Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
8836	2021-06-12 21:01	pdE2wzU92JHyzWh4.exe ba164765e442ec1933fd41743ca65773 njRAT Generic Malware PE File .NET EXE PE32 VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces ComputerName DNS crashed	1 Keyword trend analysis	2		5.2	M	47	ZeroCERT

8837	2021-06-12 21:01	PicturesLab.exe 23c3e480318751d3ae8ae72be0974cd3 njRAT PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself				2.2	M	51	ZeroCERT

8838	2021-06-12 21:03	I-Record.exe 0013b42646adc1c1f36a7f14573a608a njRAT PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself DNS				2.8	M	50	ZeroCERT

8839	2021-06-14 09:52	svvchhost.exe 1f5c585d127ec40bedca025c08dc32c7 AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key	6 Keyword trend analysis Info http://www.antiqueson3rd.com/nins/ http://www.antiqueson3rd.com/nins/?8pDpHDNH=hj0t+7N6QO035gxZ3BNIMCOgqjuhuFQ3Zf1XwFhdxQ80AHD8gsE+UZ6ZE96w/lEkIUXZ11dQ&GzuD=WB_TdrPxU http://www.drtracielashley.academy/nins/ http://www.linuxtechusa.com/nins/?8pDpHDNH=lvQAqEWEGQZsqKrkw4k0D9t5C5CuIZEQ9GgBn8Dl3JCy+ly5g/eG5ltKGFug6d/EXI0b/st3&GzuD=WB_TdrPxU http://www.linuxtechusa.com/nins/ http://www.drtracielashley.academy/nins/?8pDpHDNH=T2Dp9VXLmCzcF/eGop652LLGv67Irv0YsY0DKJuQ/fvsdHqvIuEGYusOnlaUSOF3jV7XTZva&GzuD=WB_TdrPxU	9	2	9.2		47	ZeroCERT

8840	2021-06-14 09:53	http://timesharesgroup.com AgentTesla DGA DNS Socket HTTP KeyLogger Http API Internet API ScreenShot Downloader Create Service Sniff Audio Escalate priviledges FTP Hijack Network Code injection Steal credential P2P persistence AntiDebug AntiVM PNG Format MSOffice File Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	7 Keyword trend analysis Info http://ww1.timesharesgroup.com/favicon.ico http://ww1.timesharesgroup.com/ http://img.sedoparking.com/templates/bg/arrows-1-colors-3.png http://www.google.com/adsense/domains/caf.js http://timesharesgroup.com/ http://parking.parklogic.com/page/enhance.js?pcId=2&domain=timesharesgroup.com https://www.google.com/afs/gen_204?client=dp-sedo86_3ph&output=uds_ads_only&zx=tuenhgb8jogg&pbt=er&errt=ads.domains&errv=17704288481237475822&errm=gAI&emsg='atob'%EC%9D%B4(%EA%B0%80)%20%EC%A0%95%EC%9D%98%EB%90%98%EC%A7%80%20%EC%95%8A%EC%95%98%EC%8A%B5%EB%8B%88%EB%8B%A4.	10	2	5.2			guest

8841	2021-06-14 10:08	serrvicce.exe 6383d401a22fc0fef17b6b075f526321 BitCoin AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	2	12.4	M	52	ZeroCERT

