Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8251	2021-05-23 10:15	lv.exe 2809de5c1d9de29a85dcd05e179b70e4 AgentTesla Glupteba NPKI Gen1 Gen2 Malicious Library DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug Ant VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows DNS crashed		1			12.0	M	27	ZeroCERT

8252	2021-05-23 10:15	scr.dll 7a77bc3281be4a356defa637d2d70014 Amadey DLL PE File PE32 JPEG Format ENERGETIC BEAR VirusTotal Malware Malicious Traffic Checks debugger buffers extracted unpack itself DNS	1 Keyword trend analysis	1	1		4.0	M	36	ZeroCERT

8253	2021-05-23 10:15	cred.dll 1606294ef66c020a6585301620aeb440 PWS Loki[b] Loki[m] DLL PE File PE32 FTP Client Info Stealer ENERGETIC BEAR VirusTotal Email Client Info Stealer Malware Malicious Traffic Check memory Checks debugger unpack itself Email DNS Software	1 Keyword trend analysis	1	1		6.4	M	47	ZeroCERT

8254	2021-05-23 10:20	lv.exe e5e087b4c90602abb32b2464449c5c43 Emotet Glupteba Gen1 Gen2 PE File PE32 DLL OS Processor Check VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Windows crashed					3.6	M	44	ZeroCERT

8255	2021-05-23 10:21	bin.exe edb386d29730158b61b5212b9b922a5a Glupteba PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows Remote Code Execution DNS crashed					3.8	M	30	ZeroCERT

8256	2021-05-23 10:23	hbggg.exe e6f6fd13001b8df1af345df56caba5de Gen2 Emotet PE File OS Processor Check PE32 Browser Info Stealer VirusTotal Malware PDB Malicious Traffic Check memory Creates executable files Check virtual network interfaces AppData folder IP Check Tofsee Browser Remote Code Execution DNS	5 Keyword trend analysis	8	2	2	7.0	M	50	ZeroCERT

8257	2021-05-23 10:23	index.exe 21f942eb973340f0b1948d929ff5fc6e PWS .NET framework Malicious Library AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities AppData folder Windows DNS Cryptographic key					10.6	M	41	ZeroCERT

8258	2021-05-23 10:23	att.exe a119eaea434c7e0c58663c605e9c0ac6 Raccoon Stealer Glupteba PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows crashed					2.8		21	ZeroCERT

8259	2021-05-23 10:46	kakashi_cry.exe 62c59ba0375eebf49b4d80c290e69646 AsyncRAT backdoor PWS .NET framework .NET EXE PE File PE32 Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process Tofsee Windows	1 Keyword trend analysis	3	1		6.4			ZeroCERT

