Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
9001	2023-11-09 20:41	73379-3.pdf 842e8f961764be2a8576dfa6c7700db5 PDF							guest

9002	2023-11-09 17:52	wininit.exe 1f061e24e82b471e201b57b67f446b7b Formbook Generic Malware .NET framework(MSIL) Antivirus AntiDebug AntiVM PE32 PE File .NET EXE FormBook Malware download Malware powershell PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	2 Keyword trend analysis	3	1	11.2			ZeroCERT

9003	2023-11-09 17:52	envifa.vbs b6ea314b8f9cef77002cdd81b2282977 Generic Malware Antivirus PowerShell powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	4 Keyword trend analysis Info http://apps.identrust.com/roots/dstrootcax3.p7c https://paste.ee/d/NisjR https://uploaddeimagens.com.br/images/004/654/536/original/new_image.jpg?1698957750 https://firebasestorage.googleapis.com/v0/b/hector-3b34f.appspot.com/o/remcos.txt?alt=media&token=e539e54f-29ff-4973-b00e-a2ebae4318e2	5	2	8.6			ZeroCERT

9004	2023-11-09 17:49	audiodgs.exe 00c758d48a0554f4c99b4cf88a435c05 AgentTesla .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName Software crashed				11.2			ZeroCERT

9005	2023-11-09 17:49	N2mech.jpg 1a4eac52acb88851f1f2675f22292658							ZeroCERT

9006	2023-11-09 17:49	Adobe.exe 6e29849e183af76ab02f23a723b28644 .NET framework(MSIL) PE32 PE File .NET EXE Check memory Checks debugger unpack itself ComputerName				1.4			ZeroCERT

9007	2023-11-09 17:45	windows_update_client.exe 2632513ef381e54f4b7067258c006f9e Malicious Library .NET framework(MSIL) UPX PE32 PE File .NET EXE OS Processor Check Check memory Checks debugger unpack itself				1.2			ZeroCERT

9008	2023-11-09 17:43	Adobe.exe 7c6ad8d10fa26f8e64507f483f51ae0b .NET framework(MSIL) PE32 PE File .NET EXE Check memory Checks debugger unpack itself ComputerName				1.4			ZeroCERT

9009	2023-11-09 17:42	server1.exe 875de5103e35a6a2d49a30ba11399a74 UPX PE32 PE File .NET EXE suspicious privilege Check memory Checks debugger unpack itself				1.8			ZeroCERT

9010	2023-11-09 17:42	spacezx.exe 93f252a044f077c268e1f7811dbeb206 .NET framework(MSIL) PE32 PE File .NET EXE PDB suspicious privilege Code Injection Check memory Checks debugger unpack itself				4.4			ZeroCERT

9011	2023-11-09 10:34	2023년 10월4주차 주간 국제안보군사정세(통권 제2... 337bbc45280073edd0ec63a9cffeacbc Client SW User Data Stealer browser info stealer Generic Malware Downloader Google Chrome User Data Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyL Browser Info Stealer VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut Creates executable files exploit crash unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW installed browsers check Tofsee Windows Exploit Browser ComputerName Cryptographic key crashed	1 Keyword trend analysis	2	2	14.2		21	ZeroCERT

9012	2023-11-09 10:26	123.pdf .cmd eea5227a5dae5958916a988c7bb6587b Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware Code Injection Malicious Traffic Check memory RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Windows DNS	3 Keyword trend analysis	6	2	6.6	M	5	ZeroCERT

9013	2023-11-09 10:25	2000215005_20231107_20231127_r... 015ba89bce15c66baebc5fd94d03d19e Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell MSOffice File VirusTotal Malware VBScript powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities suspicious process installed browsers check Tofsee Windows Exploit Browser ComputerName DNS Cryptographic key crashed Dropper	6 Keyword trend analysis Info http://ebpp.airport.kr/ui/jsp/if_pdfviewer.jsp http://ebpp.airport.kr/favicon.ico http://ebpp.airport.kr/updateEmail.jsp?ClassId=UpdateDataEmail&invno=2311200021500501&invdt=20231107&custid=2000215005&email=pkllo@naver.com&seq=1 http://ebpp.airport.kr/error.html http://ebpp.airport.kr/mail.do https://messengerin.com/layout/images/profile.php?color_style=TEST22-PC	4	1	10.0		8	ZeroCERT

9014	2023-11-09 10:20	lnstаllееer.exe e85a65b6ab5c25aec1cd5694586627c1 RedLine stealer Malicious Library UPX ScreenShot PWS AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5	12.2		32	ZeroCERT

9015	2023-11-09 10:20	Challan.exe 816cdd0d2e0852404804a683d1cd1b53 UPX Admin Tool (Sysinternals etc ...) PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself suspicious process ComputerName Remote Code Execution crashed				3.6		48	ZeroCERT