Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	Zero	VT	Player
9421	2023-08-14 10:20	md.exe 02223ae678f09c3b885971903cf8bd63 UPX PE64 PE File VirusTotal Malware unpack itself				2.4		23	ZeroCERT

9422	2023-08-14 10:20	UnityPlayer.dll 16af9ec92cb7e2baf47619f06e7ccd7d UPX Malicious Library OS Processor Check DLL PE64 PE File VirusTotal Malware Code Injection				2.2		22	ZeroCERT

9423	2023-08-14 09:31	NearbyInteractionLogging.mobil... 269d8959a6e14de4140a33940eafd927 ScreenShot AntiDebug AntiVM Check memory unpack itself				1.0			guest

9424	2023-08-14 09:29	hanacard_20230610.chm a28bb1ece40acad5522365f8959a073c Generic Malware Antivirus Hide_URL AntiDebug AntiVM CHM Format powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process Interception Windows ComputerName Cryptographic key	3 Keyword trend analysis	4	1	6.6	M		ZeroCERT

9425	2023-08-14 09:23	1.html 2b86cc9776d43c7916f5044a092c866d Antivirus AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection exploit crash unpack itself Windows utilities Windows Exploit DNS crashed	2 Keyword trend analysis			3.8		4	ZeroCERT

9426	2023-08-14 09:16	KB_20230531.chm a6136fa5e2c7d51187221e83e52b9402 Generic Malware Antivirus Hide_URL AntiDebug AntiVM CHM Format powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger heapspray Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process Interception Windows Advertising ComputerName Cryptographic key	3 Keyword trend analysis	4		10.4			ZeroCERT

9427	2023-08-14 09:16	1.html 136ceaa4b76934d78546271c08f51aa2 Antivirus AntiDebug AntiVM MSOffice File Code Injection exploit crash unpack itself Windows utilities Windows Exploit DNS crashed	2 Keyword trend analysis			3.4			ZeroCERT

9428	2023-08-14 09:13	1.html 136ceaa4b76934d78546271c08f51aa2 Antivirus unpack itself crashed				0.6			ZeroCERT

9429	2023-08-14 09:08	cred64.dll b71a9d5b854d028a6a9755d9475e5a71 Browser Login Data Stealer UPX Malicious Library OS Processor Check DLL PE64 PE File VirusTotal Malware PDB Checks debugger unpack itself installed browsers check Browser ComputerName DNS crashed		1		3.4	M	45	ZeroCERT

9430	2023-08-14 09:08	x-8.6.blaze 69a84378087813dcc137688a49871166 AntiDebug AntiVM ELF VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				4.4	M	35	ZeroCERT

9431	2023-08-14 09:07	현황조사표.xlsx.lnk 0eb8db3cbde470407f942fd63afe42b8 Generic Malware Downloader Antivirus Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API FTP KeyLogger Hide_URL AntiDebug AntiVM GIF Format Vulnerability VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	1		13.8		27	ZeroCERT

9432	2023-08-14 08:53	clip64.dll 0e5d0bba336c02519fce133196868ad4 Amadey UPX Malicious Library Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE File PE32 PDB Checks debugger unpack itself				0.8			ZeroCERT

9433	2023-08-14 07:53	32.exe fdb650f759c72c4d408a4da61096ac29 UPX Malicious Library Admin Tool (Sysinternals etc ...) PWS SMTP AntiDebug AntiVM OS Processor Check .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications AppData folder installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1		11.6	M		ZeroCERT

