Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Score	Zero	VT	Player
7111	2021-04-09 16:23	AA_v3.exe 121e1634bf18768802427f0a13f039a9 VirusTotal Malware AutoRuns Malicious Traffic Windows Remote Code Execution DNS	7 Keyword trend analysis Info http://r3---sn-3u-bh26.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe?cms_redirect=yes&mh=pH&mip=175.208.134.150&mm=28&mn=sn-3u-bh26&ms=nvh&mt=1617952575&mv=m&mvi=3&pl=18&shardbypass=yes http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgSiZ%2FjJrzHNHGmYhvsOD3FGLg%3D%3D http://redirector.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe http://crl.identrust.com/DSTROOTCAX3CRL.crl http://www.ammyy.com/files/v7/aans64.gz https://update.googleapis.com/service/update2?cup2key=10:2556806806&cup2hreq=2d0a80a187dea77518d9000012e58b78728506eb10683b878f306f1189596b92 https://www.ammyy.com/files/v7/aans64.gz	13 Info r3---sn-3u-bh26.gvt1.com(59.18.44.14) www.ammyy.com(136.243.18.118) - malware rl.ammyy.com(188.42.129.148) - mailcious r3.o.lencr.org(119.207.65.65) crl.identrust.com(119.207.65.74) 136.243.18.118 - malware 85.10.193.220 59.18.44.14 136.243.104.235 23.32.56.115 142.250.66.46 23.32.56.121 188.42.129.148 - mailcious	4.4	M	48	ZeroCERT

7112	2021-04-09 16:58	10r3.exe ffdff96a587983deae1c67bb1299b004 VirusTotal Malware DNS			2.0	M	26	ZeroCERT

7113	2021-04-09 17:01	doc.exe 884a2a6a5867367385894352a15c95f0 Azorult .NET framework email stealer AsyncRAT backdoor VirusTotal Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed		1	11.0	M	23	ZeroCERT

7114	2021-04-09 17:03	bg8.exe 57e8ac3aec87c298a240dc0853747dd5 VirusTotal Malware Code Injection unpack itself DNS crashed		1	3.2		6	ZeroCERT

7115	2021-04-09 17:04	setups.exe 44ecbc585f2689d58b5ae9f04fe01b3e Gen1 AsyncRAT backdoor VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder AntiVM_Disk sandbox evasion VM Disk Size Check Windows Exploit DNS crashed		2	7.2		24	ZeroCERT

7116	2021-04-09 17:05	bakamla0001.png 9e734e717cf11f1917493be4cfc0e0b2 VirusTotal Malware DNS			1.8	M	49	ZeroCERT

7117	2021-04-10 08:45	................................. 50d4dddb1000e7e62508148c84aa5f59 VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed	1 Keyword trend analysis	2	4.0	M	23	ZeroCERT

7118	2021-04-10 08:48	orgd.exe 91d5c9e43505f009c234551ccb5aea7b Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed			11.2		31	ZeroCERT

7119	2021-04-10 08:50	xlsf.exe 39a920febc79e6df3e3b6ac767877d66 Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key			8.2		38	ZeroCERT

7120	2021-04-10 08:52	poeybsr.ibuyafen de63e7e3da96f915446dff531a4c09dc Emotet Gen2 Gen1 VirusTotal Malware suspicious privilege Malicious Traffic Checks debugger buffers extracted ICMP traffic RWX flags setting unpack itself Check virtual network interfaces ComputerName Remote Code Execution DNS crashed	1 Keyword trend analysis	8	7.8		9	ZeroCERT

7121	2021-04-10 08:52	ibufen.php.exe de63e7e3da96f915446dff531a4c09dc Emotet Gen2 Gen1 VirusTotal Malware suspicious privilege Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself Check virtual network interfaces ComputerName Remote Code Execution DNS crashed	1 Keyword trend analysis	10	7.0		9	ZeroCERT

7122	2021-04-10 08:53	visa.exe 5046b4c2a231193546d561943408d4f3 VirusTotal Malware RWX flags setting DNS		1	3.2		49	ZeroCERT

7123	2021-04-10 08:54	svchost.exe fb002bdf8ca98dc1b9c6c27e9f4a9eed njRAT backdoor VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself suspicious process AppData folder WriteConsoleW DNS		2	5.8		55	ZeroCERT

7124	2021-04-10 08:56	pixe-updater.exe ba4658b682eba9d58ba10f74da68b5a5 VirusTotal Malware Buffer PE Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check Windows Update ComputerName	1 Keyword trend analysis	2	8.0	M	31	ZeroCERT

7125	2021-04-10 08:57	godeth.exe 733a27138e3476ec6de2aa5180de5019 AsyncRAT backdoor VirusTotal Malware AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS			12.8		18	ZeroCERT