Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9601	2021-07-02 10:08	TDFg2dVh.php f6aaa5530bf51e230934c072da3b26ad PE File PE32					0.6			ZeroCERT

9602	2021-07-02 10:11	w6QuuXI2JES0h7q.php 6ea147e062fc4c5cf3602fbc3b79e7a0 PE File PE32					0.6			ZeroCERT

9603	2021-07-02 10:11	hEJbdmI1SPd9q.php 1700b18730073df6c01f0b836280ac66 PE File DLL PE32 unpack itself Windows crashed					1.6			ZeroCERT

9604	2021-07-02 10:12	umbr.exe be660e84f554b37e9a9f3dba3a24daef PWS .NET framework RAT Process Kill Generic Malware UPX FindFirstVolume CryptGenKey Http API Steal credential ScreenShot AntiDebug AntiVM PE File OS Processor Check PE32 Device_File_Check .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious TLD Tofsee Windows DNS Cryptographic key	1 Keyword trend analysis	5	4		7.8	M	39	ZeroCERT

9605	2021-07-02 10:13	okman.exe 77bd38dbf3b64bc06f15292564185b15 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					11.0	M	14	ZeroCERT

9606	2021-07-02 10:13	smoke.exe 6278d50da6d398cec9f1d53f66df6523 PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key					7.6	M	24	ZeroCERT

9607	2021-07-02 10:14	vbc.exe 5ddfbddf74d9e09bf434940362019979 PWS .NET framework RAT Gen2 Emotet Gen1 Generic Malware NSIS Admin Tool (Sysinternals etc ...) Anti_VM UPX AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check Browser Info Stealer VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder WriteConsoleW installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	3	1	1	15.4	M	65	ZeroCERT

9608	2021-07-02 10:45	run.exe d8448fffb26e04cf75f7ed809e43f0a3 PWS .NET framework RAT Generic Malware Http API Steal credential ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Tofsee Windows DNS Cryptographic key		2	2		6.8		13	ZeroCERT

9609	2021-07-02 10:48	oE990P6i.php 1a04560a6835717e95cfc363d08225bc PE File PE32					0.2			ZeroCERT

9610	2021-07-02 10:48	H12Ap68T1RRDnZ.php 1f981c7dacd28a0816b03cac28f7d910 PE File PE32					0.2			ZeroCERT

9611	2021-07-02 10:48	Wx4To9JTZt.php 375843ae09a1c432272b51a72b381d3b PE File PE32					0.6			ZeroCERT

9612	2021-07-02 10:48	Rsaym5vH.php f4b6eb0d7edb37d2a679770b605c6c6a PE File PE32					0.6			ZeroCERT

9613	2021-07-02 10:49	8JyBSaaZpgrGGx.php b9579d4c647f8817df3af6af2e0cd479 PE File PE32					0.6			ZeroCERT

9614	2021-07-02 13:30	kaisjovrnal.blogspot.com.vbs d255891ce2190e44a77b08582bc168ec [C] Macro Exec Reg [C] Running Service [C] All Process [C] Recent files [C] UserName [C] OS Malware Malicious Traffic buffers extracted WMI wscript.exe payload download Creates shortcut Creates executable files Tofsee Windows ComputerName DNS	2 Keyword trend analysis	4	2	1	6.0	M		ZeroCERT

9615	2021-07-02 15:07	이력서.tgz afc1cd2441264077ef58bfce46338a4e							9	Kim.GS