Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	Zero	VT	Player
9886	2021-07-10 09:11	4c6b7cd617a0dcf2d783efd0d73e87... c9fa1e8906a247f5bea95fe6851a8628 Gen1 Gen2 Generic Malware PE32 OS Processor Check PE File DLL VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder sandbox evasion IP Check ComputerName	3 Keyword trend analysis	7	2	7.4	M	33	ZeroCERT

9887	2021-07-10 09:13	sysWow64-e1.exe 715788fb520b3873db406fdf59521afa PE32 OS Processor Check PE File VirusTotal Malware AutoRuns Windows ComputerName DNS		1		3.0		54	ZeroCERT

9888	2021-07-10 09:13	.wininit.exe ee61976fd8615f8ca2216abbd2da78e3 Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key	6 Keyword trend analysis Info http://www.sdnjjywlc.com/u6bi/?MvZXHps=bK+Z2QCmb4u7fikP/oCQzTpaclbhKc7MX25Oj4g0cEEIn6f/U5wR+VzXeWehSIx5eqTbt79v&WPUD3=GdS0 http://www.2021cacondo.com/u6bi/?MvZXHps=OCatVl/HxP9LSoxl3pI1zJ3If3DnqK1+RysL2U+jvU6gCDAnxqUdLaoRZ60A7ltEpEYQWsLq&WPUD3=GdS0 http://www.sint-ecommerce.com/u6bi/?MvZXHps=w2s295loKfJMVFbGUdfcYliRI2chPZn4DGCH61iVg+VnO5bLmd7xwLXDYjltKqBsEq3wHVjr&WPUD3=GdS0 http://www.divineryoga.com/u6bi/?MvZXHps=deWNSkh3tSSTPM/Ho/CFwJ6QdLWqgVMn4qt9MKMDmoYqIx8j0PsRTC+VhkgftOnLSKrC+ARJ&WPUD3=GdS0 http://www.kslife.net/u6bi/?MvZXHps=iNvyT4CqLMChP3e6Ge76qlbtGatm/FOjD6+EIrw4iNXlKmgdt1I05b7hDy3w2CW6vTCJ8tUN&WPUD3=GdS0 http://www.vartomp.wales/u6bi/?MvZXHps=7H4fYAqkCuUMmpQIRNaXruuxEBA9ulKuj0WQeNCK4JJQrql6o416QATUa5HMbVavY73qak70&WPUD3=GdS0	13 Info www.vac.one() www.sdnjjywlc.com(154.84.8.2) www.vartomp.wales(45.8.124.55) www.divineryoga.com(34.102.136.180) www.kslife.net(154.214.113.130) www.2021cacondo.com(34.102.136.180) www.sint-ecommerce.com(217.160.0.209) 154.84.8.2 217.160.0.209 - malware 34.102.136.180 - mailcious 154.214.113.130 45.8.124.55 104.21.19.200		8.8		21	ZeroCERT

9889	2021-07-10 09:15	vbc.exe d85950bc6166358539e77a46202d80d9 Malicious Library PE32 OS Processor Check PE File VirusTotal Malware PDB unpack itself Windows Remote Code Execution crashed				2.8		27	ZeroCERT

9890	2021-07-10 10:38	sysWow64-e1.exe 715788fb520b3873db406fdf59521afa NetWire RAT PE32 OS Processor Check PE File VirusTotal Malware AutoRuns Windows ComputerName DNS		1		3.0		54	r0d

9891	2021-07-10 10:59	ethminer.exe c6dedabf9eae985f537f6270d8f91808 CoinMiner QuickMiner PE64 PE File OS Processor Check VirusTotal Malware				0.8		14	r0d

9892	2021-07-11 23:45	KillAura.class 00c3a76b736f3378343486db0932f99a AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName				3.8			guest

9893	2021-07-12 09:41	information_01913.xlsb 876840f5faa0b20d0713a7e8435b19b7 VirusTotal Malware Creates executable files unpack itself suspicious process	1 Keyword trend analysis	2		3.2		4	ZeroCERT

