Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Score	Zero	VT	Player
7036	2021-04-07 17:28	sample.exe 7f8a15aca0965d3ef7f5e36245ee20fa Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key	1 Keyword trend analysis	3	12.4	M	53	조광섭

7037	2021-04-07 17:32	sample.exe 7f8a15aca0965d3ef7f5e36245ee20fa Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key	1 Keyword trend analysis	4	12.4	M	53	조광섭

7038	2021-04-07 17:36	resk8.exe ac9e6b5f93ae7560c74176cd4ec2d129 VirusTotal Malware Code Injection unpack itself DNS crashed	2 Keyword trend analysis		4.2	M	15	조광섭

7039	2021-04-07 17:36	sample.exe 7f8a15aca0965d3ef7f5e36245ee20fa Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows	1 Keyword trend analysis	2	6.2	M	53	조광섭

7040	2021-04-07 17:37	china.png 6be41709f8bfbf06307cc56d04249801 AsyncRAT backdoor VirusTotal Malware AutoRuns PDB Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Detects VirtualBox Check virtual network interfaces AppData folder Windows	2 Keyword trend analysis	10 Info gwenetha.info(172.67.131.232) - malware cdn.discordapp.com(162.159.135.233) - malware whatitis.website() - mailcious pastebin.com(104.23.99.190) - mailcious iplogger.org(88.99.66.31) - mailcious 162.159.134.233 - malware 162.159.133.233 - malware 88.99.66.31 - mailcious 104.23.99.190 - mailcious 104.21.12.27 - malware	8.6	M	53	조광섭

7041	2021-04-07 17:41	resk8.exe ac9e6b5f93ae7560c74176cd4ec2d129 VirusTotal Malware Code Injection unpack itself DNS crashed	3 Keyword trend analysis		4.2	M	15	조광섭

7042	2021-04-07 17:41	china.png 6be41709f8bfbf06307cc56d04249801 AsyncRAT backdoor VirusTotal Malware AutoRuns PDB MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder Windows DNS		11 Info gwenetha.info(104.21.12.27) - malware iplogger.org(88.99.66.31) - mailcious whatitis.website() - mailcious pastebin.com(104.23.98.190) - mailcious cdn.discordapp.com(162.159.130.233) - malware 162.159.129.233 - malware 162.159.130.233 - malware 88.99.66.31 - mailcious 142.250.66.36 172.67.131.232 104.23.98.190 - mailcious	6.4	M	53	조광섭

7043	2021-04-07 17:42	sample.exe 7f8a15aca0965d3ef7f5e36245ee20fa Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key	4 Keyword trend analysis Info http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f https://www.bing.com/	4	12.4	M	53	조광섭

7044	2021-04-07 18:09	1234.exe 21e89e596c315bab4c83983433b445c1 Azorult .NET framework Process Kill FindFirstVolume CryptGenKey AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Check virtual network interfaces IP Check ComputerName DNS crashed	1 Keyword trend analysis	2	11.8	M	50	ZeroCERT

7045	2021-04-07 18:12	moneybit.exe cf528b119445c4d25a90e05bba8900c6 Azorult .NET framework AsyncRAT backdoor VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process Windows DNS keylogger	1 Keyword trend analysis	5	15.2	M	33	ZeroCERT

7046	2021-04-08 07:24	7GsbE2ABGiKVr6O.exe 85721567263e6e9c268437b429f85bbd Google Chrome User Data browser info stealer AsyncRAT backdoor VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS DDNS keylogger		3	13.8		27	ZeroCERT

7047	2021-04-08 09:02	6jhu8yhd.exe 77be0dd6570301acac3634801676b5d7 Ficker Stealer VirusTotal Malware ICMP traffic IP Check	1 Keyword trend analysis	4	3.2	M	58	ZeroCERT

7048	2021-04-08 09:30	svchost.exe c09ca2b69268d3d5ad0243b64ea2a179 VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key	2 Keyword trend analysis Info http://redirector.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe http://r3---sn-3u-bh26.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe?cms_redirect=yes&mh=pH&mip=175.208.134.150&mm=28&mn=sn-3u-bh26&ms=nvh&mt=1617841001&mv=m&mvi=3&pl=18&shardbypass=yes	2	3.2	M	22	ZeroCERT

7049	2021-04-08 09:31	omar.exe 13db34cab435d9858269c5e823f4b575 Azorult .NET framework AsyncRAT backdoor Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser ComputerName DNS Cryptographic key crashed	3 Keyword trend analysis	4	15.0		37	ZeroCERT

7050	2021-04-08 09:31	arinzex.scr b9a31ec9cf6084d9ea4543ae5454f6c0 Antivirus AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut ICMP traffic unpack itself Disables Windows Security powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed keylogger	6 Keyword trend analysis Info http://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-2F0AA6F57E058337CC16810234C2DFDB.html http://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-2FD2756F009C926423D842FF71E3D7A3.html http://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-D2C9705A9E4B7468E694A3A64753EB5F.html https://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-2F0AA6F57E058337CC16810234C2DFDB.html https://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-2FD2756F009C926423D842FF71E3D7A3.html https://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-D2C9705A9E4B7468E694A3A64753EB5F.html	2	15.4		15	ZeroCERT