Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9226	2021-06-24 20:00	word.exe 6aa97acca8545664077d24df70b2c5cd AsyncRAT backdoor PWS .NET framework Generic Malware HTTP Escalate priviledges KeyLogger Code injection Http API Internet API ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Check virtual network interfaces sandbox evasion human activity check Tofsee Windows ComputerName DNS crashed	2 Keyword trend analysis	6	4		12.0		14	ZeroCERT

9227	2021-06-24 20:01	proxy-NSFS-setup.exe 700fedb3a0a3fa5e6d74dbb16b909d47 Malicious Packer PE File OS Processor Check PE32 PDB unpack itself Windows Remote Code Execution DNS crashed		1			2.6			ZeroCERT

9228	2021-06-24 20:02	JoSetp.exe 3f978ecfa134ba249784f9e3f6c63daf PWS .NET framework AsyncRAT backdoor Generic Malware PE File .NET EXE PE32 VirusTotal Malware AutoRuns MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Check virtual network interfaces AppData folder Tofsee Ransomware Windows DNS Cryptographic key	8 Keyword trend analysis Info https://iplogger.org/1vyFz7 https://iplogger.org/1p6br7 https://videoconvert-download38.xyz/?user=bj2 https://videoconvert-download38.xyz/?user=bj3 https://videoconvert-download38.xyz/?user=bj1 https://videoconvert-download38.xyz/?user=bj6 https://videoconvert-download38.xyz/?user=bj4 https://videoconvert-download38.xyz/?user=bj5	5	1		8.8		21	ZeroCERT

9229	2021-06-24 20:02	download 8d318ace341d81a82e32eaa38f88bd3c Generic Malware Themida Packer Anti_VM PE File PE32 VirusTotal Malware Check memory unpack itself Checks Bios Detects VirtualBox Detects VMWare VMware anti-virtualization Windows Firmware DNS crashed					6.2		40	ZeroCERT

9230	2021-06-24 20:02	80.exe 5ba96203fa7be66961318d47cd99f7de AsyncRAT backdoor Generic Malware PE File .NET EXE PE32 VirusTotal Malware Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces ComputerName DNS	1 Keyword trend analysis	2	3	1	3.0	M	23	ZeroCERT

9231	2021-06-24 20:04	requem.exe 6200da5ba37f01a1f9a8a89aae3f5b5f Gen1 Gen2 PE File PE64 OS Processor Check VirusTotal Malware Remote Code Execution					1.6		29	ZeroCERT

9232	2021-06-24 20:04	chaosgroup.v-ray.4.00.02.sketc... 8aa62ed37255b651a55ede3bad34e4f8 Process Kill CryptGenKey FindFirstVolume PE File OS Processor Check Device_File_Check PE32 VirusTotal Malware Check memory Checks debugger unpack itself DNS					2.4		17	ZeroCERT

9233	2021-06-24 20:07	winsys.exe 0d72c4f5d4b2dac75fc4eae84317b64d UPX Malicious Library PE File PE64 Browser Info Stealer VirusTotal Malware WriteConsoleW Browser					3.2		48	ZeroCERT

9234	2021-06-24 20:07	word.hta 5562d4b0b0707245170b795a79422da3 Antivirus Escalate priviledges ScreenShot AntiDebug AntiVM PE File DLL PE32 Malware download Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs sandbox evasion human activity check Windows ComputerName DNS Cryptographic key Downloader	2 Keyword trend analysis	4	5 Info ET POLICY DNS Query to a *.ngrok domain (ngrok.io) ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download		16.4			ZeroCERT

9235	2021-06-24 20:09	1012.exe cb6be429e44c8ccf5da692250f76358a WinRAR PE File OS Processor Check PE32 GIF Format VirusTotal Malware PDB Creates shortcut Creates executable files unpack itself AntiVM_Disk VM Disk Size Check Remote Code Execution					3.0		28	ZeroCERT

9236	2021-06-24 20:11	install.exe 125d3edc69e48beb919cc8b9d1083fe5 Emotet Admin Tool (Sysinternals etc ...) PE File OS Processor Check PE32 DLL MSOffice File VirusTotal Malware PDB Check memory Checks debugger Creates executable files unpack itself AppData folder Remote Code Execution DNS	2 Keyword trend analysis	2			5.4		22	ZeroCERT

9237	2021-06-24 20:11	195146tst.dll 745ddcaf6007f1db6092c35c3e878588 PE File DLL PE32 Checks debugger unpack itself					1.2			ZeroCERT

9238	2021-06-24 20:13	udsnbeoshsf.exe 186b9415ae0216ff270feb506169a94b AsyncRAT backdoor PWS .NET framework Generic Malware PE File .NET EXE OS Processor Check PE32 VirusTotal Malware DNS					2.2		33	ZeroCERT

9239	2021-06-24 20:14	system.exe 7b7ba402f370903873c0dd6bb8dcfb3a PE File PE64 VirusTotal Malware ICMP traffic unpack itself crashed		1			2.4		32	ZeroCERT

9240	2021-06-24 20:16	ti.exe f330bbd9ca047fddd9c946898ae087c8 Gen1 Gen2 Emotet Generic Malware Anti_VM PE File PE64 OS Processor Check DLL Browser Info Stealer VirusTotal Malware Check memory Creates executable files WriteConsoleW Ransomware Browser DNS					3.6		17	ZeroCERT