Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	Zero	VT	Player
10081	2021-07-15 11:32	file5.exe c967c0f03185ddce3718e11221cd9dbf UPX PE32 PE File VirusTotal Malware PDB unpack itself DNS		1		3.2		40	ZeroCERT

10082	2021-07-15 11:34	.wininit.exe a4231c7431f34ce5f1aeecd2c366008a Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	16 Keyword trend analysis Info http://www.sneakerssupermarket.com/7bun/?GzuX=PvR5U4CzamzH6G3sNGXTSLQaZtYsYmwgNdhhHTSdAYxz5ww0kg2mXAm8Th9XkZs+eILT2cdA&AnB=O2MxwrzxV http://www.modelsclinic.com/7bun/?GzuX=m3w4Bdh9bpVNFCkrZz/g9Z5fhYKoHVPPCMLJMgvkrgV2SA7hLU3dgzZ+CJeMd9qFkfdDn2KB&AnB=O2MxwrzxV http://www.2018luzy.com/7bun/ http://www.thehaphazardhomeschool.com/7bun/ http://www.2018luzy.com/7bun/?GzuX=g35u4EyrkW3rEL1JEcpIEg1/sczhXn0QOEPPJxt5HYf46Nv5O0mcuIhE9EM9an3WCxnyXQE9&AnB=O2MxwrzxV http://www.scholarlyleadership.com/7bun/ http://www.enlightenmenttalk.com/7bun/ http://www.scholarlyleadership.com/7bun/?GzuX=hk4hT8PvzN7nHrw/p5MDcjpW73fNgGMfvTyI/m77+fOFqrLM/OlrUKGASMrwZBUx6zw+ZdSx&AnB=O2MxwrzxV http://www.bk-707.com/7bun/ http://www.enlightenmenttalk.com/7bun/?GzuX=e+jirH21b6Bs+4mj+0HfmShjT7e/46sxFP9zszjSk6qxzG6Gc5dc28nSJf5O5wgSAQmXXH7R&AnB=O2MxwrzxV http://www.thehaphazardhomeschool.com/7bun/?GzuX=XsE2DkapAHCJ4LAsoDXWOSELWcifcHP4gCVqiw16EiKnX6rAYptoaBMRcr+2q0gKis7ji90s&AnB=O2MxwrzxV http://www.sneakerssupermarket.com/7bun/ http://www.chameocarajf.com/7bun/ http://www.bk-707.com/7bun/?GzuX=U8dEOFQwatqmMeUIf8+xjfMEi+QHZ78yHCVkXGW0zuDP3xp5Sb4izGVZ6gnoCR9Zglx5uhU/&AnB=O2MxwrzxV http://www.chameocarajf.com/7bun/?GzuX=wvDqrLAPMF2RNpFbOT3QZsFyHSWghwlMvddKBC7GRap2w/vObToqQirxvXj+lV8cPNTq78JX&AnB=O2MxwrzxV http://www.modelsclinic.com/7bun/	15 Info www.enlightenmenttalk.com(34.98.99.30) www.chameocarajf.com(162.241.62.75) www.thehaphazardhomeschool.com(162.241.216.80) www.sneakerssupermarket.com(34.102.136.180) www.modelsclinic.com(34.102.136.180) www.ravelcophx.com() www.bk-707.com(104.21.70.228) www.2018luzy.com(45.39.16.117) www.scholarlyleadership.com(34.102.136.180) 45.39.16.117 162.241.216.80 162.241.62.75 34.102.136.180 - mailcious 172.67.140.42 34.98.99.30 - phishing		9.0		40	ZeroCERT

10083	2021-07-15 11:35	Receipt-9650354.xls 0d3e86171d4980d63304aa3a12c74c45 VBA_macro MSOffice File PE32 PE File Check memory buffers extracted Creates executable files unpack itself suspicious process Windows crashed	1 Keyword trend analysis	2		3.2			ZeroCERT

10084	2021-07-15 11:36	build2.exe 66bde9ddd0fb80ac7309176c23d03804 PWS Loki[b] Loki[m] AgentTesla RedLine Stealer Gen1 browser info stealer UPX ScreenShot AntiDebug AntiVM PE32 PE File OS Processor Check DLL JPEG Format Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder sandbox evasion WriteConsoleW anti-virtualization installed browsers check Windows Browser Email ComputerName DNS Software	9 Keyword trend analysis Info http://116.202.183.50/mozglue.dll http://116.202.183.50/nss3.dll http://116.202.183.50/vcruntime140.dll http://116.202.183.50/ http://116.202.183.50/softokn3.dll http://116.202.183.50/msvcp140.dll http://116.202.183.50/517 http://116.202.183.50/freebl3.dll https://sslamlssa1.tumblr.com/	3		17.6		22	ZeroCERT

10085	2021-07-15 11:37	svchost.exe 09fb8646753f7041cb0dc124b3c571cf PWS .NET framework RAT Generic Malware PE32 PE File .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself ComputerName				2.8		43	ZeroCERT

