Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
10591	2021-07-28 13:40	k.exe b16a969889a73f13d88f215ad5ce6931 NPKI PE32 .NET EXE PE File VirusTotal Malware AutoRuns suspicious privilege Checks debugger WMI Creates executable files unpack itself Windows utilities AppData folder WriteConsoleW Windows ComputerName DNS DDNS crashed		2	1	7.2		56	guest

10592	2021-07-28 13:50	http://136.144.41.61/KLcaCYuAi... 77e9f5464c103f8fedf6ae500d87dd32 PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persi VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed		1	5	6.2	M	38	guest

10593	2021-07-28 13:51	IAF Attack Jammu.exe 2277d429c84ae278bb725fbc849f7c27 AgentTesla RAT PWS .NET framework BitCoin browser info stealer Generic Malware Google Chrome User Data Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal Browser Info Stealer VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Check virtual network interfaces suspicious process AppData folder malicious URLs installed browsers check Exploit Browser ComputerName DNS DDNS crashed		3		12.2		48	guest

10594	2021-07-28 14:07	docs.js a8e17b6252ed7e3c9bda4f55b2e3cac9 Antivirus AntiDebug AntiVM VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key crashed	2 Keyword trend analysis	4	1	10.0	M	9	ZeroCERT

10595	2021-07-28 14:07	copp.exe 374fb48a959a96ce92ae0e4346763293 PWS Loki[b] Loki[m] UPX Malicious Library PE32 OS Processor Check PE File FTP Client Info Stealer Check memory Checks debugger unpack itself Remote Code Execution Software				2.2	M		ZeroCERT

10596	2021-07-28 14:09	dc.exe 40db59bd5a65d0a1a7ac4a7b690fc9d1 RAT Generic Malware Admin Tool (Sysinternals etc ...) PE32 .NET EXE PE File VirusTotal Malware Check memory Checks debugger unpack itself crashed				2.0		37	ZeroCERT

10597	2021-07-28 14:12	Ojrm6tl3lCvJ02P.exe 80e4387f16af71a0e195b660788e7a46 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed				10.8		44	ZeroCERT

10598	2021-07-28 14:12	r3hafChxovu4ARo.exe 396888c51c6b9c0aec5f502ec8250cd5 RAT Generic Malware Admin Tool (Sysinternals etc ...) PE32 .NET EXE PE File VirusTotal Malware Check memory Checks debugger unpack itself crashed				3.0		30	ZeroCERT

10599	2021-07-28 14:14	zbUTdyIBv5lJJOV.exe ab7498e469e952458aa7cc2540dedcce Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed				11.4			ZeroCERT

10600	2021-07-28 14:27	Invoice_020634.xlsm 86a156d545f23e81be35433443bb6da2 VBA_macro VirusTotal Malware Check memory ICMP traffic RWX flags setting unpack itself suspicious process crashed	12 Keyword trend analysis Info http://fastfreeupdates.com:8088/wp-theme/avatar_zFBP.png http://immidiateupdates.com:8088/style/button_EMsf4.png https://cdn.discordapp.com/attachments/869191622208925709/869206507080790056/20.dll http://fastfreeupdates.com:8088/wp-theme/button_8kiZBe.png http://immidiateupdatesolutions.one:8088/templates/empty_1pDtms.png http://emergentonlinesolutions.com:8088/tpls/logo_KpPo.png http://alwaysupdatedsoft.com:8088/css/empty_7TbF7X.png http://immidiateupdatesolutions.one:8088/js/avatar_lAqY1.png https://cdn.discordapp.com/attachments/869191622208925709/869206774106968114/1.dll http://immidiateupdates.com:8088/javascript/avatar_sTQx.png http://immidiateupdatesolutions.com:8088/css/button_8kiZBe.png http://fastfreeupdates.com:8088/css/logo_FtCAQ.png	1		4.6		23	ZeroCERT

10601	2021-07-28 14:29	files.07.21.doc a8cc5c4882a5df5b63cb472c6b06290a AntiDebug AntiVM VirusTotal Malware Code Injection Check memory RWX flags setting unpack itself suspicious process Interception	1 Keyword trend analysis Info http://obeymanagement2016b.com/bdfh/67270/Jro4DRgVaC5inYI/Bt0KLfMB9kXwZBv6ZpTsny68TqAhIQjrAaLKJeTLQn/arASpMADNe9u19Kylnkoreo7zASjqM/eEx0/9b4h5e2fMcQgeIbFTRhkKeSzfU/nwSFB7eISkV/nady6?sid=x0pNuhYS&wcI68Y=5pVaV&vyOH=tDsbEuhGxtlV&cid=gPIFvGFQ277aG&time=N9pAcaWDfFl&user=euaqGed8iDibaWexTQo&search=AzLRbFAU1XErrU1Fitj&=BBaQu	2		6.0		13	ZeroCERT

10602	2021-07-28 15:58	KLcaCYuAidZMbBJ.exe 77e9f5464c103f8fedf6ae500d87dd32 PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) PE32 .NET EXE PE File VirusTotal Malware Check memory Checks debugger unpack itself crashed				2.4	M	38	guest

10603	2021-07-28 17:28	Adobe Reader.exe 467e17b8d44626b7456716680e3d043d AgentTesla email stealer browser info stealer Google Chrome User Data UPX Malicious Library DNS Socket KeyLogger ScreenShot AntiDebug AntiVM PE32 OS Processor Check PE File VirusTotal Malware AutoRuns PDB Code Injection Check memory buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows DNS		2		10.4		54	ZeroCERT

10604	2021-07-28 17:29	98Statm4842.js de4e752206211f967cbf00b08923196c Antivirus AntiDebug AntiVM VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis	2		10.0		3	ZeroCERT

10605	2021-07-29 09:41	Order List.gz.exe e0f6bbc12ebe2102cf3fcf74f9d690d9 email stealer Generic Malware Admin Tool (Sysinternals etc ...) Antivirus ScreenShot Steal credential DNS AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer Malware download Nanocore VirusTotal Email Client Info Stealer Malware c&c Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check human activity check Windows Browser Email ComputerName DNS Cryptographic key		1	1	15.6		26	ZeroCERT