Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
45421	2021-05-24 11:38	222333.exe d213c25eb7528fbc07f48fb9c151f0ed Generic Malware PE File PE32 VirusTotal Malware Check memory Creates executable files RWX flags setting AntiVM_Disk sandbox evasion VM Disk Size Check Browser DNS		2			6.0	M	52	r0d

45422	2021-05-24 09:22	222333.exe d213c25eb7528fbc07f48fb9c151f0ed PE File PE32 VirusTotal Malware Check memory Creates executable files RWX flags setting AntiVM_Disk sandbox evasion VM Disk Size Check Browser DNS		2			6.0	M	52	ZeroCERT

45423	2021-05-24 09:18	wnspxzq@_27899.exe 9d24f3afa9e996bb1d87fbf12263c53f Emotet PE File PE32 PNG Format VirusTotal Malware buffers extracted ICMP traffic unpack itself sandbox evasion Browser RCE	5 Keyword trend analysis	4			5.8	M	31	ZeroCERT

45424	2021-05-24 09:17	ehn410274214523502210vlbxohwp4 bc5d3090b4ec7ece19ce132d14c0e111 VBA_macro MSOffice File VirusTotal Malware Malicious Traffic unpack itself Tofsee DNS	8 Keyword trend analysis Info https://an9news.com/aokhf/XPXV7/ https://www.17geci.com/vi2w6/Z5i/ https://rubycityvietnam.com/wp-admin/1c0NVtp/ https://lami-jo.com/wp-admin/VMeklEt/ http://vayvontinchap5s.com/vayvon5s.com/YH3mx/ http://jiamini.us-east-1.elasticbeanstalk.com/static/P1Vcv/ http://wach8.com/cgi-bin/5JyZcRU/ http://stopnote.vhostgo.com/?host=wach8.com&refer=	14 Info an9news.com(34.102.136.180) - malware www.17geci.com() - malware jiamini.us-east-1.elasticbeanstalk.com(23.22.53.61) - malware rubycityvietnam.com(45.252.248.29) - malware vayvontinchap5s.com() - malware wach8.com(218.247.67.211) - malware stopnote.vhostgo.com(116.140.34.68) lami-jo.com(35.209.32.159) - malware 23.22.53.61 - malware 218.247.67.211 - malware 34.102.136.180 - mailcious 116.140.34.68 45.252.248.29 - mailcious 35.209.32.159	3		4.4	M	41	ZeroCERT

45425	2021-05-23 17:40	ALL.txt a140c5bb18fc4adb4a2f5d2a907de048 Antivirus VirusTotal Malware unpack itself WriteConsoleW Windows DNS Cryptographic key					1.8		1	ZeroCERT

45426	2021-05-23 17:40	f3kmkuwbdpgytdc5.exe ae4a8c201b070ee94488bb8862ed4ec5 .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself					1.8	M	36	ZeroCERT

45427	2021-05-23 17:38	I-Record.exe 6f80701718727602e7196b1bba7fac1b .NET EXE PE File PE32 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself DNS					2.8	M	52	ZeroCERT

45428	2021-05-23 17:38	PicturesLab.exe 02398f9746a8cdebb2bc1cb9ccb40e70 .NET EXE PE File PE32 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself					2.2	M	53	ZeroCERT

45429	2021-05-23 17:31	ALL.txt a140c5bb18fc4adb4a2f5d2a907de048 VirusTotal Malware Check memory RWX flags setting unpack itself DNS					2.0		1	ZeroCERT

45430	2021-05-23 17:12	Server.txt 68a0c1efdcd6fa5a6f08327b40afa394 Anti_VM ScreenShot AntiDebug AntiVM VirusTotal Malware Check memory unpack itself DNS					2.0		3	ZeroCERT

