Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
45751	2021-04-27 09:14	JNhUwWi6.html 1f76d9e2358dcba1670b35ce61d7bd96 Antivirus VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process Tofsee Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	2	1	8.4		7	guest

45752	2021-04-27 09:13	JNhUwWi6 1f76d9e2358dcba1670b35ce61d7bd96 Antivirus VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1	7.8		7	ZeroCERT

45753	2021-04-27 08:07	nB41BIelTsP4FLI.exe dadffda4bf041605a5230e8d4b623115 PWS .NET framework Malicious Library AsyncRAT backdoor VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows DNS Cryptographic key				3.6	M	26	ZeroCERT

45754	2021-04-27 08:05	https://p8hj.blogspot.com/p/44... 5b0175dd30bd407af2915d017f1f4e90 Antivirus VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	27 Keyword trend analysis Info https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png https://p8hj.blogspot.com/favicon.ico https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png https://fonts.googleapis.com/css?family=Open+Sans:300 https://www.blogger.com/static/v1/widgets/1564291244-widgets.js https://ssl.gstatic.com/gb/images/p1_c9bc74a1.png https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff https://www.google-analytics.com/analytics.js https://www.blogger.com/static/v1/v-css/281434096-static_pages.css https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://p8hj.blogspot.com/p/44.html%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://p8hj.blogspot.com/p/44.html%26type%3Dblog%26bpli%3D1&passive=true&go=true https://www.google.com/css/maia.css https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg https://fonts.googleapis.com/css?lang=ko&family=Product+Sans\|Roboto:400,700 https://www.blogger.com/img/blogger-logotype-color-black-1x.png https://www.blogger.com/dyn-css/authorization.css?targetBlogID=3922155243674983324&zx=8a61e2f3-37c8-4d3a-8fe4-f6b29f03e618 https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js https://www.blogger.com/blogin.g?blogspotURL=https://p8hj.blogspot.com/p/44.html&type=blog https://www.gstatic.com/og/_/js/k=og.qtm.en_US.3gGou_DPQGQ.O/rt=j/m=q_d,qawd,qmd,qsd,qmutsd,qapid/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtt/d=1/ed=1/rs=AA2YrTuZTrLZ4SHM1gfcCFFxdZIZ-5oj0Q https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fp8hj.blogspot.com%2Fp%2F44.html&type=blog&bpli=1 https://www.blogger.com/static/v1/jsbin/1277698886-ieretrofit.js https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.jcYff4gdSOQ.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_CvAHQybwQAZJQL2tdeysMj0HgHw/cb=gapi.loaded_0 https://www.blogger.com/static/v1/widgets/115981500-css_bundle_v2.css https://resources.blogblog.com/img/icon18_wrench_allbkg.png https://p8hj.blogspot.com/p/44.html https://www.gstatic.com/og/_/ss/k=og.qtm.IkH5OKdqKO4.L.I9.O/m=qawd,qmd/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTt8q6VIKYZCBV2SKDFkL7YCc5evsA	22 Info fonts.googleapis.com(172.217.26.42) resources.blogblog.com(216.58.220.105) www.google.com(142.250.196.132) www.gstatic.com(142.250.196.99) ssl.gstatic.com(172.217.174.99) accounts.google.com(216.58.197.173) www.google-analytics.com(172.217.25.238) fonts.gstatic.com(216.58.220.131) apis.google.com(172.217.26.46) p8hj.blogspot.com(172.217.25.97) www.blogger.com(216.58.220.105) 142.250.204.141 216.58.199.1 172.217.161.142 172.217.24.78 172.217.161.138 216.58.200.73 142.250.204.68 172.217.174.195 142.250.66.73 142.250.66.67 142.250.204.67	2	4.6			ZeroCERT

45755	2021-04-27 08:05	RAUjORNtrpBMaXE.exe 7bb6c716a6119de0949bd18feabf492d PWS .NET framework Malicious Library AsyncRAT backdoor VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows DNS Cryptographic key				4.6	M	28	ZeroCERT

45756	2021-04-27 08:03	Wzze3eSA4thdJZc.exe daec9c824832ffc25734efb3fb4512e0 PWS .NET framework Malicious Library AsyncRAT backdoor VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows Cryptographic key				3.2	M	30	ZeroCERT

45757	2021-04-27 08:00	AGcjf4hZF7GWTYa.exe b3e1928a79fc2870037070e4910be463 PWS .NET framework Malicious Library AsyncRAT backdoor VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows Cryptographic key				3.0		29	ZeroCERT

45758	2021-04-27 08:00	ZyL7yM4Z6je3A8K.exe 9463178c1032fb981519b41b9de5b476 PWS .NET framework Malicious Library AsyncRAT backdoor VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows DNS Cryptographic key				3.6		20	ZeroCERT

45759	2021-04-27 07:46	nZ2hezPMXoxnZ1b.exe b698654db1dc5754e6e44cdfe5fa86c5 PWS .NET framework Malicious Library AsyncRAT backdoor VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows DNS Cryptographic key crashed				4.0	M	34	ZeroCERT

45760	2021-04-27 07:44	PAa4O8FlG6VW063.exe b1149708e8e0bbe6d4c5817e3a14eed6 PWS .NET framework Malicious Library AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed				11.6		22	ZeroCERT

45761	2021-04-27 07:36	ChIxV8ffRiFmEyg.exe fe6f9b6a8165ee515b270d316fca5f6d PWS .NET framework Malicious Library AsyncRAT backdoor VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows DNS Cryptographic key crashed				3.8		21	ZeroCERT

45762	2021-04-27 07:34	YJsq7ClO2MJYRAz.exe d99fa385d6238fb480c064c8785a0c83 PWS .NET framework Malicious Library AsyncRAT backdoor VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows DNS Cryptographic key				3.8		30	ZeroCERT

45763	2021-04-27 07:34	zNxilDNA8KXhDwA.exe 5570cf1f7f13401060e437441383b17f PWS .NET framework Malicious Library AsyncRAT backdoor VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows Cryptographic key				3.2		33	ZeroCERT

45764	2021-04-26 18:27	IMG_106_680_74_80.pdf e05e738dcb98a9f8c125138b492f82e5 AgentTesla KeyBase Keylogger Gen1 Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization installed browsers check OskiStealer Stealer Windows Browser Email ComputerName DNS Cryptographic key crashed Password	9 Keyword trend analysis	2	7 Info ET INFO DNS Query for Suspicious .icu Domain ET POLICY Data POST to an image file (jpg) ET INFO HTTP POST Request to Suspicious *.icu domain ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET HUNTING Possible EXE Download From Suspicious TLD ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)	17.0	M	13	ZeroCERT

45765	2021-04-26 18:27	IMG_5023075401.pdf 427e21ef958ea63e6a12ce4d8d5a3e55 AgentTesla KeyBase Keylogger Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	5	4	13.4	M	16	ZeroCERT