Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	Zero	VT	Player
7081	2021-04-08 18:32	xxxlss.exe 3ee61e1613c898c3078dd7fdaa00b8af Azorult .NET framework VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key				8.2	M	15	ZeroCERT

7082	2021-04-08 18:35	3.exe 7c9068127d92ac8179b511617146a8d6 Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key		1		11.4	M	24	ZeroCERT

7083	2021-04-08 19:43	ZenDEngine1.jpg 12e23b234e6739b0148a172be65e665f VirusTotal Malware DNS				1.0	M	5	ZeroCERT

7084	2021-04-08 19:43	origg-01.exe 133b4a863e9a9c74b7320f54abf199d7 Azorult .NET framework Check memory Checks debugger unpack itself Windows DNS Cryptographic key				2.0	M		ZeroCERT

7085	2021-04-08 19:43	zender.txt 5db24413257332efd03849b64f49b2c1 Antivirus Code Injection Check memory Creates executable files exploit crash unpack itself Windows utilities suspicious process Windows Exploit DNS crashed		3		6.4	M	17	ZeroCERT

7086	2021-04-08 19:43	winlog.exe 7b95e7c4b726fb678571f965327eb05c Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2		8.8	M		ZeroCERT

7087	2021-04-08 19:44	SKM_C25832100083932157.exe 67b98281009cbfdb96bfaec29243f173 AsyncRAT backdoor VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces DNS DDNS	6 Keyword trend analysis Info http://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-8F0F96D3333F94679C552F5DEB9CE2AF.html - rule_id: 708 http://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-1C2631A67656349A968652D332BDCE4F.html - rule_id: 708 https://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-8F0F96D3333F94679C552F5DEB9CE2AF.html - rule_id: 709 https://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-8F0F96D3333F94679C552F5DEB9CE2AF.html https://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-1C2631A67656349A968652D332BDCE4F.html - rule_id: 709 https://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-1C2631A67656349A968652D332BDCE4F.html	4	4	6.0	M	32	ZeroCERT

7088	2021-04-08 19:45	winlog.exe d074162909d26edf4001380da0ae4743 VirusTotal Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself AppData folder DNS				4.2	M	22	ZeroCERT

7089	2021-04-08 19:45	2.exe a7e67e6abd539aeddbb9021d23f6f217 Azorult .NET framework Gen1 AsyncRAT backdoor Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Browser ComputerName DNS Cryptographic key crashed	10 Keyword trend analysis Info http://86.107.197.8:38214/ http://195.54.160.9:32972/ http://pokacienon.xyz/ https://bbuseruploads.s3.amazonaws.com/17d04c6a-c1d1-40c0-985a-f0740a053130/downloads/62ab596d-a885-41d2-8876-b14668b5131e/test.exe?Signature=QTjNeEZOEfvGMKnBzCyT7mG4nIg%3D&Expires=1617876243&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=4_MBFBXZdU5kGeZTREx1qRsbERpZ4M_z&response-content-disposition=attachment%3B%20filename%3D%22test.exe%22 https://iplogger.org/favicon.ico https://bbuseruploads.s3.amazonaws.com/17d04c6a-c1d1-40c0-985a-f0740a053130/downloads/9580842f-6891-49c8-802a-149bf1d42264/serv.exe?Signature=pn6i4toRFefu0thF36SY2ehfP5o%3D&Expires=1617875783&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=Iu1.paGkjklgsxTllu12XmiT7Jmt91vp&response-content-disposition=attachment%3B%20filename%3D%22serv.exe%22 https://iplogger.org/1tMzh7 https://api.ip.sb/geoip https://iplogger.org/1tsTg7 https://bbuseruploads.s3.amazonaws.com/17d04c6a-c1d1-40c0-985a-f0740a053130/downloads/a1867a39-2dbe-42c2-b513-5f9bd398e056/newred.exe?Signature=%2Bly8TEK7wfszfC4CJMdwVZNxl90%3D&Expires=1617876376&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=XZ1Wq9dWgSEXAF.IA6b.w7ImqXWWjs9E&response-content-disposition=attachment%3B%20filename%3D%22newred.exe%22	12 Info pokacienon.xyz(79.141.170.43) api.ip.sb(104.26.12.31) bbuseruploads.s3.amazonaws.com(52.217.136.201) - malware bitbucket.org(104.192.141.1) - malware iplogger.org(88.99.66.31) - mailcious 79.141.170.43 52.217.44.156 88.99.66.31 - mailcious 195.54.160.9 86.107.197.8 - mailcious 104.26.13.31 104.192.141.1 - mailcious		17.0	M	40	ZeroCERT