45431	2021-05-23 10:55	Setup.exe d69ad8d2f432e57d4f5ecf5d7e7f9300 Emotet AsyncRAT backdoor PWS .NET framework Gen1 Glupteba BitCoin Generic Malware Anti_VM VMProtect AntiDebug AntiVM PE File PE32 DLL .NET DLL .NET EXE GIF Format OS Processor Check PE64 Browser Info Stealer VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files ICMP traffic unpack itself Windows utilities Collect installed applications Check virtual network interfaces AppData folder AntiVM_Disk sandbox evasion VMware IP Check VM Disk Size Check installed browsers check Tofsee Ransomware GameoverP2P Zeus Windows Browser ComputerName Trojan Banking Amazon DNS Cryptographic key crashed keylogger	28 Keyword trend analysis Info http://ol.gamegame.info/report7.4.php http://limesfile.com/Ea42LhC7KVL6GEpzgxwW/C_Net_8Rpjkd5GEqRYJq87/xuqczuydmga4p4c.exe http://reportyuwt4sbackv97qarke3.com/sCTMqVJusfff2DEP/eYzrrbN8esV7bvgC http://limesfile.com/Ea42LhC7KVL6GEpzgxwW/C_Net_8Rpjkd5GEqRYJq87/xYW2RW5ePv.exe http://iw.gamegame.info/report7.4.php http://global-sc-ltd.com/EbBkqVdkm4Ebeb_EXes_nhQRrZqYVKhyGK8YF2zAUuC3J/C_Blazer_Sha/PicturesLab.exe http://global-sc-ltd.com/EbBkqVdkm4Ebeb_EXes_nhQRrZqYVKhyGK8YF2zAUuC3J/Widgets/i-record.exe http://global-sc-ltd.com/EbBkqVdkm4Ebeb_EXes_nhQRrZqYVKhyGK8YF2zAUuC3J/Widgets/Picture-Lab.exe http://global-sc-ltd.com/EbBkqVdkm4Ebeb_EXes_nhQRrZqYVKhyGK8YF2zAUuC3J/C_Blazer_Sha/I-Record.exe http://87.251.71.193// - rule_id: 1393 http://uyg5wye.2ihsfa.com/api/fbtime - rule_id: 1396 http://www.google.com/ http://ipinfo.io/ip http://limesfile.com/Ea42LhC7KVL6GEpzgxwW/C_Net_8Rpjkd5GEqRYJq87/f3kmkuwbdpgytdc5.exe http://ip-api.com/json/?fields=8198 http://ipinfo.io/country http://ip-api.com/json/ http://uyg5wye.2ihsfa.com/api/?sid=214117&key=0f51bef1ab2ad0b2ca0fa6f125359da2 - rule_id: 1396 https://iplogger.org/18hh57 https://ipqualityscore.com/api/json/ip/gp65l99h87k3l1g0owh8fr8v99dme/175.208.134.150 https://www.facebook.com/ https://api.ip.sb/geoip https://connectini.net/Series/SuperNitou.php https://news-systems.xyz/?user=barret2 https://news-systems.xyz/?user=barret1 https://iplogger.org/1Hpxd7 https://ipinfo.io/country https://c.pycharm3.ru/SystemServiceModelConfigurationExtensionsSection61947	39 Info news-systems.xyz(104.21.33.129) iw.gamegame.info(104.21.21.221) www.google.com(216.58.197.228) c.pycharm3.ru(217.107.34.191) b92d17fa-9c17-4007-a5f7-b87033b86cc2.s3.us-east-2.amazonaws.com(52.219.106.138) - malware email.yg9.me(198.13.62.186) google.com(172.217.25.78) uyg5wye.2ihsfa.com(88.218.92.148) - mailcious ol.gamegame.info(104.21.21.221) global-sc-ltd.com(199.188.201.83) connectini.net(162.0.210.44) ipinfo.io(34.117.59.81) limesfile.com(198.54.126.101) ip-api.com(208.95.112.1) www.facebook.com(157.240.215.35) api.ip.sb(172.67.75.172) iplogger.org(88.99.66.31) - mailcious reportyuwt4sbackv97qarke3.com(162.0.220.187) ipqualityscore.com(104.26.2.60) 87.251.71.193 - mailcious 162.0.220.187 52.219.84.224 216.58.197.196 - suspicious 88.218.92.148 - malware 104.26.3.60 198.13.62.186 104.21.33.129 - mailcious 199.188.201.83 157.240.215.35 88.99.66.31 - mailcious 104.21.21.221 162.0.210.44 34.117.59.81 217.107.34.191 - mailcious 198.54.126.101 216.58.197.206 - mailcious 208.95.112.1 172.67.200.215 104.26.13.31	10 Info ET POLICY External IP Lookup ip-api.com ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET POLICY PE EXE or DLL Windows file download HTTP ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 8 through 15 set ET POLICY Possible External IP Lookup ipinfo.io ET POLICY Executable served from Amazon S3 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download SURICATA HTTP unable to match response to request	3	25.2	M	35	ZeroCERT

45432	2021-05-23 10:46	kakashi_cry.exe 62c59ba0375eebf49b4d80c290e69646 AsyncRAT backdoor PWS .NET framework .NET EXE PE File PE32 Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process Tofsee Windows	1 Keyword trend analysis	3	1		6.4			ZeroCERT

45433	2021-05-23 10:23	att.exe a119eaea434c7e0c58663c605e9c0ac6 Raccoon Stealer Glupteba PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows crashed					2.8		21	ZeroCERT

45434	2021-05-23 10:23	index.exe 21f942eb973340f0b1948d929ff5fc6e PWS .NET framework Malicious Library AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities AppData folder Windows DNS Cryptographic key					10.6	M	41	ZeroCERT

45435	2021-05-23 10:23	hbggg.exe e6f6fd13001b8df1af345df56caba5de Gen2 Emotet PE File OS Processor Check PE32 Browser Info Stealer VirusTotal Malware PDB Malicious Traffic Check memory Creates executable files Check virtual network interfaces AppData folder IP Check Tofsee Browser RCE DNS	5 Keyword trend analysis	8	2	2	7.0	M	50	ZeroCERT