popup

Submissions

No Date Request Urls Hosts IDS Rule Score Zero VT Player Etc
8236 2021-05-21 14:28 0520_2812845003972.doc  

aecae614ceb5f5c3dac0e00c773acb6d


Hancitor VBA_macro OS Processor Check MSOffice File Vulnerability VirusTotal Malware Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious TLD IP Check ComputerName 		2 8 1 1 8.4 M 10 조광섭

8237 2021-05-21 14:35 0520_2812845003972.doc  

aecae614ceb5f5c3dac0e00c773acb6d


Hancitor VBA_macro OS Processor Check MSOffice File Vulnerability VirusTotal Malware Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check ComputerName 		2 8 1 1 8.0 M 10 조광섭

8238 2021-05-21 15:27 0520_3174350754728.doc  

1ffb14acaddc1c6b1c560a322db6214d


Hancitor VBA_macro OS Processor Check MSOffice File Vulnerability VirusTotal Malware Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check ComputerName 		2 8 1 1 8.0 M 10 ZeroCERT

8239 2021-05-21 16:16 0520_3174350754728.doc  

1ffb14acaddc1c6b1c560a322db6214d


Hancitor VBA_macro OS Processor Check MSOffice File Vulnerability VirusTotal Malware Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious TLD IP Check ComputerName 		2 6 1 1 8.4 M 10 조광섭

8240 2021-05-21 16:19 ConsoleApp12.exe  

40caefae9655ee0c0726c76becde4743


PWS Loki[b] Loki[m] AsyncRAT backdoor Ave Maria WARZONE RAT Antivirus DNS AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c powershell suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself suspicious process malicious URLs WriteConsoleW installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software 		1 2 7 11.8 M 29 ZeroCERT

8241 2021-05-21 16:27 vg23ty.exe  

0f66f5cd6f420f6d386924c0243cc6dc


AsyncRAT backdoor Ave Maria WARZONE RAT Antivirus AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed 		2 3 1 13.2 M 25 guest

8242 2021-05-21 16:33 ConsoleApp9.exe  

0f938ac4802642b34cc7105fb04c32ac


AsyncRAT backdoor AgentTesla Ave Maria WARZONE RAT Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process malicious URLs WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed 		2 4 4 17.6 M 21 ZeroCERT

8243 2021-05-21 16:34 ConsoleApp19.exe  

ccf10dc1a6d121efdf9c28443a56e8b7


AsyncRAT backdoor Ave Maria WARZONE RAT Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed 		2 4 4 17.0 M 18 ZeroCERT

8244 2021-05-21 16:38 vg23ty.exe  

0f66f5cd6f420f6d386924c0243cc6dc


AsyncRAT backdoor Ave Maria WARZONE RAT Antivirus AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed 		1 3 2 13.2 M 25 guest

8245 2021-05-21 17:09 0520_565103775327.doc  

21d75f519830577395709b9e78bc8971


Hancitor VBA_macro OS Processor Check MSOffice File Vulnerability VirusTotal Malware Malicious Traffic Checks debugger buffers extracted ICMP traffic unpack itself Check virtual network interfaces suspicious TLD IP Check ComputerName 		2 8 1 1 9.2 M 13 ZeroCERT

8246 2021-05-23 10:03 setup1.exe  

a4015fd6918ebda49f3119c6851e2f56


PE File PE32 VirusTotal Malware Check memory unpack itself crashed 		1.6 16 ZeroCERT

8247 2021-05-23 10:04 file.exe  

208d68b24b8a9d9f9db57f5f7705ecf9


Glupteba PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows DNS crashed 		3.4 26 ZeroCERT

8248 2021-05-23 10:13 setup2.exe  

f7b84bc8e435cc4dd024f66cd53b3609


PE File PE32 VirusTotal Malware Check memory unpack itself DNS crashed 		2.2 M 19 ZeroCERT

8249 2021-05-23 10:13 BBSbacket.exe  

e19f8b76b5a0c4959fcb41fe5b46ad80


AsyncRAT backdoor PWS .NET framework BitCoin AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces suspicious TLD installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key crashed 		3 5 2 1 11.8 M 30 ZeroCERT

8250 2021-05-23 10:14 22.exe  

84a289e78940e188a5d3cd76c99b609e


AsyncRAT backdoor PWS .NET framework Malicious Packer DNS AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW human activity check Windows ComputerName DNS DDNS 		3 1 15.0 M 45 ZeroCERT

keyword