Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
8296	2021-05-25 09:52	Gpd6QILUkcxzAsA.exe af5f4617e678d890744af7fa9347097c AsyncRAT backdoor PWS .NET framework Malicious Library .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows Cryptographic key				2.2		13	ZeroCERT

8297	2021-05-25 09:52	tQgQKErbJBxONQ5.exe f9783cc36e150eff4c6d6a5933c59373 AsyncRAT backdoor PWS .NET framework Malicious Library .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows DNS Cryptographic key				3.0	M	21	ZeroCERT

8298	2021-05-25 09:55	doc.dll 8b0aa7b2df531503ebb39aa142b004a8 DLL PE File OS Processor Check PE32 VirusTotal Malware PDB MachineGuid Check memory Checks debugger RWX flags setting unpack itself ComputerName		1		2.8	M	33	ZeroCERT

8299	2021-05-25 09:55	W4Nxx0DldkRdql7.exe df914c109e5c1985bae95ae645049ae3 AsyncRAT backdoor PWS .NET framework Malicious Library .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows DNS Cryptographic key				2.8	M	19	ZeroCERT

8300	2021-05-25 09:57	HID%20Payment%20Advice%20Note%... 74143635e4ccd866da6da37710e828c0 VirusTotal Malware Check memory heapspray unpack itself Java				2.4	M	22	ZeroCERT

8301	2021-05-25 09:59	................................. 3e8e5efd15868dd7c922882c75b136a3 RTF File doc AntiDebug AntiVM FormBook Malware download VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger exploit crash unpack itself Windows Exploit DNS crashed	2 Keyword trend analysis	6	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET INFO Packed Executable Download ET MALWARE FormBook CnC Checkin (GET) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5.0	M	29	ZeroCERT

8302	2021-05-25 10:00	svch.exe 13023b4453e98378bf05047bd0bbb9f8 Raccoon Stealer Glupteba PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows DNS crashed				3.6	M	37	ZeroCERT

8303	2021-05-25 10:01	94tjF7QB1LlfpIm.exe e7b6e0339e511aef97733309f4fc7c62 PWS .NET framework Malicious Library .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key				2.2	M	25	ZeroCERT

8304	2021-05-25 10:01	Kill$.exe 84351b76b5750af1b8da4b9b3572ca6a AgentTesla Antivirus Anti_VM DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Code injection Http API Internet API Steal credential ScreenShot Downloader P2P AntiDebug AntiVM PE64 PE File VirusTotal Malware suspicious privilege Code Injection Check memory WMI Creates executable files Windows utilities suspicious process WriteConsoleW shadowcopy delete Windows ComputerName DNS				7.6		14	ZeroCERT

8305	2021-05-25 10:02	vbc.exe 9c0ab971e60116467107fe8dd787e5cf Malicious Library Escalate priviledges KeyLogger ScreenShot Downloader persistence AntiDebug AntiVM PE File PE32 VirusTotal Malware DNS				2.4	M	18	ZeroCERT

8306	2021-05-25 10:04	nd.exe 2c25930da215dccac6d3d3c18860e2f1 PE File PE32 DLL VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder human activity check Windows ComputerName DNS DDNS		3		9.6	M	18	ZeroCERT

8307	2021-05-25 10:22	http://176.111.174.74/ACC.exe 1b566412e52165a3ef457cc7dd0ecfba AgentTesla AsyncRAT backdoor PWS .NET framework Malicious Library DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed		1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 22 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure	6.0	M	26	Kim.GS

8308	2021-05-25 15:21	kj.txt ebf79868631fd00264098d59e917e3e9 NPKI Antivirus Malware Malicious Traffic DNS	3 Keyword trend analysis	2		1.8			ZeroCERT

8309	2021-05-25 15:26	ee.txt 4124e889a26b37658b95119b69bb8c39 NPKI Antivirus Malware Malicious Traffic DNS	3 Keyword trend analysis	2	1	1.8			ZeroCERT

8310	2021-05-25 16:05	065f50e43b633113_dxmpr.exe 2c25930da215dccac6d3d3c18860e2f1 PE File PE32 DLL VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder human activity check Windows ComputerName DNS DDNS		2		8.6	M	18	r0d