Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
5281	2024-02-15 08:09	parkazx.exe 40481437ab27f01ff888644faf6681c5 AgentTesla .NET framework(MSIL) Escalate priviledges PWS KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser Email ComputerName DNS Software crashed keylogger		1			11.2	M		ZeroCERT

5282	2024-02-15 08:08	resources.dll 5d8d5a9c46e621f31d129bcd671c8c8a Emotet Gen1 Generic Malware Malicious Library UPX Antivirus PE32 PE File DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates shortcut unpack itself Collect installed applications suspicious process AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check Windows Browser Email ComputerName Remote Code Execution DNS Cryptographic key Software		4			15.6	M	12	ZeroCERT

5283	2024-02-15 08:06	resources.dll 6c072be39ed9066026637c0b74e74047 Emotet Gen1 Generic Malware Malicious Library UPX Antivirus PE32 PE File DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates shortcut unpack itself Collect installed applications suspicious process AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check Interception Windows Browser Email ComputerName Remote Code Execution DNS Cryptographic key Software		3			15.4	M	6	ZeroCERT

5284	2024-02-15 08:05	dropper_cs.exe 44570b59b21c1a35fe275b929cae1cb1 PE32 PE File .NET EXE VirusTotal Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key	9 Keyword trend analysis Info https://185.234.216.64/status/995598521343541248/query=/2b9ccd88-b78a-4e0d-a501-443a64e2861f/?o2LlLnlV94xEyay https://185.234.216.64/uasclient/0.1.34/modules/6ff70043-72f1-44c5-814d-cac488223681/?o2LlLnlV94xEyay https://185.234.216.64/bootstrap/3.1.1/bootstrap.min.js/f4cd251a-54ce-4d0d-a384-3130b75daddd/?o2LlLnlV94xEyay https://185.234.216.64/vfe01s/1/vsopts.js/c21da95f-473e-4f3e-b738-a32b31840f7a/?o2LlLnlV94xEyay https://185.234.216.64/Philips/v902/?c https://185.234.216.64/Philips/v902/7bb20a37-7410-46b4-8924-887ca08a72fb/?o2LlLnlV94xEyay https://185.234.216.64/business/retail-business/insurance.asp/c7252337-bf29-422f-a535-3e253da22cb4/?o2LlLnlV94xEyay https://185.234.216.64/vfe01s/1/vsopts.js/4f5070ad-59b6-4a2a-b63d-1975c49f4bc5/?o2LlLnlV94xEyay https://185.234.216.64/wpaas/load.php/0c0530f9-1676-4838-94bb-106f5f80e445/?o2LlLnlV94xEyay	1	1		5.4	M	55	ZeroCERT

5285	2024-02-15 08:05	resources.dll e758e07113016aca55d9eda2b0ffeebe Emotet Gen1 Generic Malware Malicious Library UPX Antivirus PE32 PE File DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates shortcut unpack itself Collect installed applications powershell.exe wrote suspicious process AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check Windows Browser Email ComputerName Remote Code Execution DNS Cryptographic key Software		3			15.4	M	8	ZeroCERT

