Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10636	2021-07-29 11:01	vbc.exe 332069bac78cd3787fb6c009645c46a9 PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	7 Keyword trend analysis Info http://www.justicemob.net/ons5/?Ntilqz=Fazqh4Z/X+wl1qG5NpIgbIBTOReEiqcmg5n4bdgPrA6Ovqa1h6KnHNLZFZMkpg9eSjvqaaLH&TT=FjRh3Tg http://www.dyengineservices.com/ons5/?Ntilqz=cfiWCKjgSuwX1M//xD1rq+WaKB3Y4Mx2ha/dZweHc2U1cfSDqbI7wYDS/YrNf8nOnXl5woBC&TT=FjRh3Tg http://www.celikhanimtermal.xyz/ons5/?Ntilqz=S5ONOr9G+wUqFBxmQYNBJtoPqy6NGnUPN06HWVeUK+I1CcFNDJuvqD6HmJF7hEtr6EKxaGfF&TT=FjRh3Tg http://www.duchik13.site/ons5/?Ntilqz=1s9+B3A8jOx3WBsrSzAUzR+X8WKSVfs35mAY9CcMSGEXPR3MR/pnPzL8osjWv6VQ4MNoDlOY&TT=FjRh3Tg http://www.florescarpeting.com/ons5/?Ntilqz=+6uBPrihYj4xnsj3DDOlMyKSawO6aGfZdLLbHVmerReA08LAqg0uWW5SfD2kednRsMrpsQzg&TT=FjRh3Tg http://www.travelinsurancedenied.com/ons5/?Ntilqz=uXZcN3BioN5uFSfzBhMzXBnRmmpDDsPAzLr1kWKEPE5mRzCpSqkGwTDGpZbMGsBH0oe7A63t&TT=FjRh3Tg http://www.holdthatplot.com/ons5/?Ntilqz=A05BDDuKLnr3rhyrB/X/6QZ3/sAxdLRKGvhcjGEzzR7LpKOTpRisK1BZ85XYOSPlosg0he6C&TT=FjRh3Tg	17 Info www.justicemob.net(34.98.99.30) www.kollelbudgte.com() www.duchik13.site(185.68.16.184) - mailcious www.pdqmaissabor.com() www.gupiao888.club() www.florescarpeting.com(156.252.68.141) www.travelinsurancedenied.com(54.236.162.93) www.dyengineservices.com(34.102.136.180) www.celikhanimtermal.xyz(85.159.66.93) www.holdthatplot.com(162.241.253.147) 85.159.66.93 - mailcious 54.236.162.93 - phishing 156.252.68.141 34.102.136.180 - mailcious 162.241.253.147 185.68.16.184 - mailcious 34.98.99.30 - phishing	2		8.0	M	19	ZeroCERT

10637	2021-07-29 11:01	09867654270721.PDF.exe fa0a3ed04eec65d6d3fb55aa7d2497c1 PWS .NET framework RAT email stealer BitCoin Generic Malware ScreenShot Steal credential DNS SMTP KeyLogger Code injection AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer Malware download Hawkeye VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs AntiVM_Disk IP Check VM Disk Size Check Tofsee Windows Browser Email ComputerName Cryptographic key crashed keylogger	2 Keyword trend analysis	6	3		14.8	M	23	ZeroCERT

10638	2021-07-29 11:02	pmo-1.exe b6af62dfb431da0decdd5b947e3d15a8 Generic Malware Admin Tool (Sysinternals etc ...) PE32 .NET EXE PE File VirusTotal Malware Check memory Checks debugger unpack itself crashed					2.4	M	34	ZeroCERT

10639	2021-07-29 11:02	avatar_xgaf8d.png 55de3b55003ab92e521d25b55335ced4 Generic Malware Malicious Library PE32 DLL PE File					0.4	M		ZeroCERT

10640	2021-07-29 11:03	lv.exe d2c0c03331999024a0b92a6c4a29ae5b Emotet Gen1 Gen2 Malicious Library UPX Malicious Packer PE32 PE File DLL OS Processor Check VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows DNS crashed		2			6.6	M	35	ZeroCERT

10641	2021-07-29 11:05	raccon.exe 1681a4e968d33855da9903a20114bd8b UPX Malicious Library PE32 OS Processor Check PE File VirusTotal Malware PDB unpack itself Windows crashed					2.6	M	26	ZeroCERT