9434	2023-08-14 07:53	wininit.exe 1188a953c9f36b374ca3714c9de1763e Formbook Confuser .NET AntiDebug AntiVM .NET EXE PE File PE32 Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	21 Keyword trend analysis Info http://www.applechiofficial.com/pta7/ http://www.grmlfgsz.click/pta7/?fnA=ZUw0DE2tTfMrS/vGgTqiPtR9iLDJ7ITJFCKtS8euE2iaohDcpFUZC4QpBbwyViCfiPHxoQAr+wVp68on4xa7Qrqk1k7DdBy37sJAI4o=&kMqzI-=yuAc http://www.playcups.life/pta7/?fnA=owQQ/LdvYhr1hQA44RH9bUiltN1V9/nW3nzbuZ7AnukoApd9+FtfvWC4rKSj4oUCaFCHPCKOWRRPvWiBpKGkSpFpDTHalZsc88EWemY=&kMqzI-=yuAc - rule_id: 35250 http://www.applechiofficial.com/pta7/?fnA=3tLz2GELRqgUNEe3Tg6pYXQ6INf+7Y5kvPosXVoeGK7Pb7+bWmhYMZiQ8dlF92mvy5mXj5zMlug3M8Fw5MW69FZ659FzjUfEuZ9BwIA=&kMqzI-=yuAc http://www.playcups.life/pta7/ - rule_id: 35250 http://www.maytag36.com/pta7/?fnA=I+8B7hWWd8/aZc0LyOI98FU2kxxJYUgzWPkNKI3Xu1M4KTmr5ikbSLVEKd5DC7LZ6l0Rcp22A4fkoHEesbNwOWp7sSOEDutN8WpeiG4=&kMqzI-=yuAc - rule_id: 35246 http://www.selfstorage.koeln/pta7/ - rule_id: 35247 http://www.yh66985.com/pta7/ - rule_id: 35249 http://www.workationdelsol.com/pta7/?fnA=KwcplsCPI1RgA9llBgRI7UZiW4SpOPY+6KzEsYVNfDztjut0HKme+ulBSzhiqB8GHLrJm3E5Mws5yZIdMQ67aG0FcK0zVEj9Psx/60M=&kMqzI-=yuAc http://www.selfstorage.koeln/pta7/?fnA=nRxaeJY0qwDQ0+6frQxSN5E2QFq7X4AyNJuuilycF0k/wVU2rXenu/JIKS0/EAOQo/d8R3vVu9XtC/4/t+jNl01+sEHp/xYpCFlSqjU=&kMqzI-=yuAc - rule_id: 35247 http://www.acdaiucdac.com/pta7/?fnA=43v7Ny/HipLC1/i8/EHFbQWk+eiIQ/u53GN7wShSu/utS8xmabSGaVvVJrZKwfQ4W1iMjfgim/Qvgf/YMs2AzVLD8F/JP8IFS4Qjg6E=&kMqzI-=yuAc http://www.cosmicearthgoddess.com/pta7/ - rule_id: 35248 http://www.yh66985.com/pta7/?fnA=r0Znjcl108fWq3DW2uMZlKkUpEOS0il4WTIwHqnkDlhXNTmyDe2k/moWxs1adkJw8OOtkgeu00hRWSJDuXN3qGN9obJjMdXlYosByRw=&kMqzI-=yuAc - rule_id: 35249 http://www.promptyum.com/pta7/ http://www.promptyum.com/pta7/?fnA=51fXUovDvl40Gay+bBOuV4csAD2CR1Bn3rNklAoym8RSa3YWX1JZVvP1mooqhecBmHsju7ND43XQhJhW/MWm8p48YIEfLWeZ5rDjg9Q=&kMqzI-=yuAc http://www.maytag36.com/pta7/ - rule_id: 35246 http://www.grmlfgsz.click/pta7/ http://www.cosmicearthgoddess.com/pta7/?fnA=13fhjxEBwouEnUsG2Zptbc3oT5vv/DEuG4iFtfSUwau/qJ9Hv2KIb5nyZ/MG0WCg1U40rxerqpJjqyPhopVWfuMIqg+QB/xDsz3LaOk=&kMqzI-=yuAc - rule_id: 35248 http://www.sqlite.org/2019/sqlite-dll-win32-x86-3270000.zip http://www.acdaiucdac.com/pta7/ http://www.workationdelsol.com/pta7/	22 Info www.sisbom.online() - mailcious www.acdaiucdac.com(165.140.70.70) www.cosmicearthgoddess.com(74.208.236.61) - mailcious www.selfstorage.koeln(81.169.145.157) - mailcious www.applechiofficial.com(217.144.104.212) - mailcious www.grmlfgsz.click(172.67.178.188) www.promptyum.com(52.20.84.62) - mailcious www.workationdelsol.com(81.169.145.159) www.playcups.life(203.161.58.192) - mailcious www.yh66985.com(154.215.247.58) - mailcious www.maytag36.com(76.223.26.96) - mailcious 74.208.236.61 - mailcious 81.169.145.159 - mailcious 165.140.70.70 154.215.247.58 - mailcious 52.20.84.62 - mailcious 81.169.145.157 - mailcious 203.161.58.192 - mailcious 217.144.104.212 - mailcious 45.33.6.223 104.21.75.162 13.248.148.254 - mailcious	10 Info http://www.playcups.life/pta7/ http://www.playcups.life/pta7/ http://www.maytag36.com/pta7/ http://www.selfstorage.koeln/pta7/ http://www.yh66985.com/pta7/ http://www.selfstorage.koeln/pta7/ http://www.cosmicearthgoddess.com/pta7/ http://www.yh66985.com/pta7/ http://www.maytag36.com/pta7/ http://www.cosmicearthgoddess.com/pta7/	7.8	M		ZeroCERT

9435	2023-08-14 07:49	file.exe 049a6d9199bd6efe409b0ab9fc4cdee6 RedLine stealer UPX Malicious Library AntiDebug AntiVM OS Processor Check PE File PE32 Browser Info Stealer FTP Client Info Stealer Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1		11.2			ZeroCERT