8842	2021-06-14 10:10	wid.exe e590634fbc2e55249d2c4044d92dcad4 AsyncRAT backdoor AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows utilities Windows DNS	24 Keyword trend analysis Info http://www.si-kap.online/nins/?DhA83=CkSqssPNTasDN79T9paWU+w8Dp43Y49isEk5TFz6M3/S92L4zwE0l0xBU+hkPwAGg96e1e1+&EzuxZr=3fX4qpLxsHG http://www.changingworldchallenge.com/nins/?DhA83=tPHft+MKmNyiLuB67lxFs831Lq8HuLrHcu+ClDjBU6AWMXXKq7Y91D6zcRo3Fh5Q7Mm2/2t+&EzuxZr=3fX4qpLxsHG http://www.haliluyar.xyz/nins/ http://www.misskarennglishteacher.com/nins/ http://www.aadetermatology.com/nins/ http://www.narcadia.com/nins/?DhA83=yb9qtpoVqHr9lDBWmCm9l7ZOXplMYu5kv0Kyhwxks7MmcT7By8tHNoIBZAgWutH2kpTLjvhZ&EzuxZr=3fX4qpLxsHG http://www.misskarennglishteacher.com/nins/?DhA83=O+98Jw6eZ7NbJuFcce4/yalE9cOT96kaeohvA/SvXUMKdATZ5BcFa1rubDGlSWQxRhe59SRf&EzuxZr=3fX4qpLxsHG http://www.casadecarrico.com/nins/?DhA83=TlDyj4aXeYb/yIqk68E9FQh6xHtYrQt2HRt2PHWW+7HNTFn73Jd8ClQGY1DJW0uZUAbZo9/8&EzuxZr=3fX4qpLxsHG http://www.si-kap.online/nins/ http://www.clemence-pierre.com/nins/?DhA83=EszyM3kNUKrJxLiq6KpzQMfLVOfVJC4K9tU253nuZIF8QVLY1VS6tN78Lh0sQ+YOEd5HuPhX&EzuxZr=3fX4qpLxsHG http://www.privatefuels.com/nins/?DhA83=uXNGOfsLI12bTz44E36cX4MwES3RtUR21E++SDRctfGwaN17B5+mJk2vNinKSgydrRNKdYeg&EzuxZr=3fX4qpLxsHG http://www.haliluyar.xyz/nins/?DhA83=YUXYYGgWIwuMeCvspaiBZKJ5l8crr79sumMDpCMq2VudsK3c0ue+SoUng29hZMcwHVOQPJ7o&EzuxZr=3fX4qpLxsHG http://www.changingworldchallenge.com/nins/ http://www.clemence-pierre.com/nins/ http://www.empossibility.com/nins/?DhA83=ZDkz/Wa6bLk1DzTVPoiH7HRVt1XWz0wjMDJoDWbLSadZrFjaQI0w3nz9C3gDwEchxUVgalwE&EzuxZr=3fX4qpLxsHG http://www.casadecarrico.com/nins/ http://www.carbontechco.com/nins/?DhA83=HUf/tHvLTthIajyibWD2on43cvmHcAD3ebxpLUEpCLyjI/OknDbtUoK//JDLUEpAJdRV1G+M&EzuxZr=3fX4qpLxsHG http://www.empossibility.com/nins/ http://www.aadetermatology.com/nins/?DhA83=E7qqi5GaNpQBEnsoDrZAQhJaX6xfo3cK3ZUPzgQsnLzywMk85xGoO/SFKX2ftlPS9/5qgwjc&EzuxZr=3fX4qpLxsHG http://www.halalmine.com/nins/ http://www.narcadia.com/nins/ http://www.privatefuels.com/nins/ http://www.halalmine.com/nins/?DhA83=Dzpv8sGxy5uG7ln3FCcZzazm69TQ2VKW5er1rCDVub0C+e1wjNprgoSJwgAqIMNoIK4v1Cgh&EzuxZr=3fX4qpLxsHG http://www.carbontechco.com/nins/	27 Info www.clemence-pierre.com(52.57.95.72) www.changingworldchallenge.com(184.168.131.241) www.halalmine.com(34.102.136.180) www.si-kap.online(104.26.8.94) www.sugene-proloser.icu() www.aadetermatology.com(192.187.111.220) www.misskarennglishteacher.com(74.63.241.20) www.carbontechco.com(204.11.56.48) www.privatefuels.com(52.14.32.15) www.haliluyar.xyz(23.252.75.42) www.moremeafrica.com() www.empossibility.com(154.88.240.185) www.narcadia.com(154.215.207.123) www.casadecarrico.com(172.247.179.61) www.highticketfunnelhacks.com() 184.168.131.241 - mailcious 104.26.8.94 - phishing 34.102.136.180 - mailcious 13.59.53.244 154.88.240.185 172.247.179.61 204.11.56.48 - phishing 81.17.18.196 - mailcious 23.252.75.42 69.162.80.58 - suspicious 52.57.61.78 154.215.207.123	3	13.2	M	46	ZeroCERT

8843	2021-06-14 11:48	142.exe c6b4231c761948c19b91f86d7b48d0e2 PE File PE32 PNG Format MSOffice File DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Creates autorun.inf DNS				3.8		5	ZeroCERT

8844	2021-06-14 11:49	CuaSoMU.exe 9154558e751f127a9ea12af0597fd4ce PE File .NET EXE PE32 Malware download VirusTotal DDoS Malware PDB Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces ComputerName target	4 Keyword trend analysis	2	4	4.2	M	59	ZeroCERT

8845	2021-06-14 11:51	nexus.exe 0b1d339690aa42985c82aa77b266d6f6 DNS AntiDebug AntiVM PE File .NET EXE PE32 Malware download Nanocore VirusTotal Malware c&c Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key		1	1	14.4	M	47	ZeroCERT

8846	2021-06-14 12:08	ScreamSploit.exe 5c02be60d05b65e7b32e7e2050837a74 AsyncRAT backdoor PWS .NET framework PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows DNS Cryptographic key				3.2	M	31	ZeroCERT

8847	2021-06-14 12:08	windowss.exe 171f87e916215ec4a0683cd7566033b4 PWS Loki[b] Loki[m] DNS Socket HTTP KeyLogger Http API Internet API ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs Tofsee Windows ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	2	3	9.8	M	46	ZeroCERT

8848	2021-06-14 12:22	file1.exe 6523cf4819682c2f900ce0b5d00be1c5 PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows crashed				2.6	M	20	ZeroCERT

8849	2021-06-14 12:22	sssv.exe 005aa2cbb0cd7825ec33f851498723bd BitCoin AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	2	12.4	M	42	ZeroCERT

8850	2021-06-14 12:24	zhushou_gao_1773841.apk 11ec6185c4b71787a24cd0d1b8a73cc8 VirusTotal Malware				0.6		14	ZeroCERT