Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8611	2021-06-07 09:50	a b1ce868636e96a555f1076d7224b3083 Malicious Library PE File PE32 VirusTotal Malware RWX flags setting unpack itself ComputerName DNS	1 Keyword trend analysis	1			3.2		52	ZeroCERT

8612	2021-06-07 16:28	loader1.exe f20a27b803bf2a57928f87af2d954ed3 PE File PE32 DLL FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files ICMP traffic unpack itself AppData folder DNS	18 Keyword trend analysis Info http://www.my-ela.com/bp3i/?tZU0=x3Xsx3kFmfVBk/03I35QZMI5K2UCf+f3EJo6s08DD7agpFQ+QRU8y9pTR1ZGHvyReF/CgWzd&Unt8E=GTdPPh0XeT3ldb http://www.my-ela.com/bp3i/ http://www.sportsiri.com/bp3i/?tZU0=aSvVGLLpXGw3OAXV2aZVnJ1iJf4AHcjemKA4E5Yqpc3oSPveS9L08/xGI3+5sNlqw1RF4nLk&Unt8E=GTdPPh0XeT3ldb http://www.motivactivewear.com/bp3i/?tZU0=zzYPr0OCNAmsWBGG6HNOV25V/HRJbXLG3dsQYpoWqUnjOdCdFgLO0pBdP9GuYgb2I6ZBWy1X&Unt8E=GTdPPh0XeT3ldb http://www.foldarusa.com/bp3i/ http://www.oceancollaborative.com/bp3i/ http://www.nodeaths.com/bp3i/ http://www.sportsiri.com/bp3i/ http://www.xn--2o2b1z87x8sb.com/bp3i/?tZU0=w0/TDHIc1+HezrcFGU9wSyY7ZohJU/wG9FEU96VZi51pjs1Dms3z4YPKKIrAiX80z3Y2jYtY&Unt8E=GTdPPh0XeT3ldb http://www.xn--2o2b1z87x8sb.com/bp3i/ http://www.jacksonmesser.com/bp3i/ http://www.foldarusa.com/bp3i/?tZU0=+xosTUoEG+X0Mmn9EyQPKyy4IkvTxBKuOGd9HmuPL+IfZbfpIZ2h3r2SnBjxbTFGvCCtepcQ&Unt8E=GTdPPh0XeT3ldb http://www.centroufologicosiciliano.info/bp3i/?tZU0=2oBW7Gq+oPyidiztoZuoYWcRATQmT11vWq8k6VNoEktLf6pbSYsZXTRFel/syGWUqWuQjZZt&Unt8E=GTdPPh0XeT3ldb http://www.centroufologicosiciliano.info/bp3i/ http://www.motivactivewear.com/bp3i/ http://www.nodeaths.com/bp3i/?tZU0=lAVGsZAimvW2FIy65vEHNJIN9n86K8XX6jwSW4mk+OH7OVxpkEktiPioJCYmNQpgOpJRaQcs&Unt8E=GTdPPh0XeT3ldb http://www.jacksonmesser.com/bp3i/?tZU0=W/CXmC3h5YAUZ8fFOtRWLSI9/aEaYl+nDG0UZjOjUVUC3iozDGVhybHRgTy+sMA/oIlFk4+3&Unt8E=GTdPPh0XeT3ldb http://www.oceancollaborative.com/bp3i/?tZU0=+tA82degRgcQ4mmnQvXabF4qHjy6FJLdLGPOjGCu1vH9ecmhDfriaGule7Kf6ooavhCfc5XG&Unt8E=GTdPPh0XeT3ldb	20 Info www.motivactivewear.com(34.102.136.180) www.dr-farshidtajik.com() www.oceancollaborative.com(184.168.131.241) www.lnbes.com() www.centroufologicosiciliano.info(172.96.191.170) www.kesat-ya10.com() www.xn--2o2b1z87x8sb.com(203.245.44.109) www.foldarusa.com(172.217.24.147) www.dembyanndson.com() www.nodeaths.com(184.168.131.241) www.sportsiri.com(34.102.136.180) www.jacksonmesser.com(192.185.0.218) www.my-ela.com(81.169.145.72) 142.250.66.115 172.96.191.170 203.245.44.109 81.169.145.72 - mailcious 34.102.136.180 - mailcious 184.168.131.241 - mailcious 192.185.0.218 - mailcious	1		6.0	M	25	ZeroCERT

8613	2021-06-07 17:26	http://23.95.122.53/imo/ana.ex... ed74a72fc3b7510936e9768cbf5d6fca AgentTesla Admin Tool (Sysinternals Devolutions inc) Anti_VM Malicious Library DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P Malware download VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed Downloader		1	6 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		6.2	M	48	guest

8614	2021-06-07 17:49	dan.exe 9ccfd50b1ca710649b7b46fe400f1976 Admin Tool (Sysinternals Devolutions inc) Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed					9.8	M	21	ZeroCERT

8615	2021-06-07 17:49	abu.exe 95e139735fcadfffda99648b935c7d26 AgentTesla PWS .NET framework Malicious Packer DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Code injection Http API Internet API Steal credential ScreenShot Downloader P2P AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName					11.2	M	21	ZeroCERT

8616	2021-06-07 17:51	blem.exe 36e936d5f3465f2fbf14a70ad7fb5389 Loki PE File PE32 DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	5	1	9.2	M	41	ZeroCERT

8617	2021-06-07 17:51	k0lzSkgsBCEeffT.exe 76a1600bced976aa26c84fab2265aeb6 PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Anti_VM Malicious Library PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key					3.0	M	34	ZeroCERT

8618	2021-06-07 17:53	vbc.exe 0de3fa22e412aa3f291e08efa40cf6ed NPKI AsyncRAT backdoor PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE MSOffice File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					8.8	M	3	ZeroCERT

8619	2021-06-07 17:54	bin.exe b076f162e8d25375316402e7ba31e271 AsyncRAT backdoor PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Malicious Library PE File .NET EXE MSOffice File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows DNS Cryptographic key crashed					6.0	M	10	ZeroCERT

8620	2021-06-07 17:56	iRUJHyoExTvbzwI.exe 0ecbaf51ed30203e8c90c4135e7bbe14 PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Anti_VM Malicious Library PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key					2.2	M	21	ZeroCERT

8621	2021-06-07 17:56	bin-08.exe 3d5cad8c871cd465d326c21365f0c3a6 Admin Tool (Sysinternals Devolutions inc) Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key					8.0	M	18	ZeroCERT

8622	2021-06-07 17:58	regasm.exe fbd53ac915163d948614d6b92d47d85d PE File OS Processor Check PE32 VirusTotal Malware Checks debugger unpack itself					2.0	M	31	ZeroCERT

8623	2021-06-07 17:58	winlog.exe 72023ccff6feee079620118b47db8305 PE File OS Processor Check PE32 VirusTotal Malware Checks debugger unpack itself DNS					2.4	M	28	ZeroCERT

8624	2021-06-07 18:00	loader2.exe d2bf80cf3bf4d9c593817f32dec58ca3 PE File PE32 DLL VirusTotal Malware suspicious privilege Check memory Creates executable files unpack itself AppData folder					3.6	M	36	ZeroCERT

8625	2021-06-07 18:01	qTRPobspXvlwT1l.exe 4a814df442bac80adc95a552acfe9cce PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Anti_VM Malicious Library PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key					2.8	M	29	ZeroCERT