Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9046	2021-06-19 10:13	aim-386818343.xlsm 5a55625270351cd035ffff122fcae85e Check memory Creates executable files unpack itself suspicious process Tofsee	2 Keyword trend analysis	4	2		3.4			guest

9047	2021-06-19 10:13	aim-386827314.xlsm 4b2be2409dbf11d8e43eb6784ecc258f Creates executable files unpack itself suspicious process Tofsee DNS	2 Keyword trend analysis	4	2		3.8			guest

9048	2021-06-19 10:15	aim-386037884.xlsm 5e8b78d60a546712a68abedb64f3a455 Check memory Creates executable files unpack itself suspicious process Tofsee	2 Keyword trend analysis	4	2		3.4			guest

9049	2021-06-19 10:16	aim-387176491.xlsm 11acc8a0e82823aff2bc5753ba941369 Check memory Creates executable files unpack itself suspicious process Tofsee DNS	2 Keyword trend analysis	4	2		4.0			guest

9050	2021-06-19 19:00	Toner-RecoverSetup.exe b1ca84cb3ebb2c3ecc6bc4707130c98b PWS .NET framework Emotet BitCoin AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic unpack itself Collect installed applications Check virtual network interfaces AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key crashed	8 Keyword trend analysis Info http://ynabrdosmc.xyz/ https://www.google.com/favicon.ico https://www.google.com/images/branding/googlelogo/1x/googlelogo_white_background_color_272x92dp.png https://ssl.gstatic.com/gb/images/i1_1967ca6a.png https://www.google.com/ https://api.ip.sb/geoip https://iplogger.org/2qJhq6 https://www.google.com/images/hpp/Chrome_Owned_96x96.png	10	3		13.4	M	13	ZeroCERT

9051	2021-06-19 19:01	Setup.exe 5499fd2b9a83a2de834ba2539d2d210d PWS .NET framework Emotet Gen1 AsyncRAT backdoor BitCoin AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check DLL PE64 Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder AntiVM_Disk WriteConsoleW VMware IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key crashed	11 Keyword trend analysis Info http://ynabrdosmc.xyz/ http://yaklalau.xyz/ http://ipinfo.io/ip http://ipinfo.io/country https://ipqualityscore.com/api/json/ip/gp65l99h87k3l1g0owh8fr8v99dme/175.208.134.150 https://ssl.gstatic.com/gb/images/i1_1967ca6a.png https://www.google.com/ https://api.ip.sb/geoip https://iplogger.org/2qJhq6 https://www.google.com/images/hpp/Chrome_Owned_96x96.png https://ipinfo.io/country	18 Info ynabrdosmc.xyz(178.57.217.111) www.google.com(172.217.161.36) ssl.gstatic.com(172.217.31.163) yaklalau.xyz(141.136.0.74) iplogger.org(88.99.66.31) - mailcious everestsoftrade.com(68.65.120.87) - malware ipinfo.io(34.117.59.81) api.ip.sb(172.67.75.172) ipqualityscore.com(172.67.72.12) 172.67.75.172 178.57.217.111 141.136.0.74 88.99.66.31 - mailcious 142.250.66.36 68.65.120.87 - malware 142.250.66.99 34.117.59.81 172.67.72.12	7 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY Possible External IP Lookup ipinfo.io ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO TLS Handshake Failure SURICATA HTTP unable to match response to request		19.2	M	36	ZeroCERT

9052	2021-06-21 12:40	jaws 04b3c04aa965443963cbe30966ff9d04 AntiDebug AntiVM VirusTotal Email Client Info Stealer Malware Code Injection Check memory Checks debugger unpack itself Browser Email					3.8		20	ZeroCERT

9053	2021-06-21 12:44	file.exe 58e5562209d50978efd614dd040ef4ca PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows crashed					3.2	M	36	ZeroCERT

9054	2021-06-21 12:45	ferrari.exe d7cf6a60f9b30ae5ae5e0124b88f5b90 Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows DNS crashed					4.0	M	45	ZeroCERT

9055	2021-06-21 12:51	file20.exe 350d120fa10b2400fd108dbb87577d3c Themida Packer PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	3		10.4	M	26	ZeroCERT

9056	2021-06-21 12:51	puredw.exe 00c99ac957aafe7a9edcfb94cdf51b4c AsyncRAT backdoor Antivirus AntiDebug AntiVM PE File .NET EXE PE32 PE64 VirusTotal Malware powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed	3 Keyword trend analysis Info http://apdocroto.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-81514251FABDE2F99CFEBD586080FAC5.html - rule_id: 2096 http://adda.net.in/pure.exe http://apdocroto.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-0584004D03FC69E0105F907305046667.html - rule_id: 2096	4	5	2	14.2	M	19	ZeroCERT

9057	2021-06-21 12:53	file3s.exe 856cf6ed735093f5fe523f0d99e18424 Raccoon Stealer PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows DNS crashed					4.0	M	48	ZeroCERT

9058	2021-06-21 12:54	Server.exe 3efecc6d6ddfb3d62fb8e9b6496287d9 AsyncRAT backdoor Antivirus KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security powershell.exe wrote Check virtual network interfaces suspicious process AppData folder sandbox evasion WriteConsoleW Windows ComputerName DNS Cryptographic key DDNS crashed	2 Keyword trend analysis Info http://apdocroto.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-153E31DBDD1ACDF382491ECDBE37689C.html - rule_id: 2096 http://apdocroto.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-B8A00046C7A941058E012A87473EB342.html - rule_id: 2096	5	4	2	17.8	M	12	ZeroCERT

9059	2021-06-21 12:55	temp.exe d89c813bf46d01f144a20592d371f0cc PE File PE64 Dridex TrickBot VirusTotal Malware AutoRuns Malicious Traffic unpack itself Windows utilities suspicious process Tofsee Kovter Windows ComputerName DNS	5 Keyword trend analysis	4	4		8.8	M	47	ZeroCERT

9060	2021-06-21 12:57	install.exe c47acd5194f2a60666811ac9a14f768d Anti_VM Antivirus AntiDebug AntiVM PE File PE32 OS Processor Check powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process AppData folder WriteConsoleW anti-virtualization Windows ComputerName DNS Cryptographic key crashed					12.4	M		ZeroCERT