Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
45766	2021-05-04 09:43	mosb.exe 3eba87fa613f9362c4f98cfd50c9dcf7 PWS .NET framework Malicious Library SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed				11.0		28	ZeroCERT

45767	2021-05-04 09:40	nedx.exe c1aba14168659c757816249ab352bada PWS .NET framework Malicious Library SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed				12.6	M	21	ZeroCERT

45768	2021-05-04 09:39	IconExplorer.exe 4a71d4c41b583d8e3c589cef642199b6 UPX PE File PE32 VirusTotal Malware unpack itself ComputerName				2.0		2	조광섭

45769	2021-05-04 09:38	note-mxm.exe 116db2200d9be33529615fc98907d4d8 AsyncRAT backdoor PWS .NET framework DNS AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed		1		12.6	M	39	ZeroCERT

45770	2021-05-04 09:36	angelx.exe af8241fb10ef39af9ec4a50a284fc96d AsyncRAT backdoor SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself suspicious process WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger		1		12.2		19	ZeroCERT

45771	2021-05-04 09:36	fixxing.exe 0d50c8e7c3f044099056bfb318f108c6 AsyncRAT backdoor PWS .NET framework Malicious Library DNS AntiDebug AntiVM .NET EXE PE File PE32 Malware download Nanocore VirusTotal Malware c&c Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key		1	1	13.2	M	22	ZeroCERT

45772	2021-05-04 09:34	SZOUQ7KsUzcDsCB.exe 9435e4534e50a32af1f73ea36bb3bda9 PWS .NET framework Malicious Library .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key				2.2		26	ZeroCERT

45773	2021-05-04 09:33	presentation.dll 5a7c87dab250cee78ce63ac34117012b Gen1 DLL PE File PE32 VirusTotal Malware PDB MachineGuid Check memory unpack itself ComputerName DNS crashed				2.4		9	ZeroCERT

45774	2021-05-04 09:13	explorer.exe 01c087629a99a6cb94700ae1f8f4d894 PE File PE32 VirusTotal Malware AutoRuns Check memory Creates executable files RWX flags setting AntiVM_Disk sandbox evasion VM Disk Size Check Windows Browser DNS		2		7.2		54	ZeroCERT

45775	2021-05-04 09:04	aes.js 78a66859739b0c9e18bc5b4538c03bf9							Kim.GS

45776	2021-05-04 08:11	ew.dot 64dd92f97bf7b9752f124ed0b75762c5 RTF File doc AntiDebug AntiVM Malware download VirusTotal Malware MachineGuid Malicious Traffic Check memory exploit crash unpack itself IP Check Tofsee Windows Exploit DNS DDNS crashed Downloader	3 Keyword trend analysis	5	10 Info ET INFO DYNAMIC_DNS Query to *.dyndns. Domain SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Lookup - checkip.dyndns.org ET INFO Executable Download from dotted-quad Host ET POLICY DynDNS CheckIp External IP Address Server Response ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5.6		25	ZeroCERT

45777	2021-05-03 17:08	pepwn.exe ee0a1ec859b753abc30847157d81f37c PE File PE32 Dridex TrickBot ENERGETIC BEAR VirusTotal Malware Buffer PE AutoRuns PDB Malicious Traffic buffers extracted Creates executable files ICMP traffic Disables Windows Security Check virtual network interfaces AppData folder Firewall state off Kovter Windows Tor DNS Cryptographic key	7 Keyword trend analysis Info http://185.215.113.93/cc22 http://api.wipmania.com/ http://95.143.193.125/tor/status-vote/current/consensus.z http://193.11.164.243:9030/tor/status-vote/current/consensus.z http://185.215.113.93/cc11 http://23.129.64.201/tor/server/fp/0011bd2485ad45d984ec4159c88fc066e5e3300e+005079a42356183cea5a3add239303f44f12e7ea+00cc4ac22501360c541185ee7e4466efb7032cae+00cce6a84e6d63a1a42e105839bc8ed5d4b16669+00e1649e69ff91d7f01e74a5e62ef14f7d9915e4+019feb22ce04cbd0489b7f24be038518b64fa223+034168fa4180b8662439fc714e4bdd7c6b39f5df+041646640ab306ea74b001966e86169b04cc88d2+05051aa95fb65c64e6a99fc0963cedeb211c88ba+05499507da8b381370e0858a784c3afe13dc927f+0a3c9ebb64ee062aa170bb9bf2b84ffb02da88c9+0a4ed4c74020740a904f3a9936030b7a4c6170bb+0b19bbfdc498ccea23027b1d7bd8e20121b95e60+0b37ec8be844f5c20e5b84a885608de0c7dbea47+0c93559d6d7e95b41561424345b0b176fbe66f00+0d2d4b1d27468806bb1edfb02715eee91e1ab94e.z http://86.59.21.38/tor/server/fp/d5f09497548a39071d14ac9e9aa926a0f8a748f2+d5f5502c1762a0b737a81a6bdb78ddbf7efc7725+d60c2d85ead93d23f1c00874d334bbf8a96cd529.z	14	20 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 24 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 578 ET TOR Known Tor Exit Node Traffic group 74 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 75 ET COMPROMISED Known Compromised or Hostile Host Traffic group 109 ET POLICY External IP Lookup Attempt To Wipmania ET TOR Known Tor Exit Node Traffic group 105 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 106 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 319 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 743 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY TLS possible TOR SSL traffic SURICATA HTTP gzip decompression failed ET P2P Tor Get Server Request ET POLICY TOR Consensus Data Requested ET TOR Known Tor Exit Node Traffic group 16 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 16 ET COMPROMISED Known Compromised or Hostile Host Traffic group 61 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 810 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 303	12.6	M	37	ZeroCERT

45778	2021-05-03 17:06	Ll2LxWOagynlSgJ.exe 9f029c1ba7e42f78dcbe210b978961cf Malicious Library SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed				10.8	M	13	ZeroCERT

45779	2021-05-03 17:04	17hff.exe a5b17ac04b70cc12107229c7e3a92842 AsyncRAT backdoor AgentTesla AntiDebug AntiVM .NET EXE PE File PE32 Malware Malicious Traffic malicious URLs ComputerName DNS	1 Keyword trend analysis	3		3.8	M		ZeroCERT

45780	2021-05-03 17:04	yourlocallotto.exe 7564bb42086def493a6e8f27bf923647 PE File PE32 DLL VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself RCE DNS				3.0	M	33	ZeroCERT