Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10741	2021-07-31 13:50	askinstall53.exe 393f9bf423a7914f91acfb26710a607d Gen2 Trojan_PWS_Stealer NPKI Emotet RAT Credential User Data Generic Malware Malicious Packer UPX Malicious Library SQLite Cookie Admin Tool (Sysinternals etc ...) Anti_VM Antivirus ASPack OS Processor Check PE32 PE File ELF PNG Format PE64 DLL MSOffice Browser Info Stealer VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Checks debugger WMI Creates executable files exploit crash unpack itself Windows utilities suspicious process AppData folder WriteConsoleW installed browsers check Tofsee Ransomware Windows Exploit Browser ComputerName Remote Code Execution crashed	3 Keyword trend analysis	8	1	2	11.2	M	46	ZeroCERT

10742	2021-07-31 13:51	intonetrefruntimedhcp.exe 529156ed28b10d5152cbbdb85db59355 RAT Generic Malware Malicious Packer UPX DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM OS Processor Check .NET EXE PE32 PE VirusTotal Malware AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName DNS crashed	2 Keyword trend analysis Info http://94.103.80.73/Packetbasetraffic.php?mE26Fltvqxdt=Wj88rUM3ADF3YncQLJ4q7S46Fv0e5&MAP4J6Z2Hs=bmBwDr7QefnjC6DoB35&s8t0Enddf1SBLHgp=JBE3NavibN8GSX9MP0d3KsaNdunM&7d323b4a145837be4f4782fd94aa04b9=wY1YmNwUWYkZmZzEWZlZTOldjN3AjMhljM0YzMlJ2Y2Q2NlFTZiVmMzADMxUTMxITOzITO0MTM&0a843b55ae7380be744bbf239c8d0d28=gZlVmYmFTOxU2N5EmMhZTZ0IDOihjY1ITY3gTO2ATOhRGOjNzY1UWN&ad26823b07b8cbcd7ff745afd1954775=d1nIwQTZ0YTO1EGZjZTY2QWO0YDZzMmZ2MjYjlTYzI2NhZzNldDO1IWYlJiOiQWZ3IzMxgDM4IWN0UTMhVWO5EjNkNzMidDM1YGNiZ2YiwiI1AjZ1IzN0UDM3UWZ1gzY0IzY0UGM3IjZwYzMmVjZjRjZyE2NkhjM3IiOiQWOmZTNjNWO1YGNyU2N2AjZwATO1YmM1ATZwQmYygDOis3W&a3729499a3865912c422a5dac7bbf881=d1nIiojIzQjM1IDO5ATYzgjYlZTOzITO1ATOjVjZhRGMxITY3kjIsICM0UGN2kTNhR2Y2EmNklDN2Q2MjZmNzI2Y5E2MidTY2cTZ3gTNiFWZiojIkV2NyMTM4ADOiVDN1ETYllTOxYDZzMjY3ATNmRjYmNmIsISNwYWNycDN1AzNlVWN4MGNyMGNlBzNyYGM2MjZ1Y2Y0YmMhdDZ4IzNiojIkljZ2UzYjlTNmRjMldjNwYGMwkTNmJTNwUGMkJmM4gjI7xSfikjSpNGbkdVW1Z0VUdGMXlVekJjY5JEbJZTS5RmdS1mYwRmRWRkRrl0cJN1Vp9maJVHbXJ2aGBzYwp0QMlGNrlkNJNlYo5UbZxGZxMGcKNETptGbJZTSTpVd5cUY3lTbjpGbXRles1WSzlUaJZTS5JlQSxWSzl0QkBnSFlEMZRUSPRXRJNnRtJmdsJzY6ZVbaZnSIV1ZjRUS6R2MitWNXFGWKl2TplEWadVNXFGWKNET5o0UZxmSzIGTCNUYwY1MiRlQTx0ZRdlWwp1VhpmVHNmeCNEZ2VzaJZTS5pVe50WSzl0UPRTRU1UdjpWT4dXaNhXQU5UdjpXTp9maJpWOHJWa3lWSTR3aJZTSTVWeS5mYxkjMZl2dpl0cWNjYs5EbJZTSpJmdsJjWspkbJNXSTRmbxMVW3RWbiZnTslkNJNVZwwmMZl2dpl0dVRVT1FleNhHND90dJpGTxMGVNl2bql0ds1WS3AnaJZnWtJmSCh1UpdXaJlXSERmeWdEZp9maJxWMXl1TKhlW6ZFbJNXS5FVUxkWT5FVMVZkUslkNJNlW0ZUbURkQsl0cJlXT4RTeNVXUqlkNJl2YspFbjxmWuNGbOxWSzlUallEZF1EN0kWTnFURJZlQxE1ZBRUTwcGVMFzaHlEcwUkVvVVbjZnTFlEcJZ0SzZ1RkVHbrlkNJNlW0ZUbUZlQxEVa3lWSDJ0QNdGMDl0dTl1NSlHN2ATYKdzZwwEb0pGcuJna3QXcENVUIplRJF0ULdzYHp1Np9maJxWMXl1TWZUVIp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiMDNyUjM4kDMhNDOiVmN5MjM5UDM5MWNmFGZwEjMhdTOiwiI2kTMlRzY1ITZygjM0YjY2ETZiFjMzUDOjNmYxETNjlDMlRTM1ITYzIiOiQWZ3IzMxgDM4IWN0UTMhVWO5EjNkNzMidDM1YGNiZ2YiwiI1AjZ1IzN0UDM3UWZ1gzY0IzY0UGM3IjZwYzMmVjZjRjZyE2NkhjM3IiOiQWOmZTNjNWO1YGNyU2N2AjZwATO1YmM1ATZwQmYygDOis3W http://94.103.80.73/Packetbasetraffic.php?mE26Fltvqxdt=Wj88rUM3ADF3YncQLJ4q7S46Fv0e5&MAP4J6Z2Hs=bmBwDr7QefnjC6DoB35&s8t0Enddf1SBLHgp=JBE3NavibN8GSX9MP0d3KsaNdunM&cd9d37af20d201d2163f19403bbb9dd8=91ec0d6fa24ef6431113d7d323a081da&0a843b55ae7380be744bbf239c8d0d28=QNjhTO4Q2NiJWMjRWO1IjYwIjM5ADNzQWMiVWNxUjNxIzMmJmY3QGO&mE26Fltvqxdt=Wj88rUM3ADF3YncQLJ4q7S46Fv0e5&MAP4J6Z2Hs=bmBwDr7QefnjC6DoB35&s8t0Enddf1SBLHgp=JBE3NavibN8GSX9MP0d3KsaNdunM	1			10.2	M	38	ZeroCERT