9894	2021-07-12 09:43	P3GlorySetp.exe ab709667f7fda587f65ced022c09e455 Generic Malware PE File PE32 .NET EXE OS Processor Check VirusTotal Malware AutoRuns MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder Ransomware Windows ComputerName Cryptographic key crashed	10 Keyword trend analysis Info http://netoterizi.xyz/ - rule_id: 2569 https://videoconvert-download38.xyz/?user=p3_5 - rule_id: 2241 https://videoconvert-download38.xyz/?user=p3_4 - rule_id: 2241 https://iplogger.org/1WTBy7 https://videoconvert-download38.xyz/?user=p3_6 - rule_id: 2241 https://videoconvert-download38.xyz/?user=p3_1 - rule_id: 2241 https://videoconvert-download38.xyz/?user=p3_3 - rule_id: 2241 https://videoconvert-download38.xyz/?user=p3_2 - rule_id: 2241 https://videoconvert-download38.xyz/?user=bld - rule_id: 2241 https://iplogger.org/1WYBy7	6	8	10.4	M	34	ZeroCERT

9895	2021-07-12 09:44	08388e25.png.doc b53accbf466304e55d3abdda94c1fe5d MSOffice File VirusTotal Malware unpack itself DNS		1		3.8	M	39	ZeroCERT

9896	2021-07-12 09:44	batgo.exe 5ee0b97e90e31e11ce72b3a7c76c3e6f Gen1 PE File PE32 JPEG Format DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Malicious Traffic Check memory WMI Creates executable files unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process AppData folder sandbox evasion WriteConsoleW VMware anti-virtualization installed browsers check Windows Browser Email ComputerName Firmware DNS Software crashed	10 Keyword trend analysis Info http://162.55.223.232/softokn3.dll http://162.55.223.232/947 http://162.55.223.232/msvcp140.dll http://162.55.223.232/ - rule_id: 2605 http://162.55.223.232/ http://162.55.223.232/freebl3.dll http://162.55.223.232/vcruntime140.dll http://162.55.223.232/mozglue.dll http://162.55.223.232/nss3.dll https://sergeevih43.tumblr.com/ - rule_id: 2338	3	2	16.4	M	38	ZeroCERT

9897	2021-07-12 09:45	instalKP.exe 7d20b144fbf477138bcad9c1db44f6c1 PWS .NET framework RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key				9.4		32	ZeroCERT

9898	2021-07-12 09:46	jop.exe 6e23d791b07e987b4329a0f076133cd1 Themida Packer PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger ICMP traffic unpack itself Checks Bios Detects VMWare Check virtual network interfaces VMware anti-virtualization Windows Firmware DNS Cryptographic key crashed		1		8.6		52	ZeroCERT

9899	2021-07-12 09:48	powerpoint.exe e7e37e58de40b390fcded847360e0c49 AgentTesla PWS .NET framework browser info stealer Generic Malware Google Chrome User Data Malicious Packer Socket Sniff Audio Escalate priviledges KeyLogger Code injection Internet API Downloader persistence DGA DNS Create Service HTTP FTP Http API Steal Buffer PE AutoRuns Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities WriteConsoleW Windows				9.6			ZeroCERT

9900	2021-07-12 09:49	batman.exe 40a828eb521c1465984eb4bd44af3334 Gen1 PE File PE32 JPEG Format DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Malicious Traffic Check memory WMI Creates executable files ICMP traffic unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process AppData folder sandbox evasion WriteConsoleW VMware anti-virtualization installed browsers check Windows Browser Email ComputerName Firmware DNS Software crashed	10 Keyword trend analysis Info http://162.55.223.232/softokn3.dll http://162.55.223.232/947 http://162.55.223.232/msvcp140.dll http://162.55.223.232/ - rule_id: 2605 http://162.55.223.232/ http://162.55.223.232/freebl3.dll http://162.55.223.232/vcruntime140.dll http://162.55.223.232/mozglue.dll http://162.55.223.232/nss3.dll https://sergeevih43.tumblr.com/ - rule_id: 2338	3	2	17.4	M	48	ZeroCERT