Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8176	2024-07-03 09:29	outbyte-driver-updater.exe 19e7819eb886414b6bcab23db00541ec Gen1 Generic Malware PhysicalDrive Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM PE File PE32 MZP Format OS Processor Check DLL DllRegisterServer dll ftp PE64 VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger Creates executable files RWX flags setting unpack itself Checks Bios AppData folder AntiVM_Disk anti-virtualization VM Disk Size Check Tofsee	1 Keyword trend analysis	4	1		6.8		4	ZeroCERT

8177	2024-07-03 08:17	F.exe e501c275814bfcb58fe845c38227d5c5 Emotet Gen1 Generic Malware PhysicalDrive NSIS NMap Malicious Library Antivirus UPX Malicious Packer Admin Tool (Sysinternals etc ...) Downloader .NET framework(MSIL) ASPack Anti_VM Javascript_Blob PE File PE32 MZP Format OS Processor Check DllRegisterSer Browser Info Stealer VirusTotal Malware AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Tofsee Windows Browser Advertising Google ComputerName DNS Cryptographic key DDNS crashed keylogger	7 Keyword trend analysis Info http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1 https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1 https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1 http://xred.site50.net/syn/SSLLibrary.dll	11 Info drive.usercontent.google.com(142.250.206.193) - mailcious docs.google.com(172.217.25.174) - mailcious xred.mooo.com() - mailcious freedns.afraid.org(69.42.215.252) www.dropbox.com(162.125.84.18) - mailcious 142.251.220.78 69.42.215.252 142.250.66.142 142.251.220.1 142.251.220.33 162.125.84.18 - mailcious	2		10.8	M	68	ZeroCERT

8178	2024-07-03 08:17	java_update.exe bc4206081a6f4206dc5b63948b05ef4b Emotet Gen1 Generic Malware PhysicalDrive NSIS NMap Malicious Library Antivirus UPX Malicious Packer Admin Tool (Sysinternals etc ...) Downloader .NET framework(MSIL) ASPack Anti_VM Javascript_Blob PE File PE32 MZP Format OS Processor Check DllRegisterSer Browser Info Stealer AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser ComputerName DNS Cryptographic key		2			6.6	M		ZeroCERT

8179	2024-07-03 08:15	x.exe d27e7c560c09eb318c80cab58baea1b2 Emotet Gen1 Generic Malware PhysicalDrive NSIS NMap Malicious Library Antivirus UPX Malicious Packer Admin Tool (Sysinternals etc ...) Downloader .NET framework(MSIL) ASPack Anti_VM Javascript_Blob PE File PE32 MZP Format OS Processor Check DllRegisterSer Browser Info Stealer AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser ComputerName Cryptographic key					6.0	M		ZeroCERT

8180	2024-07-03 08:13	Build.exe 2f6f4f9674c6721b5ea8319ed90a8f20 Emotet Gen1 Generic Malware PhysicalDrive NSIS NMap Malicious Library Downloader UPX Malicious Packer Admin Tool (Sysinternals etc ...) Antivirus .NET framework(MSIL) ASPack Anti_VM Javascript_Blob PE File PE32 MZP Format OS Processor Check DllRegisterSer Browser Info Stealer VirusTotal Malware AutoRuns Check memory Creates executable files unpack itself suspicious process AppData folder installed browsers check Tofsee Windows Browser Advertising Google ComputerName Trojan DNS DDNS crashed keylogger	7 Keyword trend analysis Info http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1 https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1 https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1 http://xred.site50.net/syn/SSLLibrary.dll	10 Info drive.usercontent.google.com(142.250.207.97) - mailcious docs.google.com(172.217.25.174) - mailcious xred.mooo.com() - mailcious freedns.afraid.org(69.42.215.252) www.dropbox.com(162.125.84.18) - mailcious 142.251.220.78 45.141.26.232 - mailcious 142.251.220.1 69.42.215.252 162.125.84.18 - mailcious	2		12.2	M	69	ZeroCERT

8181	2024-07-03 08:09	don701.exe 6a1ff8c93c4d4ba50c8145a354b5c586 AgentTesla Malicious Library PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows Gmail Browser Email ComputerName Cryptographic key crashed keylogger		2	2		13.6	M	56	ZeroCERT

8182	2024-07-03 08:07	mku.vbs 723330a9cf1200400aa6a4dcbd27e061 Malware download Wshrat NetWireRC Malware VBScript AutoRuns WMI wscript.exe payload download AntiVM_Disk VM Disk Size Check Windows Houdini ComputerName DNS DDNS Dropper	1 Keyword trend analysis	2	4	1	10.0	M		ZeroCERT

8183	2024-07-03 08:07	pilnmAc2.6.exe 9929a1a4d2ec5d72c028435c6b71054f Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File PE32 Device_File_Check OS Processor Check Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	1 Keyword trend analysis	2	3		7.4	M		ZeroCERT

8184	2024-07-03 08:05	wp.exe 140e8ca7a6a6df97fe913af1adad9cbe AgentTesla Malicious Library PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer Email Client Info Stealer Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows Gmail Browser Email ComputerName Cryptographic key crashed keylogger		2	2		12.4	M		ZeroCERT

8185	2024-07-03 08:03	VBDVMGWB.exe 30772bcce9852eb58cf05a75bcdce2f9 Gen1 Generic Malware Malicious Library UPX Malicious Packer Antivirus PE File PE32 DLL PE64 OS Processor Check Check memory Checks debugger Creates executable files unpack itself AntiVM_Disk VM Disk Size Check					2.6			ZeroCERT

8186	2024-07-03 07:58	ServerManager.exe c5b7998c5908e5a4742674dbfda9ffb8 Antivirus UPX PE File .NET EXE PE32 OS Processor Check suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key					2.8	M		ZeroCERT

8187	2024-07-03 07:58	MicrosoftService.exe 01fd03e1f9ddbeee002267238428ac26 Antivirus UPX PE File .NET EXE PE32 OS Processor Check suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key					2.8	M		ZeroCERT

8188	2024-07-03 07:56	setup.exe 376bda749ff4727c39cbc3868b2e6477 Malicious Library PE File PE32 VirusTotal Malware Checks debugger WMI Creates executable files RWX flags setting unpack itself Checks Bios anti-virtualization ComputerName					4.6	M	37	ZeroCERT

8189	2024-07-03 07:54	InvestmentsBreed.exe 93ca970bf446580ce800feb9c3973304 Generic Malware Suspicious_Script_Bin Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P An VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName					6.8	M	22	ZeroCERT

8190	2024-07-03 07:53	1.exe a8899bbd6c19faf3ba8afe6f853cbc46 Malicious Library PE File PE32 VirusTotal Malware RCE					1.8	M	28	ZeroCERT