Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8326	2021-05-26 09:25	%E5%A4%A9%E9%99%8D%E6%BF%80%E5... 81df021fd7a1275df23a861bb0dd436a Anti_VM PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself DNS crashed					3.8	M	52	ZeroCERT

8327	2021-05-26 09:26	vbc.exe 9fda9bae06e1705bc0baafb7ae723257 PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself DNS					2.6	M	35	ZeroCERT

8328	2021-05-26 09:26	ConsoleApp1.exe 17b32d5270a778baa555f13bb3c25b14 AsyncRAT backdoor Gen1 AntiDebug AntiVM .NET EXE PE File PE32 DLL OS Processor Check JPEG Format Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check Tofsee OskiStealer Stealer Windows Browser Email ComputerName Trojan DNS Downloader Password	11 Keyword trend analysis	4	15 Info ET POLICY Data POST to an image file (jpg) ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO TLS Handshake Failure SURICATA TLS invalid record type SURICATA TLS invalid record/traffic SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2 ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) ET MALWARE Single char EXE direct download likely trojan (multiple families) ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile		13.4	M	22	ZeroCERT

8329	2021-05-26 09:27	lv.exe 8463e69ee4b0e16c4942d27175a00135 AgentTesla Gen1 Gen2 Malicious Library DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM PE File PE VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows DNS crashed		2			7.8	M	29	ZeroCERT

8330	2021-05-26 09:27	IMG_010436088.exe 5551d898c7b1d405bec3f8bb14d9c87b AsyncRAT backdoor SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows ComputerName DNS crashed		1			6.0	M	21	ZeroCERT

8331	2021-05-26 09:31	%E6%9A%97%E5%B7%B7%E8%A7%86%E9... dab5d970f5261b346185007f25d3e5db Gen1 Gen2 Emotet PE File PE32 OS Processor Check VirusTotal Malware Check memory buffers extracted unpack itself AppData folder sandbox evasion					5.4	M	61	ZeroCERT

8332	2021-05-26 09:32	ahk.jpg 4a5f8a1e40fb9eab2b8bd55efbe61a83 Gen2 Antivirus PE File OS Processor Check PE32 VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	2 Keyword trend analysis	2	1		7.2	M	26	ZeroCERT

8333	2021-05-26 09:34	ConsoleApp2.exe 89c52df7d4bf97d0f9913dc89f6527b2 AsyncRAT backdoor SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS crashed					10.4	M	24	ZeroCERT

8334	2021-05-26 09:34	IMG_085_163_771.exe 719fad1c99b366347fabab8b752a1826 AsyncRAT backdoor SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces VMware IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4		9.2	M	15	ZeroCERT

8335	2021-05-26 09:36	%E5%88%9B%E8%BE%89%E4%BC%81%E4... b002b1aef58889242163dba60b7d6a47 Gen2 Emotet PE File OS Processor Check PE32 VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Tofsee Windows Remote Code Execution crashed	2 Keyword trend analysis	4	2		5.0	M	62	ZeroCERT

8336	2021-05-26 09:37	tendsoleApp2.exe c7619cc4826449419e212b8bef448e4e AsyncRAT backdoor AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder DNS crashed		1			10.2	M	13	ZeroCERT

8337	2021-05-26 09:39	gg5f2.exe 2bb5676bd130e5516733682dc75da8df AsyncRAT backdoor SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS crashed					9.4	M	28	ZeroCERT

8338	2021-05-26 09:40	0551038.exe c43aa3df483f13d1690fa6d26b38c203 PWS Loki[b] Loki[m] AsyncRAT backdoor Gen1 Gen2 DNS Socket HTTP KeyLogger Http API Internet API ScreenShot AntiDebug AntiVM .NET EXE PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Azorult VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency MachineGuid Malicious Traffic Check memory Creates executable files unpack itself Collect installed applications AppData folder malicious URLs sandbox evasion anti-virtualization installed browsers check Ransomware Browser Email ComputerName Software	1 Keyword trend analysis	2	1		10.4	M	10	ZeroCERT

8339	2021-05-26 09:40	IMG_3615_763_8.exe 87eb69c0cf08d284c76acc6666749a91 AsyncRAT backdoor AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself DNS crashed	2 Keyword trend analysis Info http://www.blueridgeholisticdental.com/nke/?8pdPzj6X=beluo/A3x1wk0axcPPYLRI6VL5KZoBZCIza2nCls1jNtqOSK3OGdLiR1PhbzTLTJ4aTYYmbD&_FNHAt=tVBl4PYHXHBx - rule_id: 1527 http://www.3556a.com/nke/?_FNHAt=tVBl4PYHXHBx&8pdPzj6X=Bu2S3uDiR9mXo57lDy6P1wh5eo8lJZxkJjBrRWLCJOJBpLyy7hXoE5ZXA8FCgXkaMfNP2bVp	4	1	1	9.6	M	13	ZeroCERT

8340	2021-05-26 09:40	jexi_cry.exe 6245b34a94512b3f2a8b753e7b8dd24f AsyncRAT backdoor PWS .NET framework .NET EXE PE File PE32 VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process Tofsee Windows DNS	1 Keyword trend analysis	5	1		7.6		14	ZeroCERT