Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	Zero	VT	Player
10126	2021-07-16 07:36	getkey 963a91ca9da30098c75ecd5ab275f76c UPX PE File OS Processor Check PE32 VirusTotal Malware				0.6		19	ZeroCERT

10127	2021-07-16 07:36	zxx.exe 9ea8f0cefae38838925df14a6f2a29d6 RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows crashed	2 Keyword trend analysis	5		10.4		21	ZeroCERT

10128	2021-07-16 07:39	nv.exe 43deb9e60877d57aba0d166976f9a735 PWS Loki[b] Loki[m] RAT Generic Malware DNS Socket HTTP KeyLogger Http API Internet API ScreenShot AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Windows ComputerName DNS crashed	1 Keyword trend analysis	3		13.0		30	ZeroCERT

10129	2021-07-16 07:40	ORDER.cab 04dec901031a77cd9475e98e8c2d0691							ZeroCERT

10130	2021-07-16 07:48	ms.doc a3d8678c5cb04fc86201d1a7a3964f9a RTF File doc VirusTotal Malware buffers extracted exploit crash unpack itself Exploit crashed	7 Keyword trend analysis Info http://www.satsokal.com/cojbhg.msi https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-A5004E8FE4642635F3A5F9729F016D6C.html - rule_id: 2706 https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-2CF94C6405A21F86FE26767B020F24F7.html - rule_id: 2706 https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-564C6866309DF88BE2B89EA3243190EF.html - rule_id: 2706 https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-3ABE7E3A265370893E4E511F0CDF44A2.html - rule_id: 2706 https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-3855D746CACAAC460046039CB72BF87C.html - rule_id: 2706 https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-98FD0424CD3EFD2E8F83A6BC0491BEF4.html - rule_id: 2706	6	6 Info https://bakercost.gq/liverpool-fc-news/features/ https://bakercost.gq/liverpool-fc-news/features/ https://bakercost.gq/liverpool-fc-news/features/ https://bakercost.gq/liverpool-fc-news/features/ https://bakercost.gq/liverpool-fc-news/features/ https://bakercost.gq/liverpool-fc-news/features/	4.0	M	36	ZeroCERT

10131	2021-07-16 09:23	XPL.exe 15bd68aab0b8afd26cdcce6e420b5b70 Generic Malware Malicious Packer DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS		2		14.2	M	37	ZeroCERT

10132	2021-07-16 09:25	oshjxcvjkdf.exe 5fb597b577573bcc63d5236b5bbb504e PWS .NET framework Gen1 Generic Malware Malicious Packer UPX AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check DLL JPEG Format Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files ICMP traffic unpack itself Windows utilities Collect installed applications suspicious process AppData folder WriteConsoleW anti-virtualization installed browsers check Windows Browser Email ComputerName	9 Keyword trend analysis Info http://erolbasa.ac.ug/softokn3.dll http://erolbasa.ac.ug/msvcp140.dll http://erolbasa.ac.ug/sqlite3.dll http://erolbasa.ac.ug/freebl3.dll http://erolbasa.ac.ug/mozglue.dll http://erolbasa.ac.ug/nss3.dll http://erolbasa.ac.ug/vcruntime140.dll http://erolbasa.ac.ug/ http://erolbasa.ac.ug/main.php	2		17.0	M	21	ZeroCERT

10133	2021-07-16 09:25	details.bin 3c21cccff5c8aabf1977f2dbdaeaafe7 PE File PE32 VirusTotal Malware PDB Windows crashed				3.2	M	48	guest

10134	2021-07-16 09:26	HBV.exe 1138148cde97466dd2a5ccb84b58097b Generic Malware Malicious Packer DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS		2		14.2	M	34	ZeroCERT

10135	2021-07-16 09:26	Invoice%20062002%20from%20Quic... 01db26749ca18d3d1cadcdb367ac18ca VBA_macro MSOffice File PE File PE32 VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows DNS crashed		3		4.6	M	20	ZeroCERT

10136	2021-07-16 09:28	lv.exe d7e6c4becb19606663c216b687e56b32 Gen1 Gen2 Malicious Library UPX PE File PE32 DLL OS Processor Check VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows		1		6.6	M	31	ZeroCERT

10137	2021-07-16 09:28	.wininit.exe 9c0704bd679f10208c96c3c3cb8ce6a0 Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows DNS Cryptographic key	6 Keyword trend analysis Info http://www.edimetics.com/u6bi/ - rule_id: 2480 http://www.dirham.world/u6bi/?8pgTVpp8=5UaZ6KJkX14tGTnPbwRbNbSk4fqM7e+s9jBDe7bIpvv1NTAZtK3u6M7E3rLX5i5V3b2rSZ4d&b6=uVBlCVR0RPFH http://www.midfirstprivagebank.com/u6bi/?8pgTVpp8=TeNjysb/SZ6LQErQfp7+ZIYIiBE8s7+FEBuAMJwPNEqhQBOWDqwk3LpXYWCmRYmyooAwenMZ&b6=uVBlCVR0RPFH http://www.dirham.world/u6bi/ http://www.midfirstprivagebank.com/u6bi/ http://www.edimetics.com/u6bi/?8pgTVpp8=d3hfJGKEWI63rOsJCiBc8ornFYDvC9/7RczIGnWXKID5Nhwh5w+67HtP0IEOiuekpHZtIKVc&b6=uVBlCVR0RPFH - rule_id: 2480	11 Info www.maxfitnesslakeoconee.com() www.dirham.world(103.139.0.9) www.rebeccacorreiadance.com() www.ukdooss.icu() www.edimetics.com(34.102.136.180) - mailcious www.aervius.com() www.midfirstprivagebank.com(212.32.237.90) 103.155.81.71 103.139.0.9 34.102.136.180 - mailcious 212.32.237.90 - mailcious	2	11.0	M	26	ZeroCERT

10138	2021-07-16 09:30	cl.exe fb2fac4f3eab460c3cc7096625cf57d5 UPX AntiDebug AntiVM PE File OS Processor Check PE32 VirusTotal Malware Buffer PE PDB Code Injection buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName				8.6	M	45	ZeroCERT

10139	2021-07-16 09:30	Invoice%2015464219%20from%20Qu... f21da7e3e7593be2c70759c67c95bb66 VBA_macro MSOffice File PE File PE32 VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows crashed	1 Keyword trend analysis	2		4.0	M	21	ZeroCERT

10140	2021-07-16 09:33	Ghazals.exe 5e7dedd9beebefb268e9dddae39e5f31 RAT BitCoin Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3		12.8	M	45	ZeroCERT