Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
49156	2021-01-28 10:26	rhddqtntq.rar.exe 6738ed3b1d050e85dabbe4f72b79fb89 VirusTotal Malware PDB Check memory unpack itself malicious URLs WriteConsoleW Windows DNS Cryptographic key					3.6	M	16	ZeroCERT

49157	2021-01-28 10:26	tempz.scr 556fd7cf62874176af731b08c8ef34dd Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs installed browsers check Windows Browser Email ComputerName RCE DNS Cryptographic key Software	1 Keyword trend analysis	3		1	14.2	M	23	ZeroCERT

49158	2021-01-28 10:21	order2020.xlsx.jar 5187ae708fc760b89012cdf9dfff6f20 VirusTotal Malware Check memory heapspray unpack itself Java DNS		1			2.8		5	ZeroCERT

49159	2021-01-28 10:20	mbegtwcv.zip.exe 2d50e90a1ebaa057d502642e651391ce VirusTotal Malware PDB Check memory unpack itself malicious URLs WriteConsoleW Windows DNS Cryptographic key					3.6	M	15	ZeroCERT

49160	2021-01-28 10:16	IMG-79108.pdf.exe 98119f6305337412e58f0d3ca740a227 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs VMware IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	3 Keyword trend analysis	7	4		16.8	M	22	ZeroCERT

49161	2021-01-28 10:16	IMG-60612.pdf.exe d78c14fcae677b87f3d24ab6cb42ad92 VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs Tofsee Windows Cryptographic key	1 Keyword trend analysis	4	1		7.8	M	26	ZeroCERT

49162	2021-01-28 10:12	IMG-6661.pdf.exe 3ecba85c4a6a88ffc472496da3200b78 VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs Tofsee Windows Cryptographic key	1 Keyword trend analysis	3	1		7.8	M	20	ZeroCERT

49163	2021-01-28 10:11	IMG-11862.pdf.exe 5a7e3e87f007da7d39bd5cb58cac10d0 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Tofsee Windows DNS Cryptographic key	1 Keyword trend analysis	2	1		11.0	M	21	ZeroCERT

49164	2021-01-28 10:03	hm2.exe f49e0b01e26e5e197421c4260dd87545 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities AppData folder malicious URLs Windows DNS	9 Keyword trend analysis Info http://www.gdsjgf.com/bw82/?v2=7KG5rMnLNS/F00cUwyvwq06b8xrmRTVdiDQe9ch18oMrwrVTJ7b27kzNH/2ON0tx/WWBZXRB&CZ=7nExZbW - rule_id: 173 http://www.rizrvd.com/bw82/?v2=AJ+QNFfrOFbXfaBH3oQHABBFVni950JEMBOKAlzmtW9JOrHkbqbPArp20lyvTn0sGIZMgptI&CZ=7nExZbW - rule_id: 170 http://www.rizrvd.com/bw82/?v2=AJ+QNFfrOFbXfaBH3oQHABBFVni950JEMBOKAlzmtW9JOrHkbqbPArp20lyvTn0sGIZMgptI&CZ=7nExZbW http://www.rizrvd.com/bw82/ - rule_id: 170 http://www.wmarquezy.com/bw82/?v2=/EPqbtSARGzilFdTRYE1urAc3bDaNMBRSm6tJpb+ckA41wFrw7Re59/hr+veajPbLei9XJ0s&CZ=7nExZbW - rule_id: 181 http://www.sedaskincare.com/bw82/ - rule_id: 180 http://www.wmarquezy.com/bw82/ - rule_id: 181 http://www.sedaskincare.com/bw82/?v2=Tct1hGrTsO4wXuX+7y4OUHCQTPZT/SHKJbEPAo1kRuxvuV11m4iT8otUrtDadXdmrqCWO0Rp&CZ=7nExZbW - rule_id: 180 http://www.gdsjgf.com/bw82/ - rule_id: 173	9 Info www.rumblingrambles.com() www.curateherstories.com(34.102.136.180) - mailcious www.rizrvd.com(34.102.136.180) - mailcious www.wmarquezy.com(192.0.78.25) - mailcious www.sedaskincare.com(208.91.197.27) - mailcious www.gdsjgf.com(34.102.136.180) - mailcious 192.0.78.24 - mailcious 34.102.136.180 - mailcious 208.91.197.27 - mailcious		8	12.6	M	20	ZeroCERT

