Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
6586	2021-03-28 12:14	file.exe 44b09d587f7d6cba208102a570dd515f Glupteba VirusTotal Malware PDB unpack itself Windows Remote Code Execution crashed				2.8		25	ZeroCERT

6587	2021-03-28 12:15	sendhookfile.exe 5bead20cbbff23bfd2019f4cff0af0cc Azorult .NET framework AsyncRAT backdoor VirusTotal Malware Check memory Checks debugger unpack itself ComputerName				2.2		49	ZeroCERT

6588	2021-03-28 12:17	MMP1.exe 3a72db0fed4b27a239a2311334b84603 Glupteba PDB unpack itself Windows Remote Code Execution DNS crashed				2.6	M		ZeroCERT

6589	2021-03-28 12:18	ScHost.exe a6142de2699d423a11dd8e21a6f619a1 VirusTotal Malware MachineGuid Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces ComputerName				3.2	M	20	ZeroCERT

6590	2021-03-28 12:19	MMP1_1.exe d24739440dcb6305975a48d7ca99c808 Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications sandbox evasion anti-virtualization IP Check installed browsers check Ransomware Stealer Browser ComputerName DNS Software	1 Keyword trend analysis	4	2	14.0	M	48	ZeroCERT

6591	2021-03-28 12:20	index.php d1b7edfa2089fce4cc6d5aed48c2ea4e Glupteba PDB unpack itself Windows Remote Code Execution crashed				2.0	M		ZeroCERT

6592	2021-03-28 12:25	lv.exe a2bb6fcbbbe65cd7945fa2577540bed4 Malicious Library Code Injection Check memory Checks debugger Creates executable files ICMP traffic unpack itself Windows utilities suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows DNS		6		7.6	M		ZeroCERT

6593	2021-03-28 12:29	phantom.exe 495a5dd123d26f7c6233aae60833cf80 Glupteba VirusTotal Malware PDB unpack itself Windows Remote Code Execution DNS crashed		2		3.4	M	23	ZeroCERT

6594	2021-03-28 12:29	win230321.exe 66c3ae9bddbbbcc2cc979d23792f15ac Azorult .NET framework Glupteba Malicious Library AsyncRAT backdoor Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Disables Windows Security Check virtual network interfaces suspicious process AppData folder suspicious TLD WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key crashed Downloader	1 Keyword trend analysis	6	5 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING Possibly Suspicious Request for Putty.exe from Non-Standard Download Location	18.2	M	33	ZeroCERT

6595	2021-03-29 09:31	NVME.htm e44cbeb22aadb0a91244e2d5d4fd006f AsyncRAT backdoor VirusTotal Malware PDB				0.6		9	ZeroCERT

6596	2021-03-29 09:31	filename.exe a440ee6b5229dce86350bebba7c829cc Glupteba PDB unpack itself Windows Remote Code Execution crashed				2.0			ZeroCERT

6597	2021-03-29 09:31	z.exe a41a6a4e3cfddfe3e10bdd5323a58d3a Glupteba VirusTotal Malware PDB unpack itself Windows Remote Code Execution DNS crashed				3.8	M	52	ZeroCERT

6598	2021-03-29 09:34	NVME.htm e44cbeb22aadb0a91244e2d5d4fd006f AsyncRAT backdoor VirusTotal Malware PDB				0.6		9	ZeroCERT

6599	2021-03-29 09:34	lv.exe d9c426f7688fa244fa016d0c8aa9d7f3 Glupteba Malicious Library VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows crashed		1		6.8		24	ZeroCERT

6600	2021-03-29 09:41	localle.exe 6a2810cc91d419ea198c72a89bb2cf9b Glupteba PDB unpack itself Windows Remote Code Execution crashed				2.0			ZeroCERT