Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10561	2021-07-27 18:00	whesilox.exe ede697a91e18c73baf01ca677aa33917 RAT Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Windows ComputerName DNS Cryptographic key DDNS	1 Keyword trend analysis	2	2		10.0	M	19	ZeroCERT

10562	2021-07-27 18:01	downloaddocument.do 8dd7c961c9cdbd69e9a5d86d7809fc50 Emotet Malicious Packer UPX Malicious Library PE32 OS Processor Check DLL PE File Dridex TrickBot VirusTotal Malware Report PDB suspicious privilege MachineGuid Malicious Traffic Checks debugger buffers extracted ICMP traffic RWX flags setting unpack itself Check virtual network interfaces suspicious process Kovter ComputerName DNS crashed	4 Keyword trend analysis Info https://138.34.28.219/cookiechecker?uri=/rob112/TEST22-PC_W617601.BBA6BBFC307B02B331A6BB3F9DB5CC1F/5/file/ - rule_id: 2675 https://138.34.28.219/login.cgi?uri=/index.html - rule_id: 2674 https://60.51.47.65/rob112/TEST22-PC_W617601.BBA6BBFC307B02B331A6BB3F9DB5CC1F/5/file/ https://138.34.28.219/index.html - rule_id: 2677	14 Info 185.56.76.28 - mailcious 38.110.103.18 - mailcious 38.110.100.142 - mailcious 204.138.26.60 - mailcious 68.69.26.182 - mailcious 217.115.240.248 - mailcious 38.110.103.124 - mailcious 38.110.103.136 - mailcious 60.51.47.65 - mailcious 97.83.40.67 - mailcious 38.110.100.104 - mailcious 185.56.76.94 - mailcious 138.34.28.219 - mailcious 24.162.214.166 - mailcious	5	3	9.6	M	13	ZeroCERT

10563	2021-07-27 18:02	MSIuaQz91rPyszO.exe be35f0ce65b229e225d6c65b48704a2a PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) PE32 .NET EXE PE File VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	23	ZeroCERT

10564	2021-07-27 18:02	ma.exe 36efb3390df7e6ecc5289f72cdf59d82 UPX Malicious Library PE32 OS Processor Check PE File PE64 DLL VirusTotal Malware AutoRuns suspicious privilege WMI Creates executable files Windows utilities WriteConsoleW Windows ComputerName Remote Code Execution		2			5.4	M	60	ZeroCERT

10565	2021-07-27 18:04	Invoice_3326809.xlsm 86c63e5a375f54c79cfa007828400a5d Dridex VBA_macro Generic Malware Malicious Library PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows		2	1		3.8	M	19	ZeroCERT

10566	2021-07-27 18:05	vbc.exe 4d9f21a8719054ede23ff9a28900c56d Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key	4 Keyword trend analysis Info http://www.thobeya.com/p1nr/?Ezu=paOrJiqdhggGbgCyC06/uSngCO14/KrleymFdLJqnVZImz5h6h50/Oa4nfx0i+NQsT7AsnY+&q48=Gbt4axj8p http://www.verogustopromise.com/p1nr/?Ezu=7JXCB8na1Fe02e3JKmTYWfcqjD2gSn26h4jWqLkZ1za0EaaNhXB08XCk6j/Ud9tLAiKUkKsg&q48=Gbt4axj8p http://www.omairmaryam.com/p1nr/?Ezu=IXLoWTYa0i8eeaqh9bIbqgec+k0wROqM3Un4DSIZKmT9QhQjPHtCJ9Ndxhca04s3uzXMmJbg&q48=Gbt4axj8p http://www.valkconstruction.com/p1nr/?Ezu=8HEGUiNVk0P9GMdG7dRCWlLM4qA2uBc2lIgIvMG2dToNREUXv6C5nmr0SQXPy4Z7ZuDvaebt&q48=Gbt4axj8p	12 Info www.urodiran.com(104.221.198.153) www.valkconstruction.com(182.50.132.242) www.tauding.com() www.thobeya.com(52.58.78.16) www.verogustopromise.com(94.136.40.51) www.omairmaryam.com(34.98.99.30) 94.136.40.51 - mailcious 52.58.78.16 - mailcious 104.221.198.153 182.50.132.242 - mailcious 216.83.33.79 34.98.99.30 - phishing	1		9.8		26	ZeroCERT

10567	2021-07-27 18:08	18072021-0076548863.PDF.exe 93f1feffe4a797163f55f1caca45182a RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows ComputerName DNS crashed	1 Keyword trend analysis	3	1		11.2	M	47	ZeroCERT

10568	2021-07-27 18:09	R2607210998764553.exe 08d679d4b9a12137756cc9244bd6f017 PWS .NET framework RAT BitCoin email stealer Generic Malware ScreenShot Steal credential DNS SMTP KeyLogger Code injection AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer Malware download Hawkeye VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs AntiVM_Disk IP Check VM Disk Size Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key crashed keylogger	2 Keyword trend analysis	7	3		15.4	M	20	ZeroCERT

10569	2021-07-27 18:09	gan105 f4217eea477c2bcef9f68465077b08df Generic Malware AntiDebug AntiVM ELF VirusTotal Email Client Info Stealer Malware Code Injection Check memory Checks debugger unpack itself Browser Email					4.0	M	31	ZeroCERT

10570	2021-07-27 18:09	plain.txt 52316fda37685484f30a9e9ab4aa7dae RAT Generic Malware Admin Tool (Sysinternals etc ...) Antivirus SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					11.4	M	22	ZeroCERT

10571	2021-07-27 18:11	gan 7f0c9c24f2bd4145e923fe65bcdfd49c Malicious Library AntiDebug AntiVM ELF VirusTotal Email Client Info Stealer Malware Code Injection Check memory Checks debugger unpack itself Browser Email					4.0	M	36	ZeroCERT

10572	2021-07-27 23:20	FACTURAE001-177720559106349.XM... d40311aee9895ff35f34bd982ccb9b13 AntiDebug AntiVM MSOffice File Code Injection buffers extracted exploit crash unpack itself Windows utilities AntiVM_Disk VM Disk Size Check Windows Exploit DNS crashed					4.2			guest

10573	2021-07-28 07:16	C-Users-Unicorn-AppData-Local-... ecdfb045323e5f31f04689de4223586b VirusTotal Malware					0.4		4	guest

10574	2021-07-28 07:17	MediaID.bin f135decd88dd722812b65c069bc2f124 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName					3.8			guest

10575	2021-07-28 09:32	file.exe 5f0f316459cf8e92f8705124acdbe3e4 UPX Malicious Library PE32 OS Processor Check PE File VirusTotal Malware PDB unpack itself Windows crashed					3.2		30	ZeroCERT