10086	2021-07-15 11:38	Toner-RecoverSetup.exe 01f89223a45a7b657998b8ee28bfa281 Emotet Generic Malware UPX PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Browser ComputerName DNS	7 Keyword trend analysis Info http://google.com/ http://www.google.com/ https://www.google.com/favicon.ico https://www.google.com/images/branding/googlelogo/1x/googlelogo_white_background_color_272x92dp.png https://ssl.gstatic.com/gb/images/i1_1967ca6a.png https://www.google.com/?gws_rd=ssl https://iplogger.org/2BD837	8		6.6		24	ZeroCERT

10087	2021-07-15 11:38	NMemo1Setp.exe f12aa4983f77ed85b3a618f7656807c2 Generic Malware PE32 PE File .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself	2 Keyword trend analysis			2.6	M	56	guest

10088	2021-07-15 11:39	vbc.exe 7f2b563b83d45e66744954b67fc2a179 Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed				10.6		23	ZeroCERT

10089	2021-07-15 11:40	smartx.exe bce6b0dd0454052f8952f5174c26cec0 RAT Generic Malware UPX AntiDebug AntiVM PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities AppData folder malicious URLs Windows Cryptographic key crashed	10 Keyword trend analysis Info http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://www.uyutny-svet.online/eqp3/ http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://www.grapaojanjao.com/eqp3/ http://www.uyutny-svet.online/eqp3/?5j=CblEKO/jDHV1Nnreuzchc3HA1n3gtrd3+z5w8OSuzqrO8fXW1FPAwPQOqH5frdTlUpEtne+w&EZ442V=IdnTot6xhnFH http://www.simplicitylawyers.com/eqp3/?5j=1JlRKKc1ryObS2zWGCQwmyDXo7172X9qd+uj8VkBQN2btU1eXDdLeMaQ7yjeIPrl/st+y4Ki&EZ442V=IdnTot6xhnFH http://www.easyrepairsauto.com/eqp3/?5j=41nwx5lqGKzWHGUJCEbmzMcyKtNa2An7naJr3NNPKeswF3W6GX4ZmdROpgQ+0CPydD3Pj/yn&EZ442V=IdnTot6xhnFH http://www.simplicitylawyers.com/eqp3/ http://www.easyrepairsauto.com/eqp3/ http://www.grapaojanjao.com/eqp3/?5j=vhPMJ3ABFjMy54CV7tnGHjN8rnNhE2JoEzYPOiwetEI4estIKvVLL5Og+cRbULzo6BPqJ8aM&EZ442V=IdnTot6xhnFH	10 Info www.ccminghang.com() www.grapaojanjao.com(122.155.167.48) www.10system.club() www.easyrepairsauto.com(182.50.132.242) www.simplicitylawyers.com(34.102.136.180) www.uyutny-svet.online(209.99.40.222) 209.99.40.222 - mailcious 122.155.167.48 182.50.132.242 - mailcious 34.102.136.180 - mailcious		11.4		27	ZeroCERT

10090	2021-07-15 11:50	wininit.exe e2ff5a2d8427e0c6132177f27052bbdb PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows Cryptographic key				5.6		41	ZeroCERT

10091	2021-07-15 11:50	file6.exe 00ff8d20b68ba14dfa8579b8132547f1 RAT BitCoin Generic Malware AntiDebug AntiVM PE32 PE File .NET EXE VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key		3		9.2		39	ZeroCERT

10092	2021-07-15 11:51	file8.exe 91b80d727ddd4512e60ca369a4cc6034 PWS .NET framework RAT BitCoin Generic Malware AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications Check virtual network interfaces installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3		12.8		30	ZeroCERT

10093	2021-07-15 11:51	SecurityHealthSystray.exe 1cd60e5192988ae5841a861ef8c45a61 PWS .NET framework RAT Generic Malware UPX PE32 PE File .NET EXE VirusTotal Malware WriteConsoleW IP Check ComputerName	1 Keyword trend analysis	4		3.4		34	ZeroCERT

10094	2021-07-15 11:53	mazx.exe 27cbc615d2a1fef5e46ae9d91943812c RAT Generic Malware UPX Antivirus SMTP KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Disables Windows Security powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed keylogger	4 Keyword trend analysis Info https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-614C0E3B50F117FBCE10F2095FA19897.html - rule_id: 2706 https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-614C0E3B50F117FBCE10F2095FA19897.html https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-A32F45A97F0071468825E8B67D10D74B.html - rule_id: 2706 https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-A32F45A97F0071468825E8B67D10D74B.html	2	2	14.8		43	ZeroCERT

10095	2021-07-15 11:55	kaguya.exe 309b8d030730272ff323308ced7aa981 Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket ScreenShot AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications sandbox evasion anti-virtualization IP Check installed browsers check Ransomware Windows Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	3		14.2		20	ZeroCERT