.227.38.74 - mailcious 103.91.67.83	1		9.4		30	ZeroCERT

45413	2021-05-24 18:13	aYnQ4B6WoQm6DuG.exe 20afb202b5cfbb60dc7ff5f2509c3991 PWS .NET framework Malicious Library .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key					2.8		21	ZeroCERT

45414	2021-05-24 18:11	bin.exe dbb0d24252b09d49478c336e5d0ec994 PWS .NET framework Malicious Packer AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	16 Keyword trend analysis Info http://www.cyrilgraze.com/p2io/?qR-HnluH=PONkgH6OT+IdHpvpbj4YyU3gBn/U0y1OFS1Y8BXnr3YdY2x3tUozsMLieTk0sG+frQWfUBsy&TVg84P=yjR8IXLxMLv http://www.dmgt4m2g8y2uh.net/p2io/?qR-HnluH=QtqXFq7HS/X4MIE9GXms050Yi4WsLwGmbpvB1Cdjo9kEhb/cEuRUaHG+vgNP8VkCpLdNveMs&TVg84P=yjR8IXLxMLv http://www.cmannouncements.com/p2io/ http://www.adultpeace.com/p2io/?qR-HnluH=4oufm6g7w9cVhgu+mDBWoA8I6Q2bNaX51teMhl/6i5f1woTl8Y4Ohfe29cQ9y7IaJQfIj0iK&TVg84P=yjR8IXLxMLv http://www.dmgt4m2g8y2uh.net/p2io/ http://www.adultpeace.com/p2io/ http://www.thriveglucose.com/p2io/ http://www.thriveglucose.com/p2io/?qR-HnluH=bgEje2qqVLxeqLNVlwWQjpUULYzLZlDcA+G1vxfW8Jz/ro52V1dcg5nZt+TpVqb/WeIjD6oW&TVg84P=yjR8IXLxMLv http://www.zmzcrossrt.xyz/p2io/ http://www.cyrilgraze.com/p2io/ http://www.pyithuhluttaw.net/p2io/?qR-HnluH=NEaCbUvvAYINigSHmrIJ7dR/yfSp7Xbba3vcNBHjwVcKt6Qbvd0czP/RWKD03CMJ7FmiFKIL&TVg84P=yjR8IXLxMLv http://www.zmzcrossrt.xyz/p2io/?qR-HnluH=tbodHACq9TgEm1QCflemmH955SxRRtof3zi2445TBfF16F/HFiIOFPSeH8a5z8Uvje9sxZdT&TVg84P=yjR8IXLxMLv http://www.cmannouncements.com/p2io/?qR-HnluH=wzEdtbrAF/I1cRkF/h093gtD2EzP1yO8zPBZTUdll922Z1OUYyEpwi72EGdxEgGIGaDMgw4G&TVg84P=yjR8IXLxMLv http://www.micheldrake.com/p2io/?qR-HnluH=d2NgnqRQHDqC8zfUpSeXKrGILlrAeXd0mpzt/HUKTHCMsqjNpHqiPqxZu8ECgv8Wi9ydyjUw&TVg84P=yjR8IXLxMLv http://www.pyithuhluttaw.net/p2io/ http://www.micheldrake.com/p2io/	19 Info www.adultpeace.com(163.44.239.73) www.buylocalclub.info() www.mercuryaid.net() www.cmannouncements.com(69.195.83.71) www.micheldrake.com(192.0.78.25) www.zmzcrossrt.xyz(99.83.185.45) www.pyithuhluttaw.net(103.91.67.83) www.cyrilgraze.com(172.67.138.177) www.thriveglucose.com(184.168.131.241) www.m678.xyz() www.dmgt4m2g8y2uh.net(103.120.13.242) 69.195.83.71 163.44.239.73 103.120.13.132 184.168.131.241 - mailcious 99.83.230.40 - mailcious 192.0.78.24 - mailcious 104.21.65.7 103.91.67.83	2		7.6			ZeroCERT

45415	2021-05-24 18:10	LluwMXf8ngOwqea.exe 3517aa20f6e5641cd95afb5d9173e696 PWS .NET framework Malicious Library .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key					2.8		22	ZeroCERT

45416	2021-05-24 17:28	run.exe 63a11a44eeb7ee8c76f834d4435f4af3 GhostCringe GhostRAT PE File PE32 OS Processor Check Malware download VirusTotal Open Directory Malware GhostRAT AutoRuns Check memory Checks debugger Creates executable files RWX flags setting unpack itself Detects VMWare AntiVM_Disk sandbox evasion VMware VM Disk Size Check Windows Exploit Browser RAT Backdoor Trojan DNS crashed	2 Keyword trend analysis	1	9 Info ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server ET MALWARE Backdoor family PCRat/Gh0st CnC traffic ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET EXPLOIT_KIT DRIVEBY Likely Evil EXE with no referer from HFS webserver (used by Unknown EK) ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET INFO Dotted Quad Host DLL Request	1	9.0	M	48	guest

45417	2021-05-24 15:28	PicturesLab.exe 02398f9746a8cdebb2bc1cb9ccb40e70 njRAT .NET EXE PE File PE32 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself					2.2	M	53	r0d

45418	2021-05-24 15:14	I-Record.exe 6f80701718727602e7196b1bba7fac1b njRAT .NET EXE PE File PE32 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself					2.2	M	52	r0d

45419	2021-05-24 15:12	f3kmkuwbdpgytdc5.exe ae4a8c201b070ee94488bb8862ed4ec5 njRAT Generic Malware .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself					1.8	M	36	r0d

45420	2021-05-24 15:03	f3kmkuwbdpgytdc5.exe ae4a8c201b070ee94488bb8862ed4ec5 Generic Malware .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself					1.8	M	36	r0d