Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
9571	2021-07-02 07:39	lv.exe bbac02dfafb59ca16c7208493bab1bc8 NPKI Gen1 Gen2 Malicious Library UPX DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM PE32 PE File VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows DNS		1		7.6		36	ZeroCERT

9572	2021-07-02 09:17	195_101cleaner.exe 89540cf3ed4d33b5d9787b1d69f60fc3 PE32 PE File DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder DNS crashed				3.8		26	ZeroCERT

9573	2021-07-02 09:18	vbc.exe 38811f89fdfca60be471e776e73ad1a9 Generic Malware RIG EK UPX Malicious Library PE32 OS Processor Check PE File VirusTotal Malware PDB unpack itself Windows Remote Code Execution crashed				3.2		49	ZeroCERT

9574	2021-07-02 09:19	BalomaKeaft.exe c0de5b33ab30d3257451f2aff84d4e51 VMProtect PE32 PE File VirusTotal Malware Check memory unpack itself				3.2		43	ZeroCERT

9575	2021-07-02 09:22	154_127cleaner.exe f6c4278b03536cb8d5e1326f7abd8137 PE32 PE File DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder crashed				3.4	M	39	ZeroCERT

9576	2021-07-02 09:24	ds2.exe 5e223f7fefeef3d4ccb2352318980208 PWS .NET framework Generic Malware Malicious Packer PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself				5.0	M	20	ZeroCERT

9577	2021-07-02 09:25	m1.dll 4185a656dd45d56626bc9ded66c3a7bd Emotet PE32 DLL OS Processor Check PE File Dridex TrickBot VirusTotal Malware suspicious privilege Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself Check virtual network interfaces suspicious process Kovter ComputerName Remote Code Execution DNS	4 Keyword trend analysis	2	2	6.2		10	ZeroCERT

9578	2021-07-02 09:26	ds1.exe d8bf15ff14b3d691a55c79198b965cbb PWS .NET framework Generic Malware Malicious Packer AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself				8.0	M	24	ZeroCERT

9579	2021-07-02 09:26	effot.exe cfef24eaa1cb13c455c62ed259eba525 PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed		1		12.6	M	29	ZeroCERT

9580	2021-07-02 09:28	jasp.exe 06fad614300b1d987c571fd83e27a783 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed				10.6		13	ZeroCERT

9581	2021-07-02 09:31	NolkaQibon.exe bd4fefc85df91dd4a1ea0959f50ee11d VMProtect PE32 PE File VirusTotal Malware Check memory unpack itself				3.2	M	48	ZeroCERT

9582	2021-07-02 09:31	bob.exe 78c26c6d6fafc8c472d053c5dc31d081 PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed				12.4		44	ZeroCERT

9583	2021-07-02 09:33	jamiiiit.exe 9e31c0a38c7763847b7af2f5b773e07f PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed				11.0		12	ZeroCERT

9584	2021-07-02 09:34	eba.exe c9aaa8eb7d6d3112a5621a7b9cccdb9f PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed				11.4		23	ZeroCERT

9585	2021-07-02 09:36	.wininit.exe 7e06d1bcadf14d1a21c3a137c133fb6f PWS .NET framework Generic Malware AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows Cryptographic key	7 Keyword trend analysis Info http://www.edimetics.com/u6bi/ http://www.htchotshot.com/u6bi/ http://www.edimetics.com/u6bi/?x48hXFZH=d3hfJGKEWI63rOsJCiBc8ornFYDvC9/7RczIGnWXKID5Nhwh5w+67HtP0IEOiuekpHZtIKVc&CR=Cr-8188 http://www.5588aiai.com/u6bi/ http://www.htchotshot.com/u6bi/?x48hXFZH=p/6tirVHgm6Xf5LbzuS+fXoDDCFNVIVt+CHyU+/NHj661G5jKsdlnfq9mZ8/6D3lLOYGJZ+W&CR=Cr-8188 http://www.unexpectedbrewing.com/u6bi/ http://www.unexpectedbrewing.com/u6bi/?x48hXFZH=jqQrih7cV1P8Fkwa2yx5xatUQVWwSyRce9oQ+27dkPfHvYAQnlO4HsejI5wTOxdSadtqjCum&CR=Cr-8188	11 Info www.unexpectedbrewing.com(198.54.117.215) www.edimetics.com(34.102.136.180) www.glomiotel.website() www.htchotshot.com(184.168.131.241) www.5588aiai.com(162.212.180.112) www.basicryptomining.com() www.gohospo.net() 198.54.117.216 - phishing 34.102.136.180 - mailcious 162.212.180.112 184.168.131.241 - mailcious	1	10.6		18	ZeroCERT