Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	Zero	VT	Player
6916	2021-04-05 10:50	qs73wd.rar 6f3d820ee9c069a6710e743d53a9bb25 VirusTotal Malware PDB unpack itself crashed				2.2	M	35	조광섭

6917	2021-04-05 10:57	1.dll 5512180f20e8279acc4d71abbfeb2433 VirusTotal Malware Checks debugger unpack itself				1.6	M	37	조광섭

6918	2021-04-05 11:01	asse9e3x.rar 3d0fffa0fe157c3bffb917e6a8d9da2e Dridex Gen2 Gen1 VirusTotal Malware PDB MachineGuid Malicious Traffic Check memory Checks debugger unpack itself Collect installed applications installed browsers check Browser ComputerName DNS crashed	1 Keyword trend analysis	1	1	6.4	M	45	조광섭

6919	2021-04-05 13:24	sfx_123_400.exe beadf9b68de9852d44514425663cb3fd VirusTotal Malware PDB suspicious privilege Code Injection Check memory WMI unpack itself Windows utilities suspicious process AppData folder malicious URLs Windows ComputerName				6.0	M	24	ZeroCERT

6920	2021-04-05 13:24	updatechannel4.exe 8e9df5d267e02aee6e6e2427fa2e2454 AsyncRAT backdoor VirusTotal Malware AutoRuns MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Check virtual network interfaces AppData folder Windows ComputerName DNS	15 Keyword trend analysis Info http://203.159.80.228/ http://edgedl.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe https://iplogger.org/2CQAB5.exe https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe https://cdn.discordapp.com/attachments/826416818390040589/826469949593485312/file.exe https://iplogger.org/1xPHh7 https://update.googleapis.com/service/update2?cup2key=10:2761306227&cup2hreq=71b51d9ea15a088b2af84ffd33921119eb65dcd4b9b4898e9e4276f19445345c https://cdn.discordapp.com/attachments/822543417757270050/826145904716152872/PlayerUI.exe https://gwenetha.info/setup-KGQJ-1.exe https://iplogger.org/1iPtu7 https://iplogger.org/2LehR6.exe https://cdn.discordapp.com/attachments/826198252025675816/826538114838298715/install_setupVPSfree.exe https://cdn.discordapp.com/attachments/826416818390040589/826855866228670474/7525b875715555.exe https://update.googleapis.com/service/update2 https://pastebin.com/raw/gCyjHCCH	13 Info whatitis.website() gwenetha.info(104.21.12.27) iplogger.org(88.99.66.31) pastebin.com(104.23.99.190) - mailcious cdn.discordapp.com(162.159.130.233) - malware edgedl.gvt1.com(142.250.34.2) 203.159.80.228 - mailcious 88.99.66.31 - mailcious 172.67.131.232 162.159.130.233 - malware 142.250.66.131 142.250.34.2 104.23.98.190 - mailcious		7.0	M	32	ZeroCERT

6921	2021-04-05 13:25	done.exe 4e62febb0ac594a5f0e92021ae54850f AsyncRAT backdoor VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check				2.8	M	35	ZeroCERT

6922	2021-04-05 13:25	phantom.exe c7845e1fc375b2edb666c547c83fb76e unpack itself Remote Code Execution DNS				1.8			ZeroCERT

6923	2021-04-05 13:28	china.png 6be41709f8bfbf06307cc56d04249801 AsyncRAT backdoor VirusTotal Malware AutoRuns PDB MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder Windows DNS	8 Keyword trend analysis Info http://whatitis.website/download.php?pub=mixinte https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe https://cdn.discordapp.com/attachments/826416818390040589/826469949593485312/file.exe https://cdn.discordapp.com/attachments/826198252025675816/826538114838298715/install_setupVPSfree.exe https://gwenetha.info/setup-KGQJ-1.exe https://iplogger.org/2LehR6.exe https://cdn.discordapp.com/attachments/826416818390040589/826855866228670474/7525b875715555.exe https://pastebin.com/raw/gCyjHCCH	9		6.4	M	49	ZeroCERT

