Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	VT	Player
10036	2021-07-14 17:00	rc.exe 0d1a243f89e21f7c54a6210e5aa36d69 UPX DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Code injection Http API Internet API Steal credential ScreenShot Downloader P2P AntiDebug AntiVM PE32 PE File VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection buffers extracted Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName keylogger	1 Keyword trend analysis	4		16.0	36	ZeroCERT

10037	2021-07-14 17:02	vbc.exe 7cb96438c874f4727c226553d9ca8a18 Loki PWS Loki[b] Loki[m] Gen2 Emotet .NET framework RAT Gen1 Generic Malware NSIS UPX Malicious Library Antivirus Admin Tool (Sysinternals etc ...) Anti_VM DNS AntiDebug AntiVM PE32 PE File OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory buffers extracted Creates executable files AppData folder malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName Software	2 Keyword trend analysis	2	1	12.2	59	ZeroCERT

10038	2021-07-15 09:13	ytmp3_work_youtube-to-mp3.exe d7f0e7382a50544f271617647794a604 RAT Generic Malware UPX KeyLogger Http API Steal credential ScreenShot AntiDebug AntiVM PE64 PE File VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key		2		8.2	46	ZeroCERT

10039	2021-07-15 09:13	Receipt-51930517.xls d07a6a28431175d0d6d9e968f4227478 VBA_macro MSOffice File PE32 PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows crashed	1 Keyword trend analysis	2		3.8	16	ZeroCERT

10040	2021-07-15 09:16	Invoice%203716517%20from%20Qui... cd0650a304a2fa6b3e7f80946189a0ed VBA_macro MSOffice File PE32 PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows crashed	1 Keyword trend analysis	2		4.0	20	ZeroCERT

10041	2021-07-15 09:16	Invoice%20811806%20from%20Quic... 6eac93f907e5b905676bd99a7f947552 VBA_macro MSOffice File PE32 PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows crashed	1 Keyword trend analysis	2		4.4	19	ZeroCERT

10042	2021-07-15 09:18	PO-20892.ppt d728d510f2b3020f9f5966787d11097d VBA_macro MSOffice File VirusTotal Malware				0.8	26	ZeroCERT

10043	2021-07-15 09:24	PO-20892.ppt d728d510f2b3020f9f5966787d11097d VBA_macro MSOffice File VirusTotal Malware Check memory RWX flags setting unpack itself suspicious process Interception	1 Keyword trend analysis	2		3.4	26	ZeroCERT

10044	2021-07-15 09:36	qwerty.html 1f96ffb7047012fa5c58c669e95cd26f AntiDebug AntiVM PNG Format MSOffice File Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed	32 Keyword trend analysis Info https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png https://resources.blogblog.com/img/anon36.png https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/comment-iframe.g?blogID%3D4778963473423104316%26pageID%3D2262483659192645202%26blogspotRpcToken%3D7841598%26bpli%3D1&followup=https://www.blogger.com/comment-iframe.g?blogID%3D4778963473423104316%26pageID%3D2262483659192645202%26blogspotRpcToken%3D7841598%26bpli%3D1&passive=true&go=true https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UN_r8OUuhv.woff https://www.blogger.com/static/v1/jsbin/1161973359-cmt__en_gb.js https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff https://www.google-analytics.com/analytics.js https://www.blogger.com/static/v1/widgets/3822632116-css_bundle_v2.css https://www.blogger.com/img/share_buttons_20_3.png https://www.blogger.com/static/v1/widgets/292860765-widgets.js https://www.blogger.com/comment-iframe-bg.g?bgresponse=js_disabled&iemode=9&page=1&bgint=6DYwHkUoXZwtgZB1HGKlMBxhGzC8Vmya6AAbCv_TcS0 https://www.blogger.com/comment-iframe.g?blogID=4778963473423104316&pageID=2262483659192645202&blogspotRpcToken=7841598 https://www.blogger.com/static/v1/v-css/281434096-static_pages.css https://www.blogger.com/dyn-css/authorization.css?targetBlogID=4778963473423104316&zx=bf80a9f2-d4e7-49ec-9747-e5b4ae0f3fcb https://resources.blogblog.com/img/blank.gif https://www.google.com/js/bg/6DYwHkUoXZwtgZB1HGKlMBxhGzC8Vmya6AAbCv_TcS0.js https://fonts.googleapis.com/css?family=Open+Sans:300 https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff https://www.google.com/css/maia.css https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://randikhanaekminar.blogspot.com/p/qwerty.html%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://randikhanaekminar.blogspot.com/p/qwerty.html%26type%3Dblog%26bpli%3D1&passive=true&go=true https://www.blogger.com/comment-iframe.g?blogID=4778963473423104316&pageID=2262483659192645202&blogspotRpcToken=7841598&bpli=1 https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Frandikhanaekminar.blogspot.com%2Fp%2Fqwerty.html&type=blog&bpli=1 https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg https://fonts.googleapis.com/css?lang=ko&family=Product+Sans\|Roboto:400,700 https://www.blogger.com/img/blogger-logotype-color-black-1x.png https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js https://www.blogger.com/static/v1/v-css/2621646369-cmtfp.css https://www.blogger.com/static/v1/jsbin/1639926472-comment_from_post_iframe.js https://www.blogger.com/static/v1/jsbin/3775400722-ieretrofit.js https://resources.blogblog.com/img/icon18_edit_allbkg.gif https://www.blogger.com/blogin.g?blogspotURL=https://randikhanaekminar.blogspot.com/p/qwerty.html&type=blog	16 Info resources.blogblog.com(172.217.25.105) www.google.com(142.250.196.132) www.gstatic.com(172.217.25.99) fonts.googleapis.com(172.217.161.74) accounts.google.com(216.58.220.141) www.google-analytics.com(172.217.175.78) fonts.gstatic.com(172.217.31.131) www.blogger.com(172.217.25.105) 142.250.204.109 172.217.24.78 142.250.204.106 142.250.66.137 142.250.66.35 142.250.204.68 216.58.200.73 142.250.66.67		4.2		ZeroCERT

10045	2021-07-15 10:06	file13.bin 3a7d9e9c7b17f37cea12b4a9f2c6581b PE32 PE File VirusTotal Malware PDB unpack itself Windows crashed				2.6	29	ZeroCERT

10046	2021-07-15 10:06	file8.bin 622f4aa2d5e82438f3a40a35ab4902d5 PE32 PE File VirusTotal Malware PDB unpack itself Windows crashed				2.6	20	ZeroCERT

10047	2021-07-15 10:08	details.bin 3c21cccff5c8aabf1977f2dbdaeaafe7 PE32 PE File VirusTotal Malware PDB Windows crashed				3.0	34	ZeroCERT

10048	2021-07-15 10:08	Invoice%202930928%20from%20Qui... 1c54dba00a0049d433c29f7eabf1b486 VBA_macro MSOffice File PE32 PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows crashed	1 Keyword trend analysis	2		4.4	16	ZeroCERT

10049	2021-07-15 10:10	964937807.exe e82ce292a4c410c44c1f4da25d02a167 RAT BitCoin Generic Malware AntiDebug AntiVM PE32 PE File .NET EXE PE64 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process suspicious TLD WriteConsoleW installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed	3 Keyword trend analysis	5		17.2	24	ZeroCERT

10050	2021-07-15 10:10	file4.bin 363431c16f8b0a0196b67b11adf75ebd PE32 PE File PDB Windows crashed				2.0		ZeroCERT