Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
9721	2021-07-07 07:47	vnn.exe 1b415a56616a9f7c2e37fc2ce570664f PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key				8.0		28	ZeroCERT

9722	2021-07-07 07:48	nn.exe 8325e7768964ebee192622a378e7f28f PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself crashed				2.0		12	ZeroCERT

9723	2021-07-07 07:48	dllmar.dll c2b80fa119a1f182a24569df973f6b44 PE File DLL PE32 VirusTotal Malware				1.2		29	ZeroCERT

9724	2021-07-07 07:50	ty.exe 3ecdafd3c19efbfc4f06d5d2aefd02b8 PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself				2.2		31	ZeroCERT

9725	2021-07-07 07:52	fd.exe 318c866ef078ec6d9597aaebed8bc370 PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself				2.0	M	21	ZeroCERT

9726	2021-07-07 07:54	wir.exe c71f136a10c7c2f067f0a551a48f8ff6 PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key				8.2	M	33	ZeroCERT

9727	2021-07-07 09:26	Fm_Bin.exe 7967d58ccacabbb7dbe741615b8ad0f1 PWS .NET framework RAT Generic Malware PE File .NET EXE PE32 VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Windows Email ComputerName DNS Cryptographic key DDNS crashed	2 Keyword trend analysis	4	4	6.2	M	34	ZeroCERT

9728	2021-07-07 09:28	bigheadx.exe 730c3e11f32160328a8ec15631e91b52 PWS .NET framework NetWire RAT Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself				2.0	M	23	ZeroCERT

9729	2021-07-07 09:28	eldera.txt 53001c5112da0cb57eec1b029ff01759 RAT Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key crashed				14.2		22	ZeroCERT

9730	2021-07-07 09:30	vbc.exe cab88a8e7eaece20697b6afb947f5a0c PWS .NET framework North Korea RAT Gen2 Emotet Gen1 Generic Malware NSIS Admin Tool (Sysinternals etc ...) Anti_VM UPX PE File PE32 OS Processor Check .NET EXE VirusTotal Malware AutoRuns Check memory Checks debugger Creates executable files unpack itself AppData folder installed browsers check Windows Browser crashed				4.4	M	59	ZeroCERT

9731	2021-07-07 09:30	PA.exe d034e4dba29e649f665666027eadd43a PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder DNS				3.6		26	ZeroCERT

9732	2021-07-07 09:30	Doc_87654334567.exe 0376d443b0e1233cb070dbbc10e82963 PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself				2.0		28	ZeroCERT

9733	2021-07-07 09:33	zlnch.exe 5de6ec9265f79a31a9845c8a504d28f0 PE File PE32 VirusTotal Malware PDB Windows DNS crashed				3.6		34	ZeroCERT

9734	2021-07-07 09:34	dllmar.dll c2b80fa119a1f182a24569df973f6b44 Dridex PE File DLL PE32 VirusTotal Malware				1.2	M	29	r0d

9735	2021-07-07 09:36	vbc.exe c32025bcdb5f395414464705c115577d PWS .NET framework NetWire RAT Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows DNS Cryptographic key	8 Keyword trend analysis Info http://www.nopeace.club/gno4/?Cdxx=inCHmHQx&8pM0A2eH=KZ7BCcZ3EzMJ9dKjtwrKB1ycBn3tQcIheymLGVWowQrm9C5ZRctKyHlHlzyu5OKn2Me/PjCJ http://www.nopeace.club/gno4/ http://www.pageba.com/gno4/?8pM0A2eH=BekcA0zE2Qfvjgkitx3hXxY/LtGeaMvVowhUBv7fu5s/Kyr7kzR8iknwRG6Az76IoowRzlJD&Cdxx=inCHmHQx http://www.repairxlinic.com/gno4/?8pM0A2eH=VlxPKIwT3K/hN2e1yJrW5Lz2XHBics2EM+3Tk2QRZ3RYrWF+tq3r6iFQ487gNLhBJd97gOkj&Cdxx=inCHmHQx http://www.modaorganik.online/gno4/?Cdxx=inCHmHQx&8pM0A2eH=BO+JAK3WUuHkv76DXY2qbY1eFm2FwWlNAT+SdgcTsnpp/O/AGEox2Zn14AF6xFoc6Yx+QCRw http://www.modaorganik.online/gno4/ http://www.repairxlinic.com/gno4/ http://www.pageba.com/gno4/	11 Info www.repairxlinic.com(192.187.111.220) www.modaorganik.online(85.159.66.93) www.pageba.com(166.88.88.165) www.qhjahq.com() www.nopeace.club(34.102.136.180) www.orenocasino.xyz(127.0.0.1) www.canal2radio.com() 85.159.66.93 - suspicious 34.102.136.180 - mailcious 81.17.18.198 - suspicious 166.88.88.165	1	9.6		22	ZeroCERT