7090	2021-04-08 19:49	winlog.exe 3ee47ef2fed1383543fed2509ee9d533 VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself AppData folder DNS	10 Keyword trend analysis Info http://www.scanourworld.com/nsag/ - rule_id: 455 http://www.vooronsland.com/nsag/?mHuHyl=ePIbjCfWAeW/4f63AGNXQz6xuO5rUlLypeHea2Yt6EoOWfF6Ojatazd4RPO9Tt4lOMtVTCu7&ExlPiL=Ufg8TTAHSRE http://www.scanourworld.com/nsag/?mHuHyl=RjpY/w7SlG6X0MktOkaS4a7cxyPO11vhmKSgl8HqKcRxVLLhONg71tk1m8LnOJlxdfFnslqN&ExlPiL=Ufg8TTAHSRE - rule_id: 455 http://www.glowtheblog.com/nsag/ - rule_id: 457 http://www.maurobenetti.com/nsag/?mHuHyl=xJgr1zV59J07F/DGN1mBIGYh6nwnQp51UVIcsTyZyeF+aiDjmWFFzzRpr6962uaxDh/K9fQW&ExlPiL=Ufg8TTAHSRE http://www.vooronsland.com/nsag/ http://www.usopencoverage.com/nsag/ - rule_id: 456 http://www.usopencoverage.com/nsag/?mHuHyl=og4DIg58JlKco58KkdqEYNLQLc3eWWfvHIn4nR8VBNKZeGgyeIgd3wA4BT8g076OhyzEqtq0&ExlPiL=Ufg8TTAHSRE - rule_id: 456 http://www.glowtheblog.com/nsag/?mHuHyl=HzZPNJQ8O4WE+bdm4vfaT6k2sBckkYigm/ImWf97pB6lZmCMtuvHJWo30XNbtj7YSTZJJE49&ExlPiL=Ufg8TTAHSRE - rule_id: 457 http://www.maurobenetti.com/nsag/	20 Info www.caresring.com(3.14.206.30) - mailcious www.droneserviceshouston.com(52.58.78.16) - mailcious www.glowtheblog.com(217.160.0.236) www.maurobenetti.com(185.199.111.153) www.vooronsland.com(83.137.149.10) www.usopencoverage.com(94.136.40.51) www.scanourworld.com(34.102.136.180) www.kodairo.com(34.201.8.187) - mailcious www.bkhlep.xyz(150.95.255.38) www.explorerthecity.com(91.195.240.94) 52.15.160.167 91.195.240.94 - phishing 94.136.40.51 - mailcious 52.58.78.16 - mailcious 34.102.136.180 - mailcious 150.95.255.38 - mailcious 217.160.0.236 - mailcious 34.201.8.187 - mailcious 185.199.109.153 - malware 83.137.149.10 - mailcious	6	6.2	M	13	ZeroCERT

7091	2021-04-09 08:51	notabotnet.arc 320b2d861c20714d4fed68bbc64d77c3 VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS				5.0		13	ZeroCERT

7092	2021-04-09 08:55	lv.exe 845615bf78874fa55758ce6fa4b36084 Glupteba Malicious Library VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows DNS crashed		1		8.4		38	ZeroCERT

7093	2021-04-09 08:56	hkn.exe 5f968f612f82f74c96dd257793cf917d Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed				9.6		24	ZeroCERT

7094	2021-04-09 08:58	file.exe 3c541941aa60ce757626f3c7ef08ae6b Raccoon Stealer Glupteba VirusTotal Malware PDB unpack itself Windows Remote Code Execution DNS crashed				3.6		34	ZeroCERT

7095	2021-04-09 11:35	Six.exe 1a50df3a388ce5778e33c2d994edeb7d VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself				1.8	M	28	ZeroCERT