Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
7486	2021-04-22 10:51	day.exe ed2074f92b6b66a0679cb47d94308c16 PWS .NET framework VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed					9.4		15	ZeroCERT

7487	2021-04-22 10:51	DLI_0251_053_021.pdf 873fc3f0fdfae3505a3de1bca97e40f9 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4		8.6	M	21	ZeroCERT

7488	2021-04-22 10:53	svchost.exe 5c2e20cf98a0d8918ddec80ef4ccf067 PWS .NET framework VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself suspicious process Windows DNS Cryptographic key					6.4		13	ZeroCERT

7489	2021-04-22 10:53	svch.exe a750b5c841200037a4e03a27ba5a6382 PWS .NET framework VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows Cryptographic key					5.0		16	ZeroCERT

7490	2021-04-22 10:55	vbc.exe 71a14ce0723e4de96846bf22eed49d20 PWS .NET framework VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows DNS Cryptographic key					5.6		15	ZeroCERT

7491	2021-04-22 10:56	Mkqhnnyzd.pdf 75ab568fe148e4d229533c5a6cd6b572 PWS .NET framework VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Windows ComputerName crashed					4.6		17	ZeroCERT

7492	2021-04-22 10:58	kat.exe 6df35d13af1d81c07add53e3b8efb89e Malicious Packer PWS .NET framework VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS crashed		1			12.0		15	ZeroCERT

7493	2021-04-22 11:00	obi.exe 42d9d2204bfed1a7df45d3bd2849e8e0 Malicious Packer PWS .NET framework VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName crashed					11.0	M	21	ZeroCERT

7494	2021-04-22 11:02	DFI_078_41_02_005.pdf 401b898010200d87fa8b93e0bf20f45d Gen1 Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Phishing Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization installed browsers check OskiStealer Stealer Windows Browser Email ComputerName DNS crashed Password	9 Keyword trend analysis	2	5 Info ET POLICY Data POST to an image file (jpg) ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) ET HUNTING HTTP POST to XYZ TLD Containing Pass - Possible Phishing		16.8		14	ZeroCERT

7495	2021-04-22 13:39	DLI_0251_053_021.pdf 873fc3f0fdfae3505a3de1bca97e40f9 AgentTesla Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4		8.6	M	21	r0d

7496	2021-04-22 13:44	DFI_078_41_02_005.pdf 401b898010200d87fa8b93e0bf20f45d AgentTesla Gen1 Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Phishing Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Malicious Traffic Check memory WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check OskiStealer Stealer Windows Browser Email ComputerName Password	9 Keyword trend analysis	2	6 Info ET POLICY Data POST to an image file (jpg) ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2 ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) ET HUNTING HTTP POST to XYZ TLD Containing Pass - Possible Phishing	1	11.8	M	14	r0d

7497	2021-04-22 15:21	nyelw.vdg d0b30b11795c869a2d3c83be6761067b Emotet VirusTotal Malware Checks debugger RWX flags setting unpack itself sandbox evasion Windows Cryptographic key					3.6		49	guest

7498	2021-04-22 17:15	0beU0RimJUAeIPysjPIQLhgYSowUv3... 80a193b93598109aea05d7a9008358bb Gen2 Gen1 VirusTotal Malware					1.4	M	52	ZeroCERT

7499	2021-04-22 17:15	IMG_10540078520047.pdf.exe 0584b79b0075099a377c30ffa0bfee28 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4		8.4	M	17	ZeroCERT

7500	2021-04-22 17:18	IMG_045_00_37_3210.pdf.exe 99e0c2ac9236cfedc7dbeffdde956fe2 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs ComputerName DNS crashed		2			9.6	M	28	ZeroCERT