Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	Zero	VT	Player
9811	2021-07-08 11:12	1609fbf0d6c26e---38596704027.p... c4d757196a348dbc813b65774a370dc3 VirusTotal Malware unpack itself				1.0	M	13	ZeroCERT

9812	2021-07-08 11:13	http://transfer.sh/get/1fPaerH... 051e7c8022b3f9edbb78c6cc9fb6fb98 Antivirus DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM MSOffice File PE32 PE File VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Windows Exploit DNS crashed	1 Keyword trend analysis	2		6.0		39	guest

9813	2021-07-08 11:14	adobe.exe 051e7c8022b3f9edbb78c6cc9fb6fb98 Antivirus PE32 PE File VirusTotal Malware Check memory RWX flags setting unpack itself crashed				2.6		39	guest

9814	2021-07-08 13:06	http://transfer.sh/get/1fPaerH... 051e7c8022b3f9edbb78c6cc9fb6fb98 Antivirus DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM PE32 PE File MSOffice File VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Windows Exploit DNS crashed	1 Keyword trend analysis	2		6.0		39	guest

9815	2021-07-08 13:12	adobe (4).exe 051e7c8022b3f9edbb78c6cc9fb6fb98 Antivirus PE32 PE File VirusTotal Malware RWX flags setting unpack itself crashed				2.4		39	guest

9816	2021-07-08 14:17	1609fbf0d6c26e---38596704027.p... c4d757196a348dbc813b65774a370dc3 PDF Suspicious Link PDF VirusTotal Malware				0.6	M	13	r0d

9817	2021-07-08 14:19	6704027.pdf c4d757196a348dbc813b65774a370dc3 PDF Suspicious Link PDF VirusTotal Malware unpack itself				1.0	M	13	r0d

9818	2021-07-08 14:21	1609fbf0d6c26e---38596704027.p... c4d757196a348dbc813b65774a370dc3 PDF Suspicious Link PDF VirusTotal Malware unpack itself				1.0	M	13	ZeroCERT

9819	2021-07-08 14:51	1609fbf0d6c26e---38596704027.p... c4d757196a348dbc813b65774a370dc3 PDF Suspicious Link PDF VirusTotal Malware unpack itself				1.0	M	13	ZeroCERT

9820	2021-07-08 15:06	1609fbf0d6c26e---38596704027.p... c4d757196a348dbc813b65774a370dc3 PDF Suspicious Link PDF VirusTotal Malware unpack itself				1.0	M	13	ZeroCERT

9821	2021-07-08 17:08	clienthost.exe b9abc27ac341388ca921c49f0c9df3b5 PWS .NET framework RAT Generic Malware .NET EXE PE32 PE File VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself ComputerName crashed				3.0		26	ZeroCERT

9822	2021-07-08 17:08	ConsoleApp15.exe 6c7ed035722165abe2e58da3fc6a024f AgentTesla browser info stealer Generic Malware Google Chrome User Data Antivirus Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection Downloader PDF AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS Cryptographic key DDNS crashed keylogger		2		16.6		19	ZeroCERT

9823	2021-07-08 17:10	ConsoleApp17.exe 2117808b6a0ded968c7f8f05c44e928a Generic Malware Antivirus PDF AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key crashed	1 Keyword trend analysis	3		14.6		23	ZeroCERT

9824	2021-07-09 09:28	s-etup.exe 4d0c54facda22627e27ddc68f7a1d31a Gen1 Generic Malware Anti_VM PE32 PE File DLL OS Processor Check JPEG Format Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Malicious Traffic Check memory WMI Creates executable files unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process AppData folder sandbox evasion WriteConsoleW VMware anti-virtualization installed browsers check Windows Browser Email ComputerName Firmware DNS Software crashed	9 Keyword trend analysis Info http://162.55.223.232/929 http://162.55.223.232/softokn3.dll http://162.55.223.232/msvcp140.dll http://162.55.223.232/ http://162.55.223.232/freebl3.dll http://162.55.223.232/vcruntime140.dll http://162.55.223.232/mozglue.dll http://162.55.223.232/nss3.dll https://sergeevih43.tumblr.com/ - rule_id: 2338	3	1	16.0	M	41	ZeroCERT

9825	2021-07-09 09:28	fmu5tnkNbcRn.exe b6c322defc4564129e88788385aa21ab PWS Loki[b] Loki[m] AgentTesla Gen1 browser info stealer Generic Malware ScreenShot AntiDebug AntiVM .NET EXE PE32 PE File DLL OS Processor Check JPEG Format Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder sandbox evasion WriteConsoleW anti-virtualization installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	9 Keyword trend analysis Info http://162.55.223.232/903 http://162.55.223.232/softokn3.dll http://162.55.223.232/msvcp140.dll http://162.55.223.232/ http://162.55.223.232/freebl3.dll http://162.55.223.232/vcruntime140.dll http://162.55.223.232/mozglue.dll http://162.55.223.232/nss3.dll https://sergeevih43.tumblr.com/ - rule_id: 2338	3	1	16.0	M		ZeroCERT