6924	2021-04-05 13:28	updatechannel3.exe 4f50605a46c47d765ff37b8751760505 AsyncRAT backdoor VirusTotal Malware AutoRuns MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files ICMP traffic unpack itself Check virtual network interfaces AppData folder Windows ComputerName DNS	11 Keyword trend analysis Info http://203.159.80.228/ https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe https://iplogger.org/1hyTq7 https://cdn.discordapp.com/attachments/826416818390040589/826469949593485312/file.exe https://cdn.discordapp.com/attachments/822543417757270050/826145904716152872/PlayerUI.exe https://cdn.discordapp.com/attachments/826198252025675816/826538114838298715/install_setupVPSfree.exe https://gwenetha.info/setup-KGQJ-1.exe https://iplogger.org/1iPtu7 https://iplogger.org/2LehR6.exe https://cdn.discordapp.com/attachments/826416818390040589/826855866228670474/7525b875715555.exe https://pastebin.com/raw/gCyjHCCH	10		7.2	M	20	ZeroCERT

6925	2021-04-05 13:32	du.exe 176a67399e1fd4d5fc92643e70fdee7f Glupteba Ficker Stealer AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files ICMP traffic unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs sandbox evasion anti-virtualization IP Check installed browsers check Ransomware Windows Browser ComputerName DNS Software crashed	9 Keyword trend analysis Info http://whatitis.club/load.php?pub=mixruzki http://api.ipify.org/?format=xml http://gurums.info/MMP2.exe http://gurums.info/lukkeze.best.exe https://cdn.discordapp.com/attachments/826416818390040589/826531006563352596/Bussed_2021-03-30_21-01.exe https://fex.net/uk/s/o1ovzfe https://pastebin.com/raw/VVpUeH0C https://iplogger.org/2LehR6.exe https://cdn.discordapp.com/attachments/826416818390040589/826855866228670474/7525b875715555.exe	17 Info whatitis.club(188.119.112.160) api.ipify.org(107.22.233.72) fex.net(194.106.216.70) iplogger.org(88.99.66.31) - mailcious gurums.info(217.144.96.35) pastebin.com(104.23.99.190) - mailcious cdn.discordapp.com(162.159.135.233) - malware lukkeze.best(79.143.30.6) 188.68.221.233 - phishing 203.159.80.228 - mailcious 162.159.129.233 - malware 194.106.216.70 88.99.66.31 - mailcious 104.23.98.190 - mailcious 217.144.96.35 23.21.252.4 195.123.215.21		17.8	M	15	ZeroCERT

6926	2021-04-05 14:32	lukkeze.best.exe 7f1bd38647745b87464b8c696519bfc6 Ficker Stealer VirusTotal Malware IP Check DNS	1 Keyword trend analysis	4		3.0		50	ZeroCERT

6927	2021-04-05 14:35	MMP2.exe 5c6ef834006bdc8697576a9af6cea2b6 Glupteba VirusTotal Malware PDB unpack itself Windows Remote Code Execution DNS crashed				3.8		44	ZeroCERT

6928	2021-04-05 14:41	updatechannel2.exe af23b8181c08a65a2aacd3568a1dd46e AsyncRAT backdoor VirusTotal Malware AutoRuns MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Check virtual network interfaces AppData folder Windows ComputerName DNS	3 Keyword trend analysis	10 Info gwenetha.info(172.67.131.232) - malware cdn.discordapp.com(162.159.133.233) - malware whatitis.website() - mailcious pastebin.com(104.23.99.190) - mailcious iplogger.org(88.99.66.31) - mailcious 203.159.80.228 - mailcious 162.159.134.233 - malware 104.21.12.27 - malware 88.99.66.31 - mailcious 104.23.99.190 - mailcious		6.6	M	32	ZeroCERT

6929	2021-04-06 08:18	0504.gif 937e2c551368757c5e3c3598c41ea7d9 VirusTotal Malware				0.8		19	ZeroCERT

6930	2021-04-06 08:18	ALbaCTlU8DzMcA.php 3be35148cc6c80994becbcd204d8c33e Dridex Gene VirusTotal Malware				1.4		22	ZeroCERT