10642	2021-07-29 11:05	Reds.exe 74b6287a45b3fe5949ffa87f2019f1b2 UPX Malicious Library PE32 OS Processor Check PE File VirusTotal Malware PDB unpack itself Windows crashed					2.8	M	30	ZeroCERT

10643	2021-07-29 11:06	icon_0wsjqu.png 0cb529d172928d5648ec43fb343079d7 Generic Malware Malicious Library PE32 DLL PE File VirusTotal Malware					1.2	M	22	ZeroCERT

10644	2021-07-29 11:06	.audiodg.exe 24a7e0a72257e28cf1c649e49e6cb5b9 PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) PE32 .NET EXE PE File VirusTotal Malware Check memory Checks debugger unpack itself DNS crashed		1			2.4	M	21	ZeroCERT

10645	2021-07-29 11:07	dwo-3.exe 0afe819fb6bd54d591e7b5b368920793 PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key	6 Keyword trend analysis Info http://www.mimortgageexpert.com/wufn/?rN=dH6MS4iXfwK5vVCsjjY0pJ1yp3fpUyK5ZhheQrTomEU+/cdclqzrfoafLlR5qbdrvg8w2+Rd&QZ3=ehut_83hO2wLHL - rule_id: 2911 http://www.fafene.com/wufn/?rN=q/nZ/0xlcjzfYRCf5lAcwW207Vt55gufSh16C11IQhOATpN5dzVRCn9ZCCtSRwIl23yr9iWQ&QZ3=ehut_83hO2wLHL http://www.laterlifelendingsupermarket.com/wufn/?rN=JK53FQapth9VDdSHXGajN0L5nsR3wCbJsKyzCV6oZDicv5erkPKtybHomSqu7DQ5sf8AoARo&QZ3=ehut_83hO2wLHL http://www.frystmor.city/wufn/?rN=eWg3OYora75B6Z+tLCzm5f6Ri2Qy6T4wPAbOFkNyDPrqSJvJlKf467sJrNVRbgaUTepkudSS&QZ3=ehut_83hO2wLHL - rule_id: 3223 http://www.davidwarburg.com/wufn/?rN=tD4sxa12E3+Zku2EAOTXH9WmxvXy/5OndruMuYH87TZhOL540TrO6em9AdqlqkUrcN6BH5CK&QZ3=ehut_83hO2wLHL http://www.setadragon.com/wufn/?rN=p6EPLUx6SmQWyT0aKUYWey1/moK0HCihbvuUxAKosV5aIj7OYHg92cDuRvb6vmm9eY3daRqd&QZ3=ehut_83hO2wLHL	16 Info www.davidwarburg.com(162.241.217.138) www.systemofyouth.com() www.mimortgageexpert.com(35.172.94.1) www.briative.com() www.kyg-cpa.com() www.collegevillepaareahomes.com() www.setadragon.com(209.99.40.222) www.laterlifelendingsupermarket.com(85.233.160.22) www.fafene.com(205.198.175.70) www.frystmor.city(198.54.117.212) 162.241.217.138 - mailcious 85.233.160.24 209.99.40.222 - mailcious 35.172.94.1 - phishing 198.54.117.210 - mailcious 205.198.175.70	1	2	8.0	M	13	ZeroCERT

10646	2021-07-29 11:09	chrome.exe 406171ecbe8c3d96852acef91ec2e6db PWS .NET framework Generic Malware Malicious Packer PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName					8.6	M	36	ZeroCERT