8260	2021-05-23 10:55	Setup.exe d69ad8d2f432e57d4f5ecf5d7e7f9300 Emotet AsyncRAT backdoor PWS .NET framework Gen1 Glupteba BitCoin Generic Malware Anti_VM VMProtect AntiDebug AntiVM PE File PE32 DLL .NET DLL .NET EXE GIF Format OS Processor Check PE64 Browser Info Stealer VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files ICMP traffic unpack itself Windows utilities Collect installed applications Check virtual network interfaces AppData folder AntiVM_Disk sandbox evasion VMware IP Check VM Disk Size Check installed browsers check Tofsee Ransomware GameoverP2P Zeus Windows Browser ComputerName Trojan Banking Amazon DNS Cryptographic key crashed keylogger	28 Keyword trend analysis Info http://ol.gamegame.info/report7.4.php http://limesfile.com/Ea42LhC7KVL6GEpzgxwW/C_Net_8Rpjkd5GEqRYJq87/xuqczuydmga4p4c.exe http://reportyuwt4sbackv97qarke3.com/sCTMqVJusfff2DEP/eYzrrbN8esV7bvgC http://limesfile.com/Ea42LhC7KVL6GEpzgxwW/C_Net_8Rpjkd5GEqRYJq87/xYW2RW5ePv.exe http://iw.gamegame.info/report7.4.php http://global-sc-ltd.com/EbBkqVdkm4Ebeb_EXes_nhQRrZqYVKhyGK8YF2zAUuC3J/C_Blazer_Sha/PicturesLab.exe http://global-sc-ltd.com/EbBkqVdkm4Ebeb_EXes_nhQRrZqYVKhyGK8YF2zAUuC3J/Widgets/i-record.exe http://global-sc-ltd.com/EbBkqVdkm4Ebeb_EXes_nhQRrZqYVKhyGK8YF2zAUuC3J/Widgets/Picture-Lab.exe http://global-sc-ltd.com/EbBkqVdkm4Ebeb_EXes_nhQRrZqYVKhyGK8YF2zAUuC3J/C_Blazer_Sha/I-Record.exe http://87.251.71.193// - rule_id: 1393 http://uyg5wye.2ihsfa.com/api/fbtime - rule_id: 1396 http://www.google.com/ http://ipinfo.io/ip http://limesfile.com/Ea42LhC7KVL6GEpzgxwW/C_Net_8Rpjkd5GEqRYJq87/f3kmkuwbdpgytdc5.exe http://ip-api.com/json/?fields=8198 http://ipinfo.io/country http://ip-api.com/json/ http://uyg5wye.2ihsfa.com/api/?sid=214117&key=0f51bef1ab2ad0b2ca0fa6f125359da2 - rule_id: 1396 https://iplogger.org/18hh57 https://ipqualityscore.com/api/json/ip/gp65l99h87k3l1g0owh8fr8v99dme/175.208.134.150 https://www.facebook.com/ https://api.ip.sb/geoip https://connectini.net/Series/SuperNitou.php https://news-systems.xyz/?user=barret2 https://news-systems.xyz/?user=barret1 https://iplogger.org/1Hpxd7 https://ipinfo.io/country https://c.pycharm3.ru/SystemServiceModelConfigurationExtensionsSection61947	39 Info news-systems.xyz(104.21.33.129) iw.gamegame.info(104.21.21.221) www.google.com(216.58.197.228) c.pycharm3.ru(217.107.34.191) b92d17fa-9c17-4007-a5f7-b87033b86cc2.s3.us-east-2.amazonaws.com(52.219.106.138) - malware email.yg9.me(198.13.62.186) google.com(172.217.25.78) uyg5wye.2ihsfa.com(88.218.92.148) - mailcious ol.gamegame.info(104.21.21.221) global-sc-ltd.com(199.188.201.83) connectini.net(162.0.210.44) ipinfo.io(34.117.59.81) limesfile.com(198.54.126.101) ip-api.com(208.95.112.1) www.facebook.com(157.240.215.35) api.ip.sb(172.67.75.172) iplogger.org(88.99.66.31) - mailcious reportyuwt4sbackv97qarke3.com(162.0.220.187) ipqualityscore.com(104.26.2.60) 87.251.71.193 - mailcious 162.0.220.187 52.219.84.224 216.58.197.196 - suspicious 88.218.92.148 - malware 104.26.3.60 198.13.62.186 104.21.33.129 - mailcious 199.188.201.83 157.240.215.35 88.99.66.31 - mailcious 104.21.21.221 162.0.210.44 34.117.59.81 217.107.34.191 - mailcious 198.54.126.101 216.58.197.206 - mailcious 208.95.112.1 172.67.200.215 104.26.13.31	10 Info ET POLICY External IP Lookup ip-api.com ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET POLICY PE EXE or DLL Windows file download HTTP ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 8 through 15 set ET POLICY Possible External IP Lookup ipinfo.io ET POLICY Executable served from Amazon S3 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download SURICATA HTTP unable to match response to request	3	25.2	M	35	ZeroCERT

8261	2021-05-23 17:12	Server.txt 68a0c1efdcd6fa5a6f08327b40afa394 Anti_VM ScreenShot AntiDebug AntiVM VirusTotal Malware Check memory unpack itself DNS					2.0		3	ZeroCERT

8262	2021-05-23 17:31	ALL.txt a140c5bb18fc4adb4a2f5d2a907de048 VirusTotal Malware Check memory RWX flags setting unpack itself DNS					2.0		1	ZeroCERT

8263	2021-05-23 17:38	PicturesLab.exe 02398f9746a8cdebb2bc1cb9ccb40e70 .NET EXE PE File PE32 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself					2.2	M	53	ZeroCERT

8264	2021-05-23 17:38	I-Record.exe 6f80701718727602e7196b1bba7fac1b .NET EXE PE File PE32 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself DNS					2.8	M	52	ZeroCERT

8265	2021-05-23 17:40	f3kmkuwbdpgytdc5.exe ae4a8c201b070ee94488bb8862ed4ec5 .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself					1.8	M	36	ZeroCERT