Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6271	2021-03-21 14:36	xload-09.exe 2df44a20d5f633e27efe329f80048450 Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs Windows Cryptographic key					6.0	M	27	ZeroCERT

6272	2021-03-21 14:39	22.dll 649b5c913739cea195c7662ff412b8ce VirusTotal Malware PDB					1.4	M	50	ZeroCERT

6273	2021-03-21 14:43	22.dll 649b5c913739cea195c7662ff412b8ce VirusTotal Malware PDB					1.4	M	50	ZeroCERT

6274	2021-03-21 14:48	22.dll 649b5c913739cea195c7662ff412b8ce VirusTotal Malware PDB unpack itself DNS					2.4	M	50	ZeroCERT

6275	2021-03-21 15:30	22.dll 649b5c913739cea195c7662ff412b8ce VirusTotal Malware PDB DNS					2.0	M	50	ZeroCERT

6276	2021-03-21 15:46	svchost.exe ccbc6b3eb409f759aecd2cdfe30c0afc AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself suspicious process malicious URLs installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software		1	1		11.6	M	27	ZeroCERT

6277	2021-03-21 15:47	vbc.exe d8e83950bcb19837b403291cfd01ae68 AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName DNS Cryptographic key crashed					10.4		28	ZeroCERT

6278	2021-03-21 17:06	Practical3.exe 8819d7f8069d35e71902025d801b44dd Antivirus VirusTotal Malware PDB suspicious privilege Malicious Traffic Check memory WMI Windows utilities malicious URLs WriteConsoleW Tofsee Ransomware Windows Tor ComputerName DNS	4 Keyword trend analysis Info http://r3---sn-3u-bh26.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe?cms_redirect=yes&mh=pH&mip=175.208.134.150&mm=28&mn=sn-3u-bh26&ms=nvh&mt=1616310975&mv=m&mvi=3&pl=18&shardbypass=yes http://redirector.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe https://update.googleapis.com/service/update2?cup2key=10:3997491519&cup2hreq=46abe5d62d869d2508101903ff1ca53db88bdb8803d25d712e89899c3eeb344a https://update.googleapis.com/service/update2	2	4		8.6		42	guest

6279	2021-03-21 18:45	winlog.exe 10c1d0f518ca7dfb1b0386f1f009c131 AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key crashed					11.6	M	47	ZeroCERT

6280	2021-03-21 18:45	winlog2.exe adbc8e8beb3f5318a520ba139e547b8a Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Check memory Creates executable files ICMP traffic unpack itself AppData folder malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software		2			11.2	M	29	ZeroCERT

6281	2021-03-21 18:54	1.sfx.exe bcfb15e2c5ff8328fd767ed60dc90846 Emotet VirusTotal Malware unpack itself ComputerName DNS					2.2	M	23	ZeroCERT

6282	2021-03-21 18:56	winlog3.exe 593168105682fb59c28c17d35e5a4fb3 FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself AppData folder malicious URLs sandbox evasion	8 Keyword trend analysis Info http://www.scanourworld.com/nsag/ http://www.bukaino.net/nsag/ - rule_id: 343 http://www.bukaino.net/nsag/?OtxhT2=oC6r1HmZx5wn5oXPzQLXQ4VMDjeb3X29kqfgvoAAEugKEHNilNhbzg6QyG7lAWIEjI8cRCmD&W4=inHpWra8G - rule_id: 343 http://www.aashlokhospitals.com/nsag/ http://www.athara-kiano.com/nsag/?OtxhT2=1e70w6qva0/8AhhFV27vpOpA5lfYuhHzBJ3+ZXyYbvrIHeDq+MUfY0sNjUuYvF5UKGbPHp55&W4=inHpWra8G http://www.athara-kiano.com/nsag/ http://www.aashlokhospitals.com/nsag/?OtxhT2=NiGY7UM8w96/Atqu+lE4BNOULiUW6ss8cB8FeVv4x1SJhjCrK3DaPWYfm9ta74zNnQQf9ajE&W4=inHpWra8G http://www.scanourworld.com/nsag/?OtxhT2=RjpY/w7SlG6X0MktOkaS4a7cxyPO11vhmKSgl8HqKcRxVLLhONg71tk1m8LnOJlxdfFnslqN&W4=inHpWra8G	19 Info www.aashlokhospitals.com(85.187.128.38) www.glowtheblog.com(217.160.0.236) www.athara-kiano.com(103.251.44.218) www.nooshone.com() - mailcious www.creationsbyjamie.com(198.49.23.144) www.usopencoverage.com(94.136.40.51) www.scanourworld.com(34.102.136.180) www.kodairo.com(34.201.8.187) www.bukaino.net(184.168.131.241) www.mistressofherdivinity.com(173.231.242.82) 184.168.131.241 - mailcious 94.136.40.51 - mailcious 85.187.128.38 198.49.23.145 - mailcious 173.231.242.82 - mailcious 217.160.0.236 - mailcious 34.201.8.187 34.102.136.180 - mailcious 103.251.44.218	1	2	6.8	M	21	ZeroCERT

6283	2021-03-21 19:02	dl2.exe 900bcb73268ea52cd6ea935e2b250453 VirusTotal Malware unpack itself DNS crashed					2.6	M	20	ZeroCERT

6284	2021-03-21 19:04	AWP.exe 68312e4fef6955b4e05a93fa1dc0821c Google Chrome User Data browser info stealer VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious process malicious URLs Windows					13.2	M	28	ZeroCERT

6285	2021-03-21 19:08	fdi.exe 91ee2afefdf066eae3aead061a8075ed unpack itself DNS crashed					1.8	M		ZeroCERT