Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10366	2021-07-22 11:14	4.exe 8d4f45dd9a5b28f07fd1e3b1067de4b0 PWS .NET framework Generic Malware Malicious Packer UPX AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows DNS		1			9.0	M	19	ZeroCERT

10367	2021-07-22 11:16	Invoice_22334840.xls b44b877cd497d2e932b11d3bbdb0b425 Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows	1 Keyword trend analysis	2	1		3.0	M	18	ZeroCERT

10368	2021-07-22 11:17	Invoice_27943880.xls b24e46b73441f06294548c8dcfea1b9a Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows DNS		3	1		4.2	M	17	ZeroCERT

10369	2021-07-22 11:18	h8f6.png 65638d179046f7caec06dc03e508b040 Dridex PE32 DLL PE File VirusTotal Malware					1.2	M	26	ZeroCERT

10370	2021-07-22 11:19	.wininit.exe 6c15b3de8c54e5e3339a446af50fc48a PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	12 Keyword trend analysis Info http://www.qlitepower.com/u6bi/?Qzr=1k4Zbtr5qJsM5vb+nCc1RtqLNSlEV56rdwHsyrYsdWuxAHujsE+/kqYHwWFZMjg//PxuK5F/&MJBx=FdCtDF7XaZvxp8w0 http://www.hoteldeleauvive.com/u6bi/?Qzr=Nyc2YhozQKXVlLlciX6kLgdl8bU+GCN9h1lDz3eb9lIErelo3CPDQuRTyPJW5nuLHOoSx63O&MJBx=FdCtDF7XaZvxp8w0 http://www.xn--ikkonentra-3ib.com/u6bi/ http://www.qlitepower.com/u6bi/ http://www.xn--ikkonentra-3ib.com/u6bi/?Qzr=Alb+31RER827oJKoAZKtUC9xLgeRVXG2/R2lPNHxrVsvQtPyk+XkiQN5cD2ULkeVDBFpF8xG&MJBx=FdCtDF7XaZvxp8w0 http://www.metal1sa.com/u6bi/?Qzr=pwS+IOf2u60nfctfqEFv+iNeCGM+l9BfCMtvUdwL9Vl671ZMadWIrQKirylOtDOqThJQIFy0&MJBx=FdCtDF7XaZvxp8w0 http://www.hoteldeleauvive.com/u6bi/ http://www.mengyaheng.com/u6bi/?Qzr=0xmfmt3sRYbRTTwLNNT9pAsQsaQjFpYmJYNce8vZzSwwLJY04f0sfVw2rmpH+c5OwJtf8Ejk&MJBx=FdCtDF7XaZvxp8w0 http://www.metal1sa.com/u6bi/ http://www.semmedodigital.com/u6bi/ http://www.mengyaheng.com/u6bi/ http://www.semmedodigital.com/u6bi/?Qzr=+lGwzqC1WP7o9kCJnS3226ITQ/a7dx3yrGIoMrvEoA3kol03AZo96bUrtB6X6HqR0nBL3NXL&MJBx=FdCtDF7XaZvxp8w0	12 Info www.mengyaheng.com(13.59.53.244) www.metal1sa.com(156.226.119.180) www.semmedodigital.com(108.179.252.34) www.hoteldeleauvive.com(212.32.237.92) www.qlitepower.com(198.38.88.88) www.xn--ikkonentra-3ib.com(34.102.136.180) 108.179.252.34 18.119.87.32 34.102.136.180 - mailcious 23.82.12.29 - suspicious 198.38.88.88 - mailcious 156.226.119.180	1		9.6	M	20	ZeroCERT

10371	2021-07-22 11:21	1TonerRecoverSetup.exe b00c3cae96c60f581ccdf896dabb6bb9 Emotet Generic Malware UPX PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Tofsee Browser ComputerName DNS	7 Keyword trend analysis	8	2		6.6	M	27	ZeroCERT

10372	2021-07-22 13:11	MfbNKrx.png aae1e725e2dbfd91213be22e857f9d02 Dridex PE32 DLL PE File VirusTotal Malware					1.2	M	20	ZeroCERT

10373	2021-07-22 13:14	MfbNKrx.png aae1e725e2dbfd91213be22e857f9d02 Dridex PE32 DLL PE File VirusTotal Malware					1.2	M	20	ZeroCERT

10374	2021-07-22 13:15	MfbNKrx.png aae1e725e2dbfd91213be22e857f9d02 Dridex PE32 DLL PE File VirusTotal Malware					1.2	M	20	ZeroCERT

10375	2021-07-22 13:18	MfbNKrx.png aae1e725e2dbfd91213be22e857f9d02 Dridex PE32 DLL PE File VirusTotal Malware					1.2	M	20	ZeroCERT

10376	2021-07-22 13:18	MfbNKrx.png aae1e725e2dbfd91213be22e857f9d02 Dridex PE32 DLL PE File VirusTotal Malware					1.2	M	20	ZeroCERT

10377	2021-07-22 13:57	12.bin f07a2b61edd48c6d6c310cf9b7e4882e Gen2 Gen1 VMProtect UPX Malicious Packer PE32 PE File DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Malware IoC Cryptocurrency wallets Cryptocurrency Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check installed browsers check Ransomware Zeus Windows Browser Advertising ComputerName DNS Software	5 Keyword trend analysis Info http://134.209.203.126/hornycock/gate.php?type=settings http://134.209.203.126/hornycock/gate.php?type=loader&tag=traffer1 http://134.209.203.126/hornycock/gate.php?type=ip http://134.209.203.126/hornycock/gate.php?type=report&tag=traffer1&uid=39B06D4D868D1303186797&passwords=0&cookies=2&autofill=0&cc=0&wallets=0&steam=0&battlenet=0&telegram=1&discord=0&jabber=0&vpn=0&ftp=1 http://134.209.203.126/hornycock/system/assets/bundle.bin	1	7 Info ET MALWARE Generic .bin download from Dotted Quad ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Generic gate[.].php GET with minimal headers ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad ET HUNTING Suspicious GET To gate.php with no Referer SURICATA HTTP unable to match response to request		11.8			ZeroCERT

10378	2021-07-22 13:58	sefile.exe 61aebacc57db53ca2f2a2861fb34744d UPX PE32 PE File PDB unpack itself					1.4	M		ZeroCERT

10379	2021-07-22 14:00	lovemetertok.exe ea252a83f501a1fd293d4a649cce274a Emotet Gen1 UPX PE32 OS Processor Check DLL PE File Dridex TrickBot VirusTotal Malware Report suspicious privilege MachineGuid Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself Check virtual network interfaces suspicious process Kovter ComputerName Remote Code Execution DNS crashed	4 Keyword trend analysis Info https://138.34.28.219/login.cgi?uri=/index.html - rule_id: 2674 https://38.110.100.142/index.html https://38.110.100.142/cookiechecker?uri=/rob109/TEST22-PC_W617601.033D15E7FF3E0057948BB374FD3A56B7/5/file/ https://184.74.99.214/rob109/TEST22-PC_W617601.033D15E7FF3E0057948BB374FD3A56B7/5/file/	12	4	1	8.6	M	29	ZeroCERT

10380	2021-07-22 14:02	【至急】東京オリンピック開催に伴うサイバー攻撃等発生に関する... 8edf0aa789d976df0c80fd8d62734ded PE32 PE File VirusTotal Malware					2.4		39	ZeroCERT