10647	2021-07-29 11:09	dwo-2.exe f5e06eac210ad2965522d958281c8c95 Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key crashed	6 Keyword trend analysis Info http://www.missk-hair.com/wufn/?DVoxs=QA5BBw7ly3XV7rdL6v5wAQQVSDS/++tcHMtweDJAOMn1tktoEPZ8Vzb9/TOWS61k0EB1U5q0&5j=UlSt - rule_id: 3225 http://www.mimortgageexpert.com/wufn/?DVoxs=dH6MS4iXfwK5vVCsjjY0pJ1yp3fpUyK5ZhheQrTomEU+/cdclqzrfoafLlR5qbdrvg8w2+Rd&5j=UlSt - rule_id: 2911 http://www.setadragon.com/wufn/?DVoxs=p6EPLUx6SmQWyT0aKUYWey1/moK0HCihbvuUxAKosV5aIj7OYHg92cDuRvb6vmm9eY3daRqd&5j=UlSt http://www.gaigoilaocai.com/wufn/?DVoxs=+cvcaH9t4IGOvfSH2s/pGQCzCoMlKLNX9S4pg+CdqO+ehvTRSw4m6C0WiIEOYf+cYXNRRXby&5j=UlSt - rule_id: 2912 http://www.frystmor.city/wufn/?DVoxs=eWg3OYora75B6Z+tLCzm5f6Ri2Qy6T4wPAbOFkNyDPrqSJvJlKf467sJrNVRbgaUTepkudSS&5j=UlSt - rule_id: 3223 http://www.joneshondaservice.com/wufn/?DVoxs=cHwUMaOvOUl4mR2wsbRfLYaultZ7TSeYo2Z/vCzCk8dNTOF36Jse9g+x5El8dvRa2DMYrrKS&5j=UlSt	17 Info www.joneshondaservice.com(50.87.249.29) www.mimortgageexpert.com(35.172.94.1) www.missk-hair.com(91.216.107.201) www.briative.com() www.chinanl168.com() - mailcious www.setadragon.com(209.99.40.222) www.bigarius.com() www.gaigoilaocai.com(172.67.187.204) www.singnema.com() www.frystmor.city(198.54.117.215) www.verifypurchase.online() 50.87.249.29 - mailcious 209.99.40.222 - mailcious 35.172.94.1 - phishing 198.54.117.216 - phishing 91.216.107.201 - mailcious 104.21.84.71	1	4	8.4	M	23	ZeroCERT

10648	2021-07-29 11:12	ded.exe ef1d8e37a5a4444647750ba386f63653 PWS .NET framework RAT Generic Malware AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces AppData folder Tofsee Windows Cryptographic key crashed	6 Keyword trend analysis Info http://www.jqxfinance.com/b8eu/?tZkPcbJ=gkdpJ1zByS8LyCRTesqZl9VheaB/Zqa4TdknO1A1T4zMO1m8tJGMEDdmPtnczAbOd1yMToKT&U4kp=Ntx0URGPFVMpdnk http://www.scoutandstellar.com/b8eu/?tZkPcbJ=TcAW/3HIy/RXA4RTi/4sSuhjTOZJJImWupSyDirF/K4t/wtg63HQAYgT1I4ugZkqvoHylkSb&U4kp=Ntx0URGPFVMpdnk http://www.domainedelafrouardiere.com/b8eu/?tZkPcbJ=ikEP9axVrVJQ4yzQv1a0So0AK/0nXX40fXsXS3BIZ5+6aY5O0aZDKYPEtFKmHn2jcXhg5OSy&U4kp=Ntx0URGPFVMpdnk http://www.maxridetubes.com/b8eu/?tZkPcbJ=YDI1SWbbFRthc8Kjnqcv/XHNG8x6cigBY/xRhCdFgjBrhgoPW0KwDcLaM2HjMafBAr+1quYA&U4kp=Ntx0URGPFVMpdnk http://www.yummylipz.net/b8eu/?tZkPcbJ=BJsIvBSedMRHPw6hRBySesvKf4cy5ptvtRL/e7MsGjTsJ8iq89FIxlkUleqlB63Tk93sEUrP&U4kp=Ntx0URGPFVMpdnk https://www.bing.com/	16 Info www.scoutandstellar.com(212.32.237.92) www.yummylipz.net(23.227.38.74) www.domainedelafrouardiere.com(164.88.6.17) www.google.com(142.250.196.132) www.jqxfinance.com(44.228.202.161) www.xamangxcoax.club() - mailcious www.maxridetubes.com(104.21.39.205) www.cataractmeds.com() www.sellingonlineschool.com() www.kakashis.club() 164.88.6.17 142.250.204.100 104.21.39.205 23.82.12.31 - mailcious 23.227.38.74 - mailcious 44.228.202.161	2		12.0	M	34	ZeroCERT

10649	2021-07-29 11:12	fxbggzfdhfgdgn.exe fe690cdae7fb62b504be7cdc64cda45e PE32 PE File VirusTotal Malware RWX flags setting unpack itself					1.8	M	17	ZeroCERT

10650	2021-07-29 11:14	Bendor.exe fe3acb1ca7cdc3be9e5c823560285d43 UPX Malicious Library PE32 OS Processor Check PE File VirusTotal Malware PDB unpack itself Windows crashed					2.8	M	30	ZeroCERT