Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8866	2021-06-14 14:11	toolspab1.exe c7b5426c4e04adf6fb05cba342bb5428 PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows crashed					2.6	M	26	ZeroCERT

8867	2021-06-14 14:11	wwrreev.exe f154baeeb55ceb13aae9c4069b57bbcb AsyncRAT backdoor PWS .NET framework PE File .NET EXE OS Processor Check PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	3 Keyword trend analysis	4	2	1	7.4	M	43	ZeroCERT

8868	2021-06-14 14:13	gcc.exe c0142e34a4293c9468c70596bd8ebfdb PE File PE64 VirusTotal Cryptocurrency Miner Malware Cryptocurrency Check memory unpack itself Auto service Firmware DNS		2	1		3.6		41	ZeroCERT

8869	2021-06-14 14:13	toolspab3.exe bee7d309c80897628e4061562b236947 PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows crashed					2.6	M	27	ZeroCERT

8870	2021-06-14 14:15	msvc.exe 8499a6b941c62297c4ed8149f2c181fb PE File PE64 OS Processor Check VirusTotal Cryptocurrency Miner Malware Cryptocurrency Check memory unpack itself Auto service Firmware		2	1		3.2		43	ZeroCERT

8871	2021-06-14 14:15	bot.superh 34e3ffd55059cbe0f8e3d72d338d06d6 AntiDebug AntiVM ELF VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS		1			5.2	M	23	ZeroCERT

8872	2021-06-14 14:15	cmd.exe bbcb6f6fdf6a96a19d47dc05f30b1d8c PE File .NET EXE OS Processor Check PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself WriteConsoleW Tofsee Windows	2 Keyword trend analysis	2	1	2	3.8	M	46	ZeroCERT

8873	2021-06-14 15:22	http://103.156.91.50/fresh/vbc... f91a59d752971b133ff68b550ff847fb AgentTesla AsyncRAT backdoor PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Malicious Library DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credent Malware download VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed Downloader		1	6 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure		6.2	M	44	guest

8874	2021-06-14 15:42	gcc.exe c0142e34a4293c9468c70596bd8ebfdb PE File PE64 VirusTotal Cryptocurrency Miner Malware Cryptocurrency Check memory unpack itself Auto service Firmware DNS		2	1		3.6	M	41	ZeroCERT

8875	2021-06-14 15:44	msvc.exe 8499a6b941c62297c4ed8149f2c181fb PE File PE64 OS Processor Check VirusTotal Cryptocurrency Miner Malware Cryptocurrency Check memory unpack itself Auto service Firmware DNS		3	1		3.8	M	43	ZeroCERT

8876	2021-06-14 16:21	vOIDbofeitMYkhskGBRl_N-wZTkqd5... 385ee9db7c302ad590754e4c244e7115 AntiDebug AntiVM Email Client Info Stealer Code Injection Check memory Checks debugger unpack itself Browser Email					3.0			guest

8877	2021-06-14 18:37	2.dll cdc6ef36562b097aa88cd1d4e7e839cb PE File PE64 DLL OS Processor Check VirusTotal Malware Checks debugger unpack itself crashed					1.4		9	guest

8878	2021-06-14 20:20	svchost.exe 3e212283c8f1fdbbe2334ba3b59cab2f Admin Tool (Sysinternals Devolutions inc) Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Checks Bios Detects VirtualBox suspicious process VMware anti-virtualization Windows ComputerName DNS Cryptographic key Software					12.4			ZeroCERT

8879	2021-06-14 20:31	aJvwwVAh4AtTH6G.exe bf925c5e020c6ea955d5e7d1d6165631 PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Malicious Library PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows Cryptographic key					2.4	M	29	ZeroCERT

8880	2021-06-14 20:31	win32.exe b9032e2b7b07123f625f5d9e6e4f4796 AsyncRAT backdoor PWS .NET framework Malicious Library PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger unpack itself DNS					6.4	M	49	ZeroCERT