popup

Submissions

No Date Request Urls Hosts IDS Rule Score Zero VT Player Etc
8986 2021-06-17 15:32 dan.exe  

6314108d54642e404df636af5519dddb


PWS .NET framework Admin Tool (Sysinternals etc ...) Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed 		9.6 M 28 ZeroCERT

8987 2021-06-17 15:57 請求書7442110.xlsx  

8497d30c5d723b20bd3d9e68364f0ecd

Malware download VirusTotal Malware Malicious Traffic unpack itself Windows DNS 		1 1 5 3.4 27 ZeroCERT

8988 2021-06-17 16:09 dBP1DJiJKPecHih.exe  

c8d7f9160e60b1db486561b007ab7621


PWS .NET framework Admin Tool (Sysinternals etc ...) Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key 		9.4 M 30 ZeroCERT

8989 2021-06-17 16:30 http://103.145.253.94/documeng...  

5fcb1ad7eb5087f9645b96b2f7700a61


PWS .NET framework Admin Tool (Sysinternals etc ...) Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 MSOffice File VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder Tofsee Windows Exploit DNS crashed 		1 5 5.2 M 21 Kim.GS

8990 2021-06-17 17:51 g63.exe  

33b25300e8911b7d280c7f91d27b4c6d


Raccoon Stealer PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows crashed 		3.0 M 22 ZeroCERT

8991 2021-06-17 17:51 20210616docusign.jar  

19fccaa759dbcdae8a35ad3f547442b7

VirusTotal Malware Check memory heapspray unpack itself Java DNS 		3.0 M 20 ZeroCERT

8992 2021-06-17 17:54 lv.exe  

1148ef649e923055e9868f63afeb9a04


Raccoon Stealer Gen1 Gen2 PE File PE32 DLL OS Processor Check VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Windows DNS crashed 		3.8 M 24 ZeroCERT

8993 2021-06-17 17:55 TRVSz8V0  

928163504cf073fe38f6e9cc0f91251c


PE File DLL PE32 VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself ComputerName DNS 		1 1 4.0 M 30 ZeroCERT

8994 2021-06-17 17:57 cbxCOgnfVV  

aeb7e590c71950fd4f75f4093a7e26a9


PE File DLL PE32 Malware Malicious Traffic Checks debugger RWX flags setting unpack itself ComputerName DNS 		1 1 3.0 ZeroCERT

8995 2021-06-17 18:26 win32.exe  

5fcb1ad7eb5087f9645b96b2f7700a61


PWS Loki[b] Loki[m] .NET framework Admin Tool (Sysinternals etc ...) Malicious Library DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software 		2 1 13.0 21 ZeroCERT

8996 2021-06-18 08:03 http://188.119.113.80/1/test.e...  

d57237560c25aff34850ab1980a0fb04


AntiDebug AntiVM VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed 		1 1 5 5.6 52 ZeroCERT

8997 2021-06-18 08:03 111s.exe  

ee4a89d1a2258c8b9a716bac64f15c2c


AsyncRAT backdoor PWS .NET framework PE File .NET EXE OS Processor Check PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed 		2 4 2 8.2 20 ZeroCERT

8998 2021-06-18 08:09 relvo.exe  

3f891f4ea01741d664416c3b34f64208


PE File PE32 VirusTotal Malware Remote Code Execution DNS 		3.2 M 46 ZeroCERT

8999 2021-06-18 08:09 Clapped.exe  

fb68c8251f6b0ce4c89fa24e61e8d1bc


AsyncRAT backdoor BitCoin AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed 		2 4 2 13.0 M 42 ZeroCERT

9000 2021-06-18 09:06 srochno.exe  

92520c1d6273560cedd77c3842810ad3


Gen1 PE File PE32 DLL OS Processor Check JPEG Format Browser Info Stealer Malware download FTP Client Info Stealer Vidar Arkei Email Client Info Stealer Malware suspicious privilege MachineGuid Malicious Traffic Check memory WMI Creates executable files unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process sandbox evasion WriteConsoleW VMware anti-virtualization installed browsers check Tofsee ArkeiStealer OskiStealer Stealer Windows Browser Email ComputerName Remote Code Execution Firmware DNS Software crashed Password 		9 3 6 1 15.0 M ZeroCERT

keyword