49165	2021-01-28 10:03	hm1.exe be84c387975b024f25dc96ec5f85f7bd VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs	4 Keyword trend analysis Info http://www.okcpp.com/bw82/?mR-0xBQ=Mfpkxl91HSlRqF4UwnoLlCSItQE/DRVdVWsqLGW7UZi4jMe9Kfon6cyi45I/1E+fR8PCPduN&4hL=uFQxrx4P1P68CHO - rule_id: 182 http://www.climaxnovels.com/bw82/?mR-0xBQ=ErYhPq09uXyhgRW3wS6+i9BP1HsxrMLlWLCRTnJEgagI3gz/PfG7PFvbtbGJ+B5PJFd9ne6N&4hL=uFQxrx4P1P68CHO http://www.okcpp.com/bw82/ - rule_id: 182 http://www.climaxnovels.com/bw82/	11 Info www.nikolaichan.com(172.217.161.51) - mailcious www.okcpp.com(3.16.142.83) - mailcious www.kolamart.com(34.102.136.180) - mailcious www.chrisbubser.digital() www.climaxnovels.com(34.102.136.180) www.curateherstories.com(34.102.136.180) - mailcious www.gmobilet.com() www.texasdryroof.com(34.102.136.180) - mailcious 74.125.204.121 3.140.151.209 - mailcious 34.102.136.180 - mailcious		2	8.8	M	25	ZeroCERT

49166	2021-01-28 09:43	b8bejqqlu.zip.exe a4b9e098c98cd47e18f8c6a1ad8897c1 VirusTotal Malware PDB Check memory unpack itself malicious URLs WriteConsoleW Windows DNS Cryptographic key					3.6	M	17	ZeroCERT

49167	2021-01-28 09:43	engkeyz.scr 0eda2db28f1121fb5d2d6a4095f56c98 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	1 Keyword trend analysis	1		1	13.2	M	12	ZeroCERT

49168	2021-01-28 09:23	vbc.exe fcbfe0655ddb6609b6145f5798e7c9bf VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName crashed					9.4		15	ZeroCERT

49169	2021-01-28 09:19	111.exe 7fe2322db3d58f5b993fadbaaff908be Browser Info Stealer Malware download FTP Client Info Stealer Azorult VirusTotal Email Client Info Stealer Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder malicious URLs sandbox evasion anti-virtualization installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	1	3		15.6	M	43	ZeroCERT

49170	2021-01-28 09:19	document.doc e2c1faf78a91f45c6f641d24d639865d VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	1	6 Info ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.2		24	ZeroCERT

Submissions

6738ed3b1d050e85dabbe4f72b79fb89

556fd7cf62874176af731b08c8ef34dd

5187ae708fc760b89012cdf9dfff6f20

2d50e90a1ebaa057d502642e651391ce

98119f6305337412e58f0d3ca740a227

d78c14fcae677b87f3d24ab6cb42ad92

3ecba85c4a6a88ffc472496da3200b78

5a7e3e87f007da7d39bd5cb58cac10d0

f49e0b01e26e5e197421c4260dd87545

be84c387975b024f25dc96ec5f85f7bd

a4b9e098c98cd47e18f8c6a1ad8897c1

0eda2db28f1121fb5d2d6a4095f56c98

fcbfe0655ddb6609b6145f5798e7c9bf

7fe2322db3d58f5b993fadbaaff908be

e2c1faf78a91f45c6f641d24d639865d

View

Insert

Alert