Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8026	2021-05-13 09:57	wzreporteditor.rar 888c0a23a36025b29da51f002f458234 Escalate priviledges KeyLogger AntiDebug AntiVM VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself DNS					3.4	M	50	ZeroCERT

8027	2021-05-13 09:58	image.exe 906c90c5a321e9d087056a07d6dff929 AsyncRAT backdoor email stealer Malicious Library DNS Socket Escalate priviledges KeyLogger Code injection Downloader persistence AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed		1			12.2	M	21	ZeroCERT

8028	2021-05-13 10:08	robopac.exe 0a2f3448bf0077279f98a5d9f2751d9c PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself					2.0		31	ZeroCERT

8029	2021-05-13 10:57	svchost.exe 2edb5a087966f25f972506500a48c9f3 AsyncRAT backdoor Malicious Library SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself suspicious process Windows ComputerName DNS Cryptographic key					10.8	M	36	ZeroCERT

8030	2021-05-13 10:58	docsc.exe 457b22da77d4db093a31dd80a4b8963f AsyncRAT backdoor Malicious Library DNS AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities Windows Cryptographic key					9.6	M	34	ZeroCERT

8031	2021-05-13 11:00	b.exe 1e21969ef30c0484bd1b9aaef1f16907 PWS .NET framework email stealer Malicious Packer DNS Socket Escalate priviledges KeyLogger Code injection Downloader persistence AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk VM Disk Size Check Windows DNS		1			10.0	M	24	ZeroCERT

8032	2021-05-13 11:02	v.exe fa85dccdc26f4e37e751e644864e27e2 PWS .NET framework Malicious Packer DNS AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself human activity check Windows DNS DDNS		2	1		12.8	M	20	ZeroCERT

8033	2021-05-13 16:03	easyon-1.exe a0b256269745ce17a7782647a66c9428 Emotet PE File PE32 DLL PE64 OS Processor Check Malware download Dridex Malware AutoRuns PDB suspicious privilege Check memory Checks debugger Creates executable files unpack itself Windows utilities AntiVM_Disk sandbox evasion WriteConsoleW Firewall state off VM Disk Size Check Windows Remote Code Execution	16 Keyword trend analysis Info http://www.seetrol.com/update3/NetScan.exe http://www.seetrol.com/update3/MirrInst64.exe http://www.seetrol.com/update3/105/x64/dfmirage.dll http://www.seetrol.com/update3/105/x86/dfmirage.sys http://www.seetrol.com/update3/068/dfmirage.sys http://www.seetrol.com/update3/Install.txt http://www.seetrol.com/update3/068/dfmirage.dll http://www.seetrol.com/update3/105/dfmirage.cat http://www.seetrol.com/update3/MirrInst32.exe http://www.seetrol.com/update3/105/dfmirage.inf http://www.seetrol.com/update3/SeetrolCenter.exe http://www.seetrol.com/update3/105/x86/dfmirage.dll http://www.seetrol.com/update3/068/dfmirage.inf http://www.seetrol.com/update3/105/x64/dfmirage.sys http://www.seetrol.com/update3/Uninstall.txt http://www.seetrol.com/update3/068/dfmirage.cat	4	3		8.4			guest

8034	2021-05-13 17:35	http://easyon.ielc.co.kr/skin/... a0b256269745ce17a7782647a66c9428 AgentTesla Emotet DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM PE File PE32 MSOffice File Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	2	3		4.6			Kim.GS

8035	2021-05-13 18:32	NBYSORTAKDB.exe 7b20dfb50fe8e6dd54ccc13bed3d872a AsyncRAT backdoor PE File .NET EXE PE32 VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself					2.6	M	21	ZeroCERT

8036	2021-05-13 18:34	joewealthx.exe 0b4cc13de8c54add5149b56649b3f680 PWS .NET framework Malicious Packer SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed					10.4	M	40	ZeroCERT

8037	2021-05-14 08:00	wp-netmon.dll 0248aa78d8a4d231273d6589edb0a423 Gen1 Emotet PE File DLL PE32 Dridex TrickBot VirusTotal Malware Report suspicious privilege Checks debugger buffers extracted RWX flags setting unpack itself Check virtual network interfaces Kovter ComputerName DNS		3	4		5.4		4	ZeroCERT

8038	2021-05-14 08:07	o.dot 00eb91c9f6e4d73f2bddbef77527c6b8 RTF File doc AntiDebug AntiVM Malware download Malware MachineGuid Malicious Traffic Check memory exploit crash unpack itself Windows Exploit DNS crashed	1 Keyword trend analysis	1	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		4.0			ZeroCERT

8039	2021-05-14 09:44	vbc.exe b3847f8971a23a7a09673b19dfc110c9 AsyncRAT backdoor Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					9.0		25	ZeroCERT

8040	2021-05-14 09:45	obf.exe 14d054adca6f90371a4ce13a720dafbf AsyncRAT backdoor Malicious Packer AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Check virtual network interfaces AppData folder malicious URLs Windows DNS	1 Keyword trend analysis	1	4	1	11.4	M	22	ZeroCERT