Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	VT	Player
9436	2021-06-26 10:33	pdf.exe df8c0ae70c93c86d36fa7a2aa827c4ad backdoor RemcosRAT Gen2 Emotet Gen1 Generic Malware NSIS Admin Tool (Sysinternals etc ...) Anti_VM UPX DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Code injection Http API Internet API Steal credential ScreenShot Downl Browser Info Stealer VirusTotal Malware AutoRuns Code Injection Check memory Creates executable files Windows utilities suspicious process AppData folder WriteConsoleW installed browsers check Windows Browser DNS keylogger	1 Keyword trend analysis	6		10.0	60	ZeroCERT

9437	2021-06-26 10:33	windows.exe dc92ff1b7a14d65571e1d8c26f4f6f31 AgentTesla RAT PWS .NET framework browser info stealer Generic Malware Google Chrome User Data Malicious Packer Socket Sniff Audio Escalate priviledges KeyLogger Code injection Internet API Downloader persistence DGA DNS Create Service HTTP FTP Http API S VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities WriteConsoleW Windows DNS				12.8	18	ZeroCERT

9438	2021-06-26 10:42	doc75843.exe 765b1bb3690c9bacdfa38e18d788efbf NSIS Admin Tool (Sysinternals etc ...) PE32 PE File DLL VirusTotal Malware suspicious privilege Check memory Creates executable files unpack itself AppData folder				3.4	21	r0d

9439	2021-06-27 18:39	binlog.wbk c75bf7020e8f6ce384c3ca7ca11a075d RTF File doc AntiDebug AntiVM Malware download Malware MachineGuid Malicious Traffic Check memory exploit crash unpack itself Windows Exploit DNS crashed	1 Keyword trend analysis	1	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.0		ZeroCERT

9440	2021-06-27 18:43	vbc.exe fa9e57e5ba3eabc14a769739e1e97322 PWS .NET framework Gen2 Emotet Gen1 Generic Malware NSIS Admin Tool (Sysinternals etc ...) Malicious Library Anti_VM UPX PE32 PE File OS Processor Check .NET EXE Browser Info Stealer VirusTotal Malware AutoRuns Creates executable files ICMP traffic Windows utilities suspicious process AppData folder WriteConsoleW installed browsers check Windows Browser ComputerName DNS		2		7.4	59	ZeroCERT

9441	2021-06-27 18:50	vbc.exe 96f11a983ca4b33743fa1c63779d9344 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library DNS Socket Sniff Audio KeyLogger Code injection AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW human activity check Tofsee Windows ComputerName DNS Cryptographic key DDNS keylogger	2 Keyword trend analysis	5	3	15.0	21	ZeroCERT

9442	2021-06-27 18:50	bin.wbk 807b65afc134fda76a97efb0c43c1b09 RTF File doc AntiDebug AntiVM FormBook Malware download VirusTotal Malware MachineGuid Malicious Traffic Checks debugger exploit crash unpack itself Windows Exploit DNS crashed Downloader	3 Keyword trend analysis Info http://www.day.gallery/c244/?5jrH1Fg=11hzguJhBrysX6Fw6SlhasDxgh9z/gnSFhR0QA9FowTpI1aBBLxSL7StUNuIcJDhsI8vq7/m&KneX-=krHTkTAh9NNPFHpp http://www.naturallybossed.com/c244/?5jrH1Fg=WxH+v3Vmfu0Fr79DjRfsZnTWXQdATOenS6jbiO+X55LQOkvHXRJVEShSrshbwd+8C6nTiA5F&KneX-=krHTkTAh9NNPFHpp http://172.245.119.78/win/bin.exe	7	8 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Possible MalDoc Payload Download Nov 11 2014 ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE FormBook CnC Checkin (GET)	4.8	29	ZeroCERT

9443	2021-06-27 18:53	msn.exe 3e9e2e9218391d2b2b1e12d35c25f56e Generic Malware Malicious Packer DNS AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW human activity check Windows ComputerName DNS		3		15.6	36	ZeroCERT

9444	2021-06-27 18:53	bmw1.exe 64a80a26bd8286a8f3a170606a8b60b0 UPX OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself Windows Remote Code Execution DNS crashed				3.4	23	ZeroCERT

9445	2021-06-27 18:54	egoigwe.exe 452b278f614b59c5e8a9160f4c69c91f Generic Malware SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Disables Windows Security Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4	9.2	36	ZeroCERT

9446	2021-06-27 18:55	vbc.exe b6bd7e3441e81b784e91079392abd5ec RAT PWS .NET framework email stealer Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library DNS Socket Escalate priviledges KeyLogger Code injection Internet API Downloader persistence AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key		2		9.2	16	ZeroCERT

9447	2021-06-27 19:01	onyeala.exe c74d736acb2fde91f29ad12ff84355e5 PWS Loki[b] Loki[m] Generic Malware DNS Socket HTTP KeyLogger Http API Internet API ScreenShot AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs ComputerName DNS crashed		2		11.2	40	ZeroCERT

9448	2021-06-28 07:49	new_user 796b3e4674b68b33c906ce32c3275d83 OS Processor Check PE32 PE File DNS				0.6		ZeroCERT

9449	2021-06-28 07:53	vbc.exe 4472f82c006f5df5b1be9b9d1106c511 Gen2 Emotet Gen1 Generic Malware NSIS Admin Tool (Sysinternals etc ...) Anti_VM UPX PE32 PE File OS Processor Check VirusTotal Malware AutoRuns Check memory Creates executable files RWX flags setting unpack itself AppData folder installed browsers check Windows Browser crashed				4.6	58	ZeroCERT

9450	2021-06-28 09:21	141-k3tJkraZU6g0-vWsK4KYXUIHoy... 20f8e5becf548ade1107f8be23d4ab7b AntiDebug AntiVM VirusTotal Email Client Info Stealer Malware Code Injection Check memory Checks debugger unpack itself Browser Email				3.4	1	ZeroCERT