5286	2024-02-15 08:04	binzx.exe 28527ceca95ca154ef0830e7e1d12cca .NET framework(MSIL) Escalate priviledges PWS AntiDebug AntiVM PE32 PE File .NET EXE DLL Browser Info Stealer VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Browser DNS	15 Keyword trend analysis Info http://www.towelhoodie.com/e3ir/ http://www.lululimon.homes/e3ir/?0zn1=MnAfW/PLVzL+awu+6py0DyhswC5lFb+KzQiUKGmL/dfkSBHwZ8KWhT5hSDOW2oy6+Ubgx8oLXj7rxmN/eM9gBRJNNdGyUBNB+DjATonn4e7YLJW2ZcIa7WkhxxUE2i2jRhqAhH4=&j-iRJ=MN2lRzxb1 http://www.homeezy.xyz/e3ir/ http://www.lululimon.homes/e3ir/ http://www.angelasboutiquesc.com/e3ir/ http://www.angelasboutiquesc.com/e3ir/?0zn1=U0e2VHQ3Q2kyrLYhN2GWjSinnXx1ELCrndILgHYZMReWye+UcSXtg0pUu5j/7KiXTsRhKWuHtZ3JDKzUJZ5ugnqdFdmORM2d/PXI9FqAPeGXz7TGzng7+fzpiLEjIEMXUx5nKdk=&j-iRJ=MN2lRzxb1 http://www.o649o.vip/e3ir/?0zn1=Dc6dvVHcKVxHUFHU7dtgcU0qTcIEXGIWjWEa7iVRqU3b1fWYpAX3J8LrsZPreVHDp7m66+C/Ugm92KDYdsc8zOND/q/WH4KBj5QCzcMv46MMie2ljUgumyrEg7gvztvYnlUJ/V4=&j-iRJ=MN2lRzxb1 http://www.lunarlagoon.xyz/e3ir/ http://www.towelhoodie.com/e3ir/?0zn1=wSa9TQYXgZofyGtyzliiZqTk1pWBsV3myGsiQjI6L1DL0/6jdc6zf58HxjcH6k3ssNwv6Kebp336XMF5QmwpFXFf9vZLo8xa/7w70H+lQos+yycCw3W/iJeO9/vYxYYDZnj5GOk=&j-iRJ=MN2lRzxb1 http://www.lunarlagoon.xyz/e3ir/?0zn1=amDQF+aWZ2u8NZ8aYBJwb1bsIBWP1X0Jfb6hq4auJT4ZjmIe2NaBMUhUedHzP+HaoY1NqTnL44ec8o658owhNxPhMIc1rPvjcxp0qdJT+Fqim8zDujyy2UMH/u96kS8xddhAL60=&j-iRJ=MN2lRzxb1 http://www.sqlite.org/2019/sqlite-dll-win32-x86-3270000.zip http://www.homeezy.xyz/e3ir/?0zn1=/UdOclaXQTxl1ky5HcaRYYcCUZ2kj8MRQ605n19Q4prrCJvQhbIstt1hAyUzE02YEnvpJQUNL+kmUSpVs3gZuZQBeBXeKl/p0qloAw6J088CYYck737OCpMXrGh2TMtetAW0xg0=&j-iRJ=MN2lRzxb1 http://www.martproduct.info/e3ir/ http://www.o649o.vip/e3ir/ http://www.martproduct.info/e3ir/?0zn1=ANHQbUDMy3IIyelXfbXsNOKXSS6Kb87qQyPZ6MgFk2MLfdv9lIzhXmdPRPJGdPkalJmBN+1EhrDaFZkBtumsyGL0T0rBPjzZW8FxF1Je0oSqG0wcoCtPBPZdohpB6FRwa4ruNJ0=&j-iRJ=MN2lRzxb1	16 Info www.lululimon.homes(91.195.240.19) www.homeezy.xyz(216.40.34.41) www.italiangreyhounds.online() www.martproduct.info(199.59.243.225) www.o649o.vip(35.227.226.177) www.angelasboutiquesc.com(15.235.86.83) www.towelhoodie.com(91.195.240.19) www.lunarlagoon.xyz(162.0.222.196) 91.195.240.19 - mailcious 162.0.222.196 199.59.243.225 - mailcious 216.40.34.41 - mailcious 91.201.67.85 45.33.6.223 35.227.226.177 15.235.86.83 - mailcious			13.2	M	37	ZeroCERT

5287	2024-02-15 08:04	amert.exe a6ba2dcff4afc522c78bf7470d968f5d Admin Tool (Sysinternals etc ...) UPX PE32 PE File VirusTotal Malware AutoRuns Checks debugger unpack itself Checks Bios Detects VMWare AppData folder VMware anti-virtualization Windows crashed					6.2	M	38	ZeroCERT

5288	2024-02-15 08:02	lt.exe a24578763f9a5b238646dc03268027cd .NET framework(MSIL) UPX PE32 PE File .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself DNS		1			2.6	M	19	ZeroCERT

5289	2024-02-15 01:26	test.exe 6737be0f15b6ddf4e13110708202eb84 Generic Malware Admin Tool (Sysinternals etc ...) UPX Anti_VM PE File PE64 OS Processor Check RWX flags setting unpack itself Check virtual network interfaces					2.6			guest

5290	2024-02-14 18:31	cases_2024-02-12_16-01-13-0368... 58888d54d24b730ab10fcd26cc871d19 Escalate priviledges PWS KeyLogger AntiDebug AntiVM CAB Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself DNS	5 Keyword trend analysis	5	2	2	4.6	M		ZeroCERT

5291	2024-02-14 18:26	cases_2024-02-12_16-01-12-8843... 90cb2bce91cc50e9f1244c94bd714be7 Escalate priviledges PWS KeyLogger AntiDebug AntiVM CAB Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself DNS	6 Keyword trend analysis	5	2		4.6	M		ZeroCERT

5292	2024-02-14 18:14	build.exe 674f0e284bdd2795be4948c911c14fc3 Gen1 Generic Malware Malicious Library ASPack Malicious Packer UPX Antivirus Anti_VM PE File PE64 DLL OS Processor Check ftp wget VirusTotal Malware Check memory Creates executable files unpack itself					2.8	M	28	ZeroCERT

5293	2024-02-14 18:11	agodzx.exe 2d80ba25d567362815d7c3fe8217fb9f AgentTesla .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AgentTesla Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Windows Browser Email ComputerName Software crashed	1 Keyword trend analysis	4	3		14.4	M	36	ZeroCERT

5294	2024-02-14 18:10	observ.msi ee5ceff4974b7e5c42476e9537820a80 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX MSOffice File CAB OS Processor Check PE32 PE File DLL VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AppData folder AntiVM_Disk VM Disk Size Check ComputerName					3.2		6	ZeroCERT

5295	2024-02-14 14:38	Wezwanie_swiadka.pdf.exe d7ff05311350b4990ccd642a44679d1d Client SW User Data Stealer browser info stealer NSIS Generic Malware Themida Packer Google Chrome User Data Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code Browser Info Stealer VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files exploit crash unpack itself Checks Bios Detects VirtualBox Detects VMWare AppData folder malicious URLs VMware anti-virtualization installed browsers check Tofsee Windows Exploit Browser ComputerName Firmware DNS crashed		3	3		13.6		17	ZeroCERT