Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
8506	2021-06-03 10:08	name.exe 1dc71529f3ff0a6edb3ccc9d9f4163b5 AgentTesla DNS DGA Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Code injection Http API Internet API Steal credential ScreenShot Downloader P2P AntiDebug AntiVM PE File PE32 VirusTotal Malware Code Injection Check memory buffers extracted ICMP traffic unpack itself ComputerName DNS		1		8.0	M	46	ZeroCERT

8507	2021-06-03 10:08	nmode.exe 4ab06cfdb19c87b0581bac35b8fb8048 Generic Malware Malicious Packer Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows crashed				3.2	M	31	ZeroCERT

8508	2021-06-03 10:10	XiTAmVLm88EpcSc.exe 4b5e8f1de3016ca1027db5eb4e0a98dd Admin Tool (Sysinternals Devolutions inc) Anti_VM Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows utilities Windows DNS				9.2	M	33	ZeroCERT

8509	2021-06-03 10:10	ewa.exe 9e80303d54e5b42c33ad1f092c0a1d0c PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Anti_VM Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed				10.0		14	ZeroCERT

8510	2021-06-03 11:10	3IR10ztB.php a9a3fd9fd53605ef2bebef23dc595750 PE File DLL PE32 VirusTotal Malware				1.2	M	19	ZeroCERT

8511	2021-06-03 20:44	up.php.ps1 1de8b7fe6afea7c187a648993921033f Antivirus PE File DLL .NET DLL PE32 powershell suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	2		6.6	M		ZeroCERT

8512	2021-06-03 20:50	PREMIUM FINANCE AGREEMENT.docx 677e96c969263b6ab69587e55731cffa Vulnerability VirusTotal Malware unpack itself		2		3.4		11	ZeroCERT

8513	2021-06-03 20:52	template-jn02b3.dot 7bad9bfadd445f637abb738bba8000c7 VBA_macro MSOffice File VirusTotal Malware unpack itself DNS				2.6	M	24	ZeroCERT

8514	2021-06-03 20:55	Inv%2004256248.xls 10a6370bb359ff9f3a595c3ad389222c VBA_macro MSOffice File VirusTotal Malware unpack itself Tofsee	10 Keyword trend analysis Info https://tineo.gal/wp-content/plugins/wordpress-seo/vendor/composer/installers/tests/Composer/Installers/lSNBjeKdHn.php https://srivinaysalian.com/wp-content/plugins/catch-instagram-feed-gallery-widget/public/css/jYfe4b9imB.php https://Abidshakir.co.uk/wp-content/plugins/elementor/includes/admin-templates/22VemIrdTrquwKE.php https://ootashop.com/catalog/language/ar/extension/captcha/Iz40CaCFx.php https://vitiligomatch.com/wpvitiligomatch/wp-includes/css/dist/block-directory/QaLUIUkxomX.php https://thelottery.io/wp-content/themes/twentytwentyone/template-parts/content/Dxpzq4NTGh.php https://kweraltd.com/wp-content/plugins/woocommerce-delivery-notes/includes/component/u63R84hM.php https://labrie-sabette.com/wp-includes/sodium_compat/namespaced/Core/ChaCha20/gp5yHrBp.php https://menuiserie-lemoine.bzh/wp-content/themes/twentynineteen/template-parts/content/x0XxEHWGdeyPBEj.php https://shantijoseph.com/wp-content/themes/twentyseventeen/template-parts/footer/RSMMlevr.php	20 Info kweraltd.com(54.39.133.15) - mailcious ootashop.com(199.188.205.57) - mailcious labrie-sabette.com(173.230.252.50) - mailcious thelottery.io(138.68.242.172) - mailcious menuiserie-lemoine.bzh(188.165.53.185) - mailcious shantijoseph.com(87.247.240.31) - mailcious vitiligomatch.com(192.185.16.122) - mailcious srivinaysalian.com(216.37.42.46) - mailcious abidshakir.co.uk(62.171.164.209) - mailcious tineo.gal(82.98.169.3) - mailcious 192.185.16.122 - mailcious 188.165.53.185 - mailcious 216.37.42.46 - mailcious 82.98.169.3 - mailcious 87.247.240.31 - mailcious 54.39.133.15 - mailcious 138.68.242.172 - mailcious 173.230.252.50 - mailcious 199.188.205.57 - mailcious 62.171.164.209 - mailcious	4	3.2	M	21	ZeroCERT

8515	2021-06-03 20:57	dutyx.exe eff44c116ba1cf666a37bb022cf0368a AgentTesla DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Code injection Http API Internet API Steal credential ScreenShot Downloader P2P AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS				11.0		48	ZeroCERT

8516	2021-06-03 20:58	petoncode.exe 7c47f30bcdb61dada53d87ff5c73115e AsyncRAT backdoor PWS .NET framework SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows ComputerName DNS crashed	1 Keyword trend analysis	3	1	11.6	M	38	ZeroCERT

8517	2021-06-03 20:59	M0031.cab 5118e261cc4726da37478866b25aef2e Escalate priviledges KeyLogger AntiDebug AntiVM suspicious privilege Check memory Checks debugger unpack itself DNS				2.2			ZeroCERT

8518	2021-06-03 21:00	S-1.exe 5d7c5fb038aec296d80604e0d45eab22 AsyncRAT backdoor Antivirus PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process AppData folder Windows ComputerName Cryptographic key				6.0	M	46	ZeroCERT

8519	2021-06-03 21:01	INV.exe d55470b20a6777f44e16bc3f7e4ea4c0 AsyncRAT backdoor PWS .NET framework Antivirus AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key				10.2	M	7	ZeroCERT

8520	2021-06-03 21:02	winlog.exe 9e58383115c669f75786d2d1c0dc5b28 PE File OS Processor Check PE32 FormBook Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic unpack itself	2 Keyword trend analysis	4	1	3.2	M	30	ZeroCERT