Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10471	2021-07-25 06:20	6878EEB8-6E47-4CFF-A661-D3A084... 8644dd1b3f0413bff58a5ca9c82dcaa3 JPEG Format								guest

10472	2021-07-25 06:20	75385C5D-D364-4AB9-A547-3DF230... 037790a751e847d7204b1d5a2c9362c4 JPEG Format								guest

10473	2021-07-25 06:48	syswranalyzerbus.exe 185f574f19354dd11d9bc31a3e82d235 Gen2 Gen1 Antivirus Malicious Packer Anti_VM UPX Malicious Library PE32 OS Processor Check PE File PDB Remote Code Execution					0.4			guest

10474	2021-07-25 10:58	racoon.exe 5298f418a85202c901e00aea7f638fcb UPX Malicious Library PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution					2.4		29	ZeroCERT

10475	2021-07-25 10:59	file8.exe 3242f74bc2e2936de899a749ecff59cf RAT BitCoin Generic Malware AntiDebug AntiVM PE32 OS Processor Check .NET EXE PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName Cryptographic key Software crashed	2 Keyword trend analysis	4	2		11.4		34	ZeroCERT

10476	2021-07-25 11:01	power.exe 30fe76adb25122264b9a6898ede5b699 UPX Malicious Library PE32 PE File DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check					2.8		2	ZeroCERT

10477	2021-07-25 11:02	pl_installer.exe e003da977b301d2cbfe38e2198db861b UPX Malicious Library PE32 OS Processor Check PE File PDB unpack itself Windows Remote Code Execution crashed					2.0			ZeroCERT

10478	2021-07-25 11:03	1643.exe 558d83545b3096f901e84dd00bccd9e8 njRAT backdoor Generic Malware PE32 .NET EXE PE File VirusTotal Malware WriteConsoleW DNS DDNS		2			3.4	M	56	ZeroCERT

10479	2021-07-25 11:03	lv.exe 31e2c3b009290449dc1fe9760c14e85b Gen1 Gen2 Malicious Library UPX Malicious Packer PE32 PE File DLL OS Processor Check VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows		1			10.0	M	39	ZeroCERT

10480	2021-07-25 11:05	svchost.exe 286405b123e170e0dfc134aaf3dda024 UPX Malicious Library PE32 PE File PDB unpack itself Remote Code Execution					1.6	M		ZeroCERT

10481	2021-07-25 11:07	file2.exe 59901a6b5da704db1ff0fb56eba9e5bb PWS Loki[b] Loki[m] AgentTesla Gen1 browser info stealer Generic Malware UPX Malicious Library Malicious Packer ScreenShot AntiDebug AntiVM PE32 .NET EXE PE File OS Processor Check DLL JPEG Format Browser Info Stealer Malware download FTP Client Info Stealer Vidar Arkei VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee ArkeiStealer OskiStealer Stealer Windows Browser Email ComputerName DNS Cryptographic key Software Password	9 Keyword trend analysis Info http://116.202.183.50/mozglue.dll http://116.202.183.50/903 http://116.202.183.50/nss3.dll http://116.202.183.50/vcruntime140.dll http://116.202.183.50/ - rule_id: 2743 http://116.202.183.50/softokn3.dll http://116.202.183.50/msvcp140.dll http://116.202.183.50/freebl3.dll https://shpak125.tumblr.com/	3	6 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Vidar/Arkei Stealer Client Data Upload ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)	1	16.8	M	21	ZeroCERT

10482	2021-07-25 11:07	ds1.exe 6c7a7783f237444e731af01f21313cbe PWS .NET framework Generic Malware Malicious Packer AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself					8.2	M	36	ZeroCERT

10483	2021-07-25 11:08	file3.exe e307bef30d37b965e01405176a9e30fe RAT BitCoin Generic Malware AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName Cryptographic key Software crashed	2 Keyword trend analysis	4	2		11.4	M	35	ZeroCERT

10484	2021-07-25 11:10	file.exe c3c559e832052bbf33f52f6f8b0ff086 UPX Malicious Library PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution					2.6	M	36	ZeroCERT

10485	2021-07-25 11:10	ds2.exe aa386d873303ffca570a1b599f98102d PWS .NET framework Generic Malware Malicious Packer Antivirus AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Disables Windows Security powershell.exe wrote suspicious process Windows ComputerName Cryptographic key					10.6	M	38	ZeroCERT