Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	VT	Player
9271	2021-06-24 23:06	Konica_bizhub_362_282_222_Pcl.... ca183683227d610072473bc5d7cae338 Gen2 Emotet Gen1 Generic Malware Admin Tool (Sysinternals etc ...) Anti_VM UPX PE File PE32 OS Processor Check Browser Info Stealer VirusTotal Malware AutoRuns Check memory Creates executable files RWX flags setting unpack itself AppData folder installed browsers check Windows Browser DNS		1		5.4	57	ZeroCERT

9272	2021-06-24 23:06	progressor.exe 24759ffc449ed731afd46090444c3229 Generic Malware PE File PE64 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself DNS				3.0	35	ZeroCERT

9273	2021-06-24 23:07	enbvcsisokec.exe 0e49ad93c3db682db359b39256dda4bb AsyncRAT backdoor PWS .NET framework Generic Malware PE File .NET EXE OS Processor Check PE32 VirusTotal Malware				1.6	34	ZeroCERT

9274	2021-06-24 23:09	cjuorszkjg.exe f4b8b0e43e3d5437668a54f1a395a8b4 AsyncRAT backdoor PWS .NET framework Generic Malware PE File .NET EXE OS Processor Check PE32 VirusTotal Malware				1.6	36	ZeroCERT

9275	2021-06-24 23:09	doc.exe 431777bcaef03bd8480bf1b7305e3b90 PE File PE32 DLL VirusTotal Malware AutoRuns Check memory Checks debugger WMI Creates executable files unpack itself AppData folder sandbox evasion human activity check Windows Browser ComputerName DNS	1 Keyword trend analysis	4	2	7.6	44	ZeroCERT

9276	2021-06-24 23:11	server.exe 3702ad7cc7ea7c7333c67896a78ec921 PE File PE32 VirusTotal Malware Check memory unpack itself DNS				2.8	31	ZeroCERT

9277	2021-06-24 23:11	kcudinre.exe 777d71c05d2f06f0c170d21912003808 AsyncRAT backdoor PWS .NET framework Generic Malware PE File .NET EXE OS Processor Check PE32 VirusTotal Malware				1.8	40	ZeroCERT

9278	2021-06-24 23:13	lidsjeswbm.exe e10349eeda1868b711ec624cd462e386 AsyncRAT backdoor PWS .NET framework Generic Malware PE File .NET EXE OS Processor Check PE32 VirusTotal Malware DNS				2.2	32	ZeroCERT

9279	2021-06-24 23:14	ottwsttuw.exe 5be8cfbec412b84cad8de61c090843c3 AsyncRAT backdoor PWS .NET framework Generic Malware PE File .NET EXE OS Processor Check PE32 VirusTotal Malware				1.6	32	ZeroCERT

9280	2021-06-24 23:16	lidsjeswbm.exe e10349eeda1868b711ec624cd462e386 AsyncRAT backdoor PWS .NET framework Generic Malware PE File .NET EXE OS Processor Check PE32 VirusTotal Malware DNS				2.2	32	ZeroCERT

9281	2021-06-24 23:18	SilviniFloat.exe f525fe6994ca286e3a64b32e324e0a46 AsyncRAT backdoor PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself DNS				2.4	16	ZeroCERT

9282	2021-06-24 23:19	GloryWSetp.exe de7ffc232f5bfd309e31b600ba3d7712 PWS .NET framework Generic Malware PE File .NET EXE PE32 Malware AutoRuns MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Check virtual network interfaces AppData folder Tofsee Ransomware Windows DNS Cryptographic key	8 Keyword trend analysis Info https://videoconvert-download38.xyz/?user=ww1 https://videoconvert-download38.xyz/?user=ww2 https://videoconvert-download38.xyz/?user=ww3 https://videoconvert-download38.xyz/?user=ww4 https://videoconvert-download38.xyz/?user=ww5 https://videoconvert-download38.xyz/?user=ww6 https://iplogger.org/1vrFz7 https://iplogger.org/1jH3j7	5	1	8.0		ZeroCERT

9283	2021-06-24 23:20	download 6da66d1368f56a0da3977885bfba690b Gen2 Emotet PE File PE32 DLL OS Processor Check PE64 VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities Auto service Check virtual network interfaces AppData folder sandbox evasion Tofsee Ransomware Windows ComputerName DNS	5 Keyword trend analysis Info http://flownetserv.com/static/media/build/Flow%20Browser%20-%20SearchBip/stable/win/x64/97856822509658/Setup.exe http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx https://flownetserv.com/service/update2 https://flownetserv.com/service/update2?cup2key=10:2041637316&cup2hreq=c44ca074fab98820e0ddea4abd5bbe7984d55eefb00cbc75bdb2c1c68dce87ec https://soloyama.com/app.php?ping=f%3D1%26a%3D3100%26u%3Dfldk-20210619-4126222-fbchff02%26p%3Dpa%26ck%3D430179789257580636%2F	27 Info edgedl.me.gvt1.com(34.104.35.123) _googlecast._tcp.local() dns.google(8.8.8.8) r5---sn-3u-bh2d.gvt1.com(59.18.44.80) api.mywot.com(52.39.82.104) soloyama.com(217.182.133.190) accounts.google.com(172.217.161.45) www.google-analytics.com(172.217.174.110) secure.mywot.com(54.158.63.53) flownetserv.com(172.67.223.135) static.mywot.com(13.227.73.65) r5---sn-3u-bh2lk.gvt1.com(59.18.30.144) 142.250.207.78 172.67.223.135 59.18.44.80 142.250.196.131 172.217.26.35 59.18.30.144 172.217.31.131 13.225.134.82 193.70.47.128 35.83.118.206 65.8.17.57 172.217.161.65 - mailcious 34.104.35.123 142.250.199.77 52.54.193.222	2	8.8	17	ZeroCERT

9284	2021-06-24 23:20	Nulti.exe 9985f01fc09605c9cd959a7564606f2c PE File PE64 VirusTotal Malware DNS crashed				2.2	22	ZeroCERT

9285	2021-06-24 23:22	svch.exe 790d32b24be33acb84bf56a73fac43cd Generic Malware PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows Remote Code Execution DNS crashed		9		5.4	36	ZeroCERT