Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
8476	2021-06-02 10:27	vbc.exe 541369bff43470b5cb1056745b7eec92 Generic Malware PE File PE32 VirusTotal Malware				1.0	M	32	r0d

8477	2021-06-02 10:36	mn.exe 5bcb9ac769b8c069e202b42b16773af7 Malicious Library DNS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS		2		16.2	M	48	ZeroCERT

8478	2021-06-02 10:37	DOCUMENT.exe 1c3b8ae594cb4ce24c2680b47cebf808 APT APT29 PE File PE64 DLL OS Processor Check VirusTotal Malware PDB Checks debugger RWX flags setting unpack itself Detects VirtualBox Check virtual network interfaces VMware ComputerName				4.8		47	r0d

8479	2021-06-02 11:11	kn.exe 5bcb9ac769b8c069e202b42b16773af7 Malicious Library DNS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS		2		15.8	M	48	ZeroCERT

8480	2021-06-02 11:19	DOCUMENT.exe 1c3b8ae594cb4ce24c2680b47cebf808 APT APT29 PE File PE64 DLL OS Processor Check VirusTotal Malware PDB Checks debugger RWX flags setting unpack itself Detects VirtualBox Check virtual network interfaces VMware ComputerName DNS		5		7.0		47	ZeroCERT

8481	2021-06-02 11:29	EHH.exe 979555d563632cad528a128a3af233bb Admin Tool (Sysinternals Devolutions inc) Generic Malware Malicious Packer PE File PE32 VirusTotal Malware unpack itself anti-virtualization				1.6	M	18	r0d

8482	2021-06-02 11:34	EHH.exe 979555d563632cad528a128a3af233bb Generic Malware Admin Tool (Sysinternals Devolutions inc) Malicious Packer PE File PE32 VirusTotal Malware RWX flags setting unpack itself crashed				1.6	M	18	r0d

8483	2021-06-02 14:21	racial.drc.exe 9fb8d26ff13e2ab05719119ac06ecc07 Gen1 Gen2 PE File DLL OS Processor Check PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself				1.4		7	ZeroCERT

8484	2021-06-02 14:23	Inv 272590.doc 8566c9b1e8b18b0f23cf21ca5f2d5daf VBA_macro MSOffice File Vulnerability VirusTotal Malware Checks debugger WMI unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName crashed	9 Keyword trend analysis Info https://resaltodigital.com/wp-content/uploads/jupiterx/compiler/jupiterx/qwrSrMZN.php https://tkswift.com/well-known/pki-validation/c/i/a/Iyv91q8QlxVQGfh.php https://rockconsultllc.com/Malik2/wp-content/plugins/bluehost-wordpress-plugin/build/KhPxqrfzEA.php https://stskleen.com.au/wp-content/plugins/woocommerce-services/dist/chunks/CaUGJzgC.php https://brandvoxtech.com/wp-content/plugins/premium-addons-for-elementor/widgets/dep/DPOySTqLqjmhG.php https://pillsdaddy.com/wp-includes/js/tinymce/themes/inlite/vyQ9P2Q9.php https://indiaudyogmart.com/public/lte/plugins/ckeditor/adapters/E9HENiTTi0Z.php https://reachmedical.in/changes/uploads/file_format/5vixBSDMmITU.php https://brasilvioleiro.com.br/wp-content/cache/object/e3c/9ab/rSpBh8UHQx8r.php	18 Info brandvoxtech.com(162.241.123.29) brasilvioleiro.com.br(104.21.23.96) pillsdaddy.com(198.54.115.156) tkswift.com(108.170.13.242) rockconsultllc.com(162.241.244.67) - mailcious resaltodigital.com(160.153.133.162) indiaudyogmart.com(167.86.75.162) stskleen.com.au(198.71.233.109) reachmedical.in(142.4.29.146) 167.86.75.162 160.153.133.162 198.54.115.156 - malware 108.170.13.242 172.67.210.41 162.241.244.67 - mailcious 162.241.123.29 - mailcious 198.71.233.109 - malware 142.4.29.146	2	9.2		23	ZeroCERT

8485	2021-06-02 16:27	http://chek.zennolab.com/proxy... b6dc5502b3a9e484f096210896f467f5 AgentTesla DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	2	2	4.2			조광섭

8486	2021-06-02 17:57	AsyncClient.exe 06bae52519e72b26e8bf335b1910ac49 AsyncRAT backdoor PWS .NET framework PE File .NET EXE OS Processor Check PE32 VirusTotal Malware				1.0	M	39	ZeroCERT

8487	2021-06-02 17:59	file17.exe f75e65cf6b796abc480ed75fcbef0552 PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Http API Steal credential ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Tofsee Windows Cryptographic key	1 Keyword trend analysis	2	1	8.0	M	26	ZeroCERT

8488	2021-06-02 17:59	cc200.exe 0536dbc5fe700a6f59fc65a5cfcf2653 AsyncRAT backdoor PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Anti_VM Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key				8.8		14	ZeroCERT

8489	2021-06-02 18:00	file15.exe f503a51d3f5c1b15602ca18e145ea7c6 AsyncRAT backdoor Gen1 Gen2 Malicious Packer Http API Steal credential ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Email Client Info Stealer Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser Email ComputerName DNS	4 Keyword trend analysis	3	4	15.0	M	24	ZeroCERT

8490	2021-06-02 18:01	WAT%20Fix.exe c478eded04a9991cc55a34ae81037518 Gen1 Antivirus PE File PE32 VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger WMI Creates executable files RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Turn off Windows Error Recovery notification window Windows ComputerName Remote Code Execution DNS crashed		1		8.4	M	25	ZeroCERT