Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10516	2021-07-26 08:00	executivereport-7b3bc7d505fcb3... f39569d04451239d15a98935d988cabd Anti_VM crashed					0.2			guest

10517	2021-07-26 09:15	executivereport-7b3bc7d505fcb3... f39569d04451239d15a98935d988cabd Anti_VM crashed					0.2			guest

10518	2021-07-26 09:29	1apEoaC4M5a.sys e2c146a2522e4f40e5036c3fe12c3560 PE64 PE File VirusTotal Malware PDB					1.2	M	7	ZeroCERT

10519	2021-07-26 09:30	file3.exe 5c7a96e9e751658f051daa79ac1e4cf0 UPX Malicious Library Malicious Packer AntiDebug AntiVM PE32 OS Processor Check PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces WriteConsoleW installed browsers check Tofsee Windows Browser ComputerName Cryptographic key Software crashed	2 Keyword trend analysis	4	2		15.8	M	14	ZeroCERT

10520	2021-07-26 09:30	lv.exe 421e541774fdd6972119a0840bc3d3f7 Gen1 Gen2 Malicious Library UPX Malicious Packer PE32 PE File DLL Check memory Creates executable files unpack itself AppData folder					1.6	M		ZeroCERT

10521	2021-07-26 09:30	lv.exe 37ef42e0b21d765a7a2fa3e29a934d4b NPKI Gen1 Emotet Gen2 Malicious Library UPX Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiD AutoRuns Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows crashed		1			6.2	M		ZeroCERT

10522	2021-07-26 09:46	joker.exe f65f9ed8e0cd88e49e8de10021b9f5b8 PWS Loki[b] Loki[m] AgentTesla Gen1 browser info stealer Generic Malware UPX Malicious Library Malicious Packer ScreenShot AntiDebug AntiVM PE32 .NET EXE PE File OS Processor Check DLL JPEG Format Browser Info Stealer Malware download FTP Client Info Stealer Vidar Arkei VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee ArkeiStealer OskiStealer Stealer Windows Browser Email ComputerName DNS Cryptographic key Software Password	9 Keyword trend analysis Info http://116.202.183.50/mozglue.dll http://116.202.183.50/nss3.dll http://116.202.183.50/vcruntime140.dll http://116.202.183.50/ - rule_id: 2743 http://116.202.183.50/softokn3.dll http://116.202.183.50/313 http://116.202.183.50/msvcp140.dll http://116.202.183.50/freebl3.dll https://shpak125.tumblr.com/ - rule_id: 3362	3	6 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Vidar/Arkei Stealer Client Data Upload ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)	2	17.2	M	21	ZeroCERT

10523	2021-07-26 09:46	file.exe f93df5b9d273ec9921943e36de014dfc UPX Malicious Library PE32 OS Processor Check PE File VirusTotal Malware PDB unpack itself crashed					2.0	M	21	ZeroCERT

10524	2021-07-26 09:47	Brokenness.exe 3a7064171240612531da8817ee31334a RAT BitCoin Generic Malware AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	2		11.6	M	36	ZeroCERT

10525	2021-07-26 09:49	rollerkind2.exe f672401c324a5c5e2ab2586c76bdaa4c UPX Malicious Library PE32 OS Processor Check PE File PDB unpack itself Windows crashed					1.8	M		ZeroCERT

10526	2021-07-26 09:50	executivereport-7b3bc7d505fcb3... f39569d04451239d15a98935d988cabd Anti_VM crashed					0.2			guest

10527	2021-07-26 09:51	lipster.exe 97e8e525e2fc27c2634da7d235f5ff5c UPX Malicious Library PE32 OS Processor Check PE File VirusTotal Malware PDB unpack itself Windows crashed					2.6	M	24	ZeroCERT

10528	2021-07-26 09:53	apines.exe 2828e87a24cde9ffa4d318a0a98fab8b UPX Malicious Library PE32 OS Processor Check PE File VirusTotal Malware PDB unpack itself Windows crashed					2.6	M	24	ZeroCERT

10529	2021-07-26 10:06	executivereport-7b3bc7d505fcb3... f39569d04451239d15a98935d988cabd Anti_VM AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		3.8			ZeroCERT

10530	2021-07-26 11:11	2021-07-05-231438.pcap 71e3769d108ce4ec6a50f87d9fa5a35d AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName					3.8			Chad