Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9901	2023-10-04 07:56	processing.exe 5b4cde02e2552a6c3d5f4c96e61a9e4b Formbook NSIS Malicious Library UPX PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files ICMP traffic unpack itself	3 Keyword trend analysis Info http://www.johnnystintshop.com/sy22/?5j=lBpndDaiazzaPDz8oVvNWLtjY8ASY3krgNLZx/nYs7DN6Z9ubRKrMqHrK8vEE3FEQDB+295P&vTdDK=LJBx - rule_id: 36543 http://www.mysticheightstrail.com/sy22/?5j=Q5FfiwTKAQAoPcoP4e5kySmJcOUQtYy/n0X88F5fBW8bclPVBZXpMCw8fqRp6JUwXvQoTE+1&vTdDK=LJBx - rule_id: 36309 http://www.jizihao1.com/sy22/?5j=3PKlaCPIzU4vEpSTCliM62U/p7q8/wgFKC2xum1ddk3IfpDEo7oK1Mr0Jaw/Go0sFzx2J7Yb&vTdDK=LJBx - rule_id: 36544	6	1	3	5.0	M	41	ZeroCERT

9902	2023-10-04 07:53	audiodg.exe 4e4c359c0e36f7e5b3dc44af663ceff5 .NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.2		28	ZeroCERT

9903	2023-10-04 07:52	MGL%20Wholesale%20Group%20L.L.... 9e5f0a7ad4c7061edd9e8d998f597bc7 UPX PE File PE32 .NET EXE VirusTotal Malware Buffer PE PDB Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key		1			4.2	M	25	ZeroCERT

9904	2023-10-04 07:51	syncUpd.exe 661f21fa79064d41c270176ad38c1866 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					1.6	M	34	ZeroCERT

9905	2023-10-04 07:51	audiodg.exe 85c27234aa291cde56c1a78603d71081 Generic Malware .NET framework(MSIL) Antivirus AntiDebug AntiVM PE File PE32 .NET EXE DLL ZIP Format Browser Info Stealer VirusTotal Malware powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows Browser ComputerName Cryptographic key	11 Keyword trend analysis Info http://www.bimiraq.com/ncoj/ http://www.antsnav.com/ncoj/?nxDCyr=k6lZgIYtgKScwrY8pHro/PDAsyN+Ma0X/rCAAme2ni/5IVGLYG0zVGplEfRL+3QOVGKsiLjVRU/vs+oeg30ChqgsNcJjfndCx8nhIPk=&6h=f51UoXbt17G http://www.38mwynj7dug2.buzz/ncoj/?nxDCyr=cqsb9busYckswu5tl2hs1PEI9pWErdimDzlp34E2aha2iJT2eFFG/funIEYSTKoaqITRs/NPOvbiiBSI+XWo0HJ5fu7hwmxGTgtg6FY=&6h=f51UoXbt17G http://www.antsnav.com/ncoj/ http://www.bimiraq.com/ncoj/?nxDCyr=XIxLCAEQ0j01YzKaapTqF+nS+qsHR4K+mT3TcIh0YevVauHQuuRL63AlAq6+mNvg+WbM+1ZCwlrFZaygUBCQMrF8dtNZCh2ZDkiTiSo=&6h=f51UoXbt17G http://www.lppkk.com/ncoj/ http://www.bord90-1us.click/ncoj/?nxDCyr=/wpW4Eg1zfji5WRIM69mwwfkBKVWxDHOUMH3dJ+6otM1KiL+BV8qZwOPMcyaXeTE36ZRIVdGgp9cEXlGc10Qp3ASMmejNlAX5LVEWFU=&6h=f51UoXbt17G http://www.bord90-1us.click/ncoj/ http://www.sqlite.org/2021/sqlite-dll-win32-x86-3350000.zip http://www.lppkk.com/ncoj/?nxDCyr=Mtp3WxtNvxk26bamdUjkb0yMxjBBBeG3EFYaeCPTWM8qB4rDVAANJEhbdFBrwp5JzidZg3tzQPFU7dQqmqHJyHV4uamwOaSCvkmmqms=&6h=f51UoXbt17G http://www.38mwynj7dug2.buzz/ncoj/	12	1		16.2	M	31	ZeroCERT

9906	2023-10-04 07:49	unvp.exe 60e0cb2dda65e61f07b78667b34ecbd2 AgentTesla Generic Malware Antivirus .NET framework(MSIL) SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed		2	4		15.0	M	40	ZeroCERT

9907	2023-10-04 07:47	unvp.exe 7d32d70e2b5287337a67acc90db25c03 LokiBot Generic Malware .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AgentTesla powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed		2	2		13.2		35	ZeroCERT

9908	2023-10-04 07:47	onedoz.exe 9d342dbaaada6a16b4634ebcc73f9503 Malicious Library PE File PE32 VirusTotal Malware					1.4		27	ZeroCERT

9909	2023-10-04 07:46	s2.exe 2cd2fe9cdc8d0007e549863d15c70385 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					1.6		30	ZeroCERT

9910	2023-10-04 07:44	nvpn.exe c17f541fdb6b3cb61be539e348d6ee0f NSIS Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Check memory Creates executable files unpack itself AppData folder crashed					4.0		44	ZeroCERT

9911	2023-10-04 07:44	process.exe 78610b12f460bc002beb71104d51db3b .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Browser Email ComputerName Software crashed					9.2	M	17	ZeroCERT

9912	2023-10-04 07:42	fmodstudio64.exe 5f32065d2330cb09aee6ed9fa7ed1c21 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Malicious Traffic Check memory buffers extracted unpack itself suspicious process Tofsee ComputerName Remote Code Execution	2 Keyword trend analysis	4	1		4.6	M	15	ZeroCERT

9913	2023-10-04 07:42	Setup.exe 46a22f0849344f152364d921c3c28435 Malicious Library UPX PWS SMTP AntiDebug AntiVM PE File PE32 OS Processor Check VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		1			9.8	M	24	ZeroCERT

9914	2023-10-03 19:50	rahfgnw.txt.exe 53001d5dd35f0f92eb0a676a19dce593 Malicious Library UPX Malicious Packer PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName Software crashed					3.2			ZeroCERT

9915	2023-10-03 19:49	UpdateSvc.exe 089428711dddec20eabf7732eea8fb8d Generic Malware Antivirus .NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself WriteConsoleW Ransomware Windows ComputerName					5.6	M	53	guest