Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
10501	2021-07-25 12:21	hunt.exe 3cdcff9ecdf0ef7399b4326654371b2d UPX Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE32 PE File Emotet VirusTotal Malware AutoRuns Code Injection buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName	1 Keyword trend analysis	2	1	9.4	M	23	ZeroCERT

10502	2021-07-25 12:25	Putty.exe 959be976070ea4820a2e24dcce3d0bdf AgentTesla email stealer browser info stealer Google Chrome User Data Malicious Library DNS Socket KeyLogger ScreenShot AntiDebug AntiVM PE32 PE File DLL VirusTotal Malware Code Injection Check memory buffers extracted Creates executable files AppData folder DNS DDNS		3	1	8.0	M	46	ZeroCERT

10503	2021-07-25 12:26	flashplayer_install_cn.exe 6a465efc602afc2636643c2462cc52f1 Generic Malware UPX Malicious Library Malicious Packer PE32 OS Processor Check PE File PNG Format PE64 VirusTotal Malware PDB Check memory buffers extracted Creates executable files RWX flags setting unpack itself Check virtual network interfaces AntiVM_Disk VM Disk Size Check Tofsee Advertising Remote Code Execution crashed	10 Keyword trend analysis Info http://stats.adobe.com/b/ss/adbacdcprod/1/H.25.4/s77893613173541?AQB=1&ndh=1&t=25%2F6%2F2021%2019%3A5%3A14%200%20-540&ce=UTF-8&ns=adobecorp&pageName=acdc_fp_adm_launched&g=res%3A%2F%2FC%3A%5Cwindows%5Ctemp%5Cflashplayerpp_ax_install_cn_fc.exe%2F319&ch=acdc_flashplayer&events=event96&products=%3Bflashplayer_adm&c1=adm&c2=acdc%20downloads&c3=get.adobe.com&c4=en_us&c5=en_us%3Aacdc_fp_adm_launched&v18=new&v22=sunday%20-%204%3A00am&v73=acdc_flashplayer&s=1024x768&c=32&j=1.5&v=Y&k=N&bw=622&bh=402&ct=lan&hp=N&AQE=1 http://stats.adobe.com/b/ss/adbacdcprod/1/H.25.4/s77893613173541?AQB=1&pccr=true&vidn=307E6C49458B16F4-400000FAC35D2C87&ndh=1&t=25%2F6%2F2021%2019%3A5%3A14%200%20-540&ce=UTF-8&ns=adobecorp&pageName=acdc_fp_adm_launched&g=res%3A%2F%2FC%3A%5Cwindows%5Ctemp%5Cflashplayerpp_ax_install_cn_fc.exe%2F319&ch=acdc_flashplayer&events=event96&products=%3Bflashplayer_adm&c1=adm&c2=acdc%20downloads&c3=get.adobe.com&c4=en_us&c5=en_us%3Aacdc_fp_adm_launched&v18=new&v22=sunday%20-%204%3A00am&v73=acdc_flashplayer&s=1024x768&c=32&j=1.5&v=Y&k=N&bw=622&bh=402&ct=lan&hp=N&AQE=1 https://www.flash.cn/cdm/en/flashcenter.xml https://www.flash.cn/cdm/en/flashplayerpp.xml https://api.flash.cn/cdm/ueip https://www.flash.cn/cdm/en/application.xml https://api.flash.cn/cdm/getoffer-fc?guid=0 https://www.flash.cn/cdm/en/flashplayerax.xml https://fusionpings.adobe.com/dlm/dlm.gif?adm_name=Adobe%20Flash%20Player&adm_vers=3.0.0.616s¤tFilename=flashplayerpp_ax_install_cn_fc.exe&os=win&os_loc=en_US&os_ver=6.1.1&runbyfc=0&site=live&startWorkflow=21&type=install https://www.flash.cn/cdm/en/helperservice_rc.xml	7	1	7.8	M	40	ZeroCERT

10504	2021-07-25 12:27	downloaddocument.do 9088550e62f4edbb1e74d0449b83bd63 Malicious Packer UPX Malicious Library PE32 OS Processor Check DLL PE File Dridex TrickBot VirusTotal Malware Report suspicious privilege Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself Check virtual network interfaces suspicious process Kovter ComputerName Remote Code Execution DNS crashed	1 Keyword trend analysis	4	4	7.8	M	21	ZeroCERT

10505	2021-07-25 16:23	DeviceMonitor-2021-07-18-01365... 3b154f98063fd07fa91939520cbf4223 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName				3.8			guest

10506	2021-07-25 17:17	metadata.keychain-db 15c094d6bf560ad49b29b5efdb176e02 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName				3.8			Chad

10507	2021-07-25 18:15	com.apple.StreamingUnzipServic... 00d5691cf8e34598bd7b44c2d92f3f9d AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName				3.8			Chad

10508	2021-07-25 18:27	com.apple.WebKit.WebContent.wa... 9ba340b37de517d3ca01bb654134cfde AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName				3.8			Chad

10509	2021-07-25 21:04	Retro.exe 17f8791818740ff140f0b07932998987 NPKI Generic Malware PE64 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself				1.6		18	guest

10510	2021-07-26 06:23	HCSH6722.AAE aeddcc1f3e6218c18367b9da22366176 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName				3.8			guest

10511	2021-07-26 07:02	IMG_9144.jpeg fcb764a4eed7a01eb250632472bcc04f JPEG Format							Chad

10512	2021-07-26 07:03	NetToolbox-2021-07-12-013723.i... 41aab62e9e09ede1b0b84ea134597a8e AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName				3.8			Chad

10513	2021-07-26 07:05	play.js.wakeups_resource-2021-... aadd4493653c7fd747dba3d0a9ffb7ca AntiDebug AntiVM Email Client Info Stealer suspicious privilege Check memory Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName	2 Keyword trend analysis	2		4.0			Chad

10514	2021-07-26 07:05	searchd-2021-07-19-104555.ips 6cebf8dcf4b5fa9f41913cd6e518d113 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Check memory Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName	2 Keyword trend analysis	2		4.0			Chad

10515	2021-07-26 07:06	Contacts ae759aa1cf283ceb38672c2501b7cbff AntiDebug AntiVM Email Client Info Stealer Code Injection Check memory Checks debugger unpack itself Browser Email				3.0			Chad