Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
8581	2021-06-05 10:51	ana.exe ed74a72fc3b7510936e9768cbf5d6fca Admin Tool (Sysinternals Devolutions inc) Anti_VM Malicious Library PE File .NET EXE OS Processor Check PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows DNS Cryptographic key				3.4	M	45	ZeroCERT

8582	2021-06-05 10:51	svchost.exe c1e7cb2700292ecd0bc4f4b1d718853d DNS Socket Code injection ScreenShot AntiDebug AntiVM PE File PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Tofsee Windows ComputerName keylogger		2	1	10.8	M	50	ZeroCERT

8583	2021-06-05 10:54	ds2.exe ccd95be19ccce8766611174bd6183e32 AsyncRAT backdoor Malicious Packer Antivirus KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Disables Windows Security powershell.exe wrote suspicious process Windows ComputerName Cryptographic key				10.6			ZeroCERT

8584	2021-06-05 10:54	scan.exe a7ecde3c8d8e2cb0d16088971e4dbd96 Gen1 Gen2 PE File PE64 OS Processor Check DLL .NET DLL VirusTotal Malware Check memory Creates executable files unpack itself DNS				3.2		30	ZeroCERT

8585	2021-06-05 10:56	uwa.exe fe29a7011c5da172c6686eb9efcd4532 PWS Loki[b] Loki[m] AsyncRAT backdoor .NET framework Admin Tool (Sysinternals Devolutions inc) Anti_VM Malicious Library DNS SMTP Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser DNS Cryptographic key				10.6	M	39	ZeroCERT

8586	2021-06-05 10:56	afo.exe f6dccd16da5a8415c2f64ad72aa76068 AsyncRAT backdoor PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Anti_VM Malicious Library DNS SMTP AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName Cryptographic key		2		15.2	M	33	ZeroCERT

8587	2021-06-05 10:58	u.wbk b5d26ba8cc8b2b0fc069698577133fef RTF File doc AntiDebug AntiVM Malware download VirusTotal Malware MachineGuid Checks debugger exploit crash unpack itself Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	2	2	4.4	M	29	ZeroCERT

8588	2021-06-05 10:58	yes-229.exe dcf27acafb4a26ac3d198482a0ddc846 Anti_VM Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself				8.2	M	21	ZeroCERT

8589	2021-06-05 11:00	afo.exe f6dccd16da5a8415c2f64ad72aa76068 AsyncRAT backdoor PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Anti_VM Malicious Library DNS SMTP AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key		2		15.8	M	33	ZeroCERT

8590	2021-06-05 11:01	afo.docx 92bd8363f47010e0cd7cc0a4a932b732 RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit crashed Downloader	4 Keyword trend analysis	6	3	4.4	M	6	ZeroCERT

8591	2021-06-05 11:03	a.dot 6da2c4e91c3afddf10f7f9cce9836638 RTF File doc AntiDebug AntiVM Malware download VirusTotal Malware MachineGuid Check memory exploit crash unpack itself Windows Exploit crashed Downloader	1 Keyword trend analysis	4	2	4.8	M	25	ZeroCERT

8592	2021-06-05 11:05	teta-089.exe dcf27acafb4a26ac3d198482a0ddc846 Anti_VM Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself				7.2	M	21	ZeroCERT

8593	2021-06-05 12:41	http://111.251.36.166 AgentTesla DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		1	2	5.8			guest

8594	2021-06-05 21:42	inst77player_1.0.0.1.exe 5c71794e0bfd811534ff4117687d26e2 PE File PE32 DLL Check memory Creates executable files unpack itself AppData folder				2.0			ZeroCERT

8595	2021-06-05 21:44	GirafficInstall1.0.0.17NoSign.... 046657092920bc79f132b58cbf8be510 Antivirus PE File PE32 OS Processor Check DLL VirusTotal Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder sandbox evasion Windows ComputerName Amazon DNS Cryptographic key crashed	5 Keyword trend analysis Info http://mlb.giraffic.com/inst_report.php?op=15549906_1.0.0.25_Watchdog_Silent_Install&msg=Installation_Complete http://mlb.giraffic.com/inst_report.php?op=15569187_1.0.0.25_Agent_Silent_Install&msg=Init http://mlb.giraffic.com/inst_report.php?op=15569187_1.0.0.25_Agent_Silent_Install&msg=Installation_Complete http://mlb.giraffic.com/inst_report.php?op=15549906_1.0.0.25_Watchdog_Silent_Install&msg=Init http://chromodoris.s3.amazonaws.com/GirafficInstall1.0.0.25.exe	24 Info yahoo.com(74.6.231.21) ping.giraffic.com(52.214.72.80) rendezvous5.giraffic.com(18.200.206.178) test.giraffic.com() chromodoris.s3.amazonaws.com(52.218.41.130) google.com(172.217.31.174) srv.giraffic.com() rendezvous7.giraffic.com(18.200.206.178) facebook.com(157.240.215.35) mseed.giraffic.com(54.171.169.161) rendezvous1.giraffic.com(18.200.206.178) mlb.giraffic.com(52.214.72.80) rendezvous3.giraffic.com(18.200.206.178) rendezvous9.giraffic.com(18.200.206.178) 34.255.131.204 175.208.134.150 54.171.169.161 172.217.161.142 34.250.171.60 74.6.231.21 18.200.206.178 62.113.216.169 157.240.215.35 52.218.52.233	6 Info ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false) ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true change port flag true) ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag true) ET INFO Session Traversal Utilities for NAT (STUN Binding Response) ET POLICY Executable served from Amazon S3 ET POLICY PE EXE or DLL Windows file download HTTP	11.2		33	ZeroCERT