Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6406	2021-03-23 10:51	rl8.exe 5ab10b180aca215ff3af5ec0e0e00b87 Malware download Dridex TrickBot VirusTotal Malware AutoRuns Code Injection Malicious Traffic Check memory buffers extracted Creates executable files ICMP traffic unpack itself Windows utilities suspicious process sandbox evasion Kovter Windows ComputerName DNS	1 Keyword trend analysis	2	2		11.4	M	3	ZeroCERT

6407	2021-03-23 11:20	vmv.exe d4fc99799273a7091629bd0a87c8d820 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					9.4	M	25	ZeroCERT

6408	2021-03-23 11:21	IMG_1024_363_17.pdf ea02325d723cd8165ccf9c64e077a87c Antivirus AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	5 Keyword trend analysis Info http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-6C3F214F949E47305302507F92E3ADFD.html - rule_id: 462 http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-AF5734FDC5BC02E3380E1236CC01A9AE.html - rule_id: 462 http://checkip.dyndns.org/ http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-3F52D3AB76438B009A945DE627D1F05E.html - rule_id: 462 https://freegeoip.app/xml/175.208.134.150	6	4	3	16.0	M	31	ZeroCERT

6409	2021-03-23 11:22	razi.exe 457d4236836f28c4176e828ecfff8b05 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Tofsee Windows ComputerName DNS Cryptographic key crashed	3 Keyword trend analysis Info http://r3---sn-3u-bh26.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe?cms_redirect=yes&mh=pH&mip=175.208.134.150&mm=28&mn=sn-3u-bh26&ms=nvh&mt=1616465553&mv=m&mvi=3&pcm2cms=yes&pl=18&shardbypass=yes http://redirector.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe https://update.googleapis.com/service/update2?cup2key=10:1418560779&cup2hreq=5b7edf2d3839da403b791dfdb567fe41a40a3942b94339dc204e2169d55f8ea3	2	4		11.0	M	15	ZeroCERT

6410	2021-03-23 11:22	l8ywly0adHHMfa9UEHOA0OEd.exe f8372b779001bb5a6c401c657ee514ed Glupteba Emotet Gen Malicious Library AsyncRAT backdoor VirusTotal Malware Buffer PE AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files ICMP traffic unpack itself Windows utilities Check virtual network interfaces Tofsee Windows Advertising ComputerName DNS crashed	8 Keyword trend analysis Info http://file.ekkggr3.com/iuww/jvppp.exe - rule_id: 475 http://188.93.233.223/proxy1.exe - rule_id: 473 http://whatitis.site/dlc/mixinte - rule_id: 472 http://103.124.106.203/cof4/inst.exe - rule_id: 474 https://iplogger.org/1ixtu7 https://iplogger.org/1ifti7 https://pastebin.com/raw/mH2EJxkv - rule_id: 469 https://iplogger.org/1hVa87	21 Info digitalassets.ams3.digitaloceanspaces.com(5.101.110.225) - malware aretywer.xyz(45.144.30.78) - malware mytoolsprivacy.site() - malware jg3.3uag.pw() - mailcious whatitis.site(92.63.99.163) - malware iplogger.org(88.99.66.31) d0wnl0ads.online() - mailcious pastebin.com(104.23.99.190) - mailcious file.ekkggr3.com(172.67.162.110) - malware msiamericas.com(141.136.39.190) www.investinae.com(108.167.143.77) 92.63.99.163 - malware 188.93.233.223 - malware 103.124.106.203 - malware 88.99.66.31 - mailcious 141.136.39.190 104.23.99.190 - mailcious 45.144.30.78 - malware 5.101.110.225 - malware 104.21.66.169 108.167.143.77	9 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a *.pw domain - Likely Hostile SURICATA TLS invalid record type ET INFO Executable Download from dotted-quad Host SURICATA TLS invalid record/traffic ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	5	14.4	M	43	ZeroCERT

6411	2021-03-23 11:23	krnl_console_bootstrapper.exe 8f251ae83b2c4898354f35d4bbba2c03 Emotet AsyncRAT backdoor VirusTotal Malware PDB Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces WriteConsoleW Tofsee Windows	2 Keyword trend analysis	4	1		4.2	M	13	ZeroCERT

6412	2021-03-23 11:24	vgk.exe 814e6fbbf6684989eb6d06ee6ecf77df VirusTotal Malware Check memory Checks debugger unpack itself DNS		1			2.4	M	17	ZeroCERT

6413	2021-03-23 11:26	e4.exe 0f319e34515d4cc3c82401bc2a407175 VirusTotal Malware AutoRuns Code Injection Check memory Creates executable files ICMP traffic Windows utilities sandbox evasion Windows ComputerName DNS crashed		1			6.4	M	14	ZeroCERT

6414	2021-03-23 11:26	xxl.exe bb1da6c4e104044a76d589725e9c381e Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		2			7.8	M	16	ZeroCERT

6415	2021-03-23 11:28	Ledger_01362.jar 40c11680234388261f20b59d0452c9e5 VirusTotal Malware Check memory heapspray unpack itself Java DNS		1			3.6	M	7	ZeroCERT

6416	2021-03-23 11:28	task.exe 0938924f02dd026b77b615a79dde3ccc Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows DNS	1 Keyword trend analysis	3	1		10.6	M	30	ZeroCERT

6417	2021-03-23 11:29	ooooog.exe a950f7437609b32af30d2c3e2217a810 Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key					7.2	M	17	ZeroCERT

6418	2021-03-23 11:31	Order+Acknowledgement+BC202374... 33d43a4aec5bc0eecf313ecd946d056a VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName					4.2		7	ZeroCERT

6419	2021-03-23 11:31	twix.jpg 821ba9dee790b9572f834244fd9ca675 VirusTotal Malware					0.4	M	2	ZeroCERT

6420	2021-03-23 11:32	MMPlayer2.exe 221563236c994ab843651fd840caacec Glupteba Malicious Library VirusTotal Malware PDB unpack itself Windows Remote Code Execution crashed					2.8	M	26	ZeroCERT