Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	Zero	VT	Player
9961	2021-07-13 10:38	0712_4408305114.doc 68da25a05ddc6b1e7e04fd5fa4cf76db VBA_macro UPX MSOffice File OS Processor Check Vulnerability unpack itself				2.2			guest

9962	2021-07-13 10:41	0712_4408305114.doc 68da25a05ddc6b1e7e04fd5fa4cf76db VBA_macro UPX MSOffice File OS Processor Check unpack itself				1.6			guest

9963	2021-07-13 11:01	fud.js c140a58ffaf225f718f458f7f3d5fb0c AgentTesla browser info stealer Google Chrome User Data Antivirus Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection Downloader AntiDebug AntiVM VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI heapspray Creates shortcut ICMP traffic unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key keylogger	1 Keyword trend analysis	6		18.0		6	ZeroCERT

9964	2021-07-13 11:20	0712_4408305114.doc 68da25a05ddc6b1e7e04fd5fa4cf76db VBA_macro MSOffice File OS Processor Check Vulnerability unpack itself				2.2			r0d

9965	2021-07-13 13:20	FBR Circular.docx 2c171622a19a378ea51d08748c70eb59 VirusTotal Malware unpack itself	1 Keyword trend analysis	2		2.2		31	guest

9966	2021-07-13 14:36	V-aim.dll 68d7d6f7f4c22abe217d12cc42be689f VMProtect PE64 DLL PE File VirusTotal Malware				1.6		11	Kim.GS

9967	2021-07-13 15:23	http://bfaunion.er.ro b585078f224de16b8a47399391f2b478 AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed	3 Keyword trend analysis	7		3.8			guest

9968	2021-07-13 16:00	V-aim.dll 68d7d6f7f4c22abe217d12cc42be689f IcedID VMProtect PE64 PE File DLL VirusTotal Malware				1.6		11	guest

9969	2021-07-13 16:06	http://6kf.me/dl.php?id=17 6b68ec30072b45921be6b1189c80dba3 Gen2 DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM MSOffice File OS Processor Check VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Windows Exploit DNS crashed		2		5.4	M		guest

9970	2021-07-13 17:55	catx.exe bef6fd5ba7b6b4d460c13c12df3dfc54 Generic Malware Antivirus Malicious Packer DNS AntiDebug AntiVM PE32 PE File .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW human activity check Windows ComputerName DNS DDNS		4		16.0		36	ZeroCERT

9971	2021-07-13 17:56	vm.exe 3b352f748c8f3829315700687daa73af RAT NPKI email stealer Generic Malware Antivirus DNS Escalate priviledges KeyLogger Code injection Downloader persistence AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Disables Windows Security powershell.exe wrote Check virtual network interfaces suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key crashed	3 Keyword trend analysis Info http://dhamtalwandi.com/vm.exe https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-FF1168FB01821F8A8370E6A54773772D.html https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-D984B0A323D24568C81800B08652C5E2.html	7		16.2		28	ZeroCERT

9972	2021-07-13 17:58	BGAmPrA9KABQcic.exe 6453d45f9cf9da2e5ed1bb5f124821e4 PWS Loki[b] Loki[m] Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	1	13.8	M	39	ZeroCERT

9973	2021-07-13 17:58	VoHMoV.exe c783ec630fcbaf9dbdee810f056daf14 PWS .NET framework RAT Generic Malware KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows DNS crashed	1 Keyword trend analysis	4		11.4		20	ZeroCERT

9974	2021-07-13 17:59	Project.exe ea2a146b3297499c1d3e2b24a7689d6e PWS .NET framework RAT Generic Malware UPX Malicious Library PE32 PE File OS Processor Check .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself DNS		1		2.6		54	ZeroCERT

9975	2021-07-13 17:59	rem.exe 04694be6bf4a97114fda8dec4f9b8f42 AgentTesla backdoor RemcosRAT browser info stealer Google Chrome User Data DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P per VirusTotal Malware AutoRuns Code Injection Check memory Creates executable files Windows utilities malicious URLs WriteConsoleW Windows		2		7.6		58	ZeroCERT