10743	2021-07-31 13:52	autodata.exe 05d3ecbebc7492b620bdd443ddec52a1 PE32 PE File DLL VirusTotal Malware AppData folder Remote Code Execution					1.6	M	32	ZeroCERT

10744	2021-07-31 13:53	ce866ae254de4cabd60a95abcc52c3... ce866ae254de4cabd60a95abcc52c315 VBA_macro Generic Malware Antivirus MSOffice File DLL .NET DLL PE32 PE File VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	2	1		11.2		19	ZeroCERT

10745	2021-07-31 13:55	svchost.exe 7a898f78eb97b42d86893276d19f0abf PE32 PE File DLL VirusTotal Malware AppData folder Windows Remote Code Execution	1 Keyword trend analysis	2	1		2.0	M	36	ZeroCERT

10746	2021-07-31 13:58	m.wbk bf5e8751e3af7fe048a666903d98ae2d RTF File doc AntiDebug AntiVM FormBook Malware download Malware MachineGuid Malicious Traffic Check memory Checks debugger exploit crash unpack itself Windows Exploit DNS crashed	2 Keyword trend analysis	4	8 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE FormBook CnC Checkin (GET)		4.2			ZeroCERT

10747	2021-07-31 13:59	nuevo.exe d5c87c83b729c3047d0c9c213dfc8e64 PE32 PE File DLL AppData folder Remote Code Execution					0.6			ZeroCERT

10748	2021-07-31 14:01	winscp.com f998fcd26455fb41278f8887ecb5594e PWS Loki[b] Loki[m] Malicious Library PE32 PE File WriteConsoleW crashed					0.4			ZeroCERT

10749	2021-07-31 14:01	@sc4lly1337.exe 08ddca87b625734e0028a89fd4ec7247 PWS .NET framework RAT Generic Malware PSW Bot LokiBot ZeusBot UPX Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebu Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder WriteConsoleW installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	5 Keyword trend analysis Info http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D http://95.217.159.87:4348/ https://cdn.discordapp.com/attachments/868908533897363470/870626071547097128/clo.exe https://cdn.discordapp.com/attachments/868908533897363470/870626065511501945/welldone.exe https://api.ip.sb/geoip	9	6 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SURICATA HTTP unable to match response to request		15.6	M	34	ZeroCERT

10750	2021-07-31 14:04	welldone.exe 4ee1fe5a7eae87277c898e6c98757e18 RAT Generic Malware PE64 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself ComputerName crashed					2.6		45	ZeroCERT

10751	2021-07-31 14:04	clip.exe 17b0dca4c5d5c3037c814ac1a253082b RAT Generic Malware UPX Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE64 PE File .NET EXE PE32 VirusTotal Malware Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows Cryptographic key	2 Keyword trend analysis	4			12.8	M	35	ZeroCERT

10752	2021-07-31 14:07	Document%20896885.doc 3f89ed9e9e4be551f2d13b16287248c0 VBA_macro Generic Malware Malicious Packer MSOffice File VirusTotal Malware unpack itself Tofsee	1 Keyword trend analysis	20 Info mirrorlakedrugs.com(192.185.110.230) - mailcious highpointroofers.com(107.180.29.18) - mailcious ukcorporatetransfer.com(160.153.208.149) thegoldprocess.com(198.12.234.210) brasilvioleiro.com.br(104.21.23.96) - mailcious test.podcastbites.io(162.241.218.172) - mailcious breadxfish.com(208.109.41.227) zotno.xyz(172.67.205.213) - mailcious reachmedical.in(142.4.29.146) - mailcious www.thewordmarvel.com(159.89.200.161) 159.89.200.161 - mailcious 198.12.234.210 208.109.41.227 107.180.29.18 - mailcious 104.21.52.244 162.241.218.172 - phishing 104.21.23.96 192.185.110.230 - mailcious 160.153.208.149 142.4.29.146 - mailcious	4	1	2.8	M	24	ZeroCERT

10753	2021-07-31 14:18	clo.exe 296968fa478ce8b4832446c33afc37a5 RAT Generic Malware AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key					7.0		53	ZeroCERT

10754	2021-07-31 14:19	win32.exe da28d70a6664dada6cfd6a5fb7769f22 PWS .NET framework Generic Malware UPX Admin Tool (Sysinternals etc ...) .NET EXE PE32 PE File Check memory Checks debugger unpack itself crashed					1.4			ZeroCERT

10755	2021-08-01 09:13	link.jpg.ps1 9f63005e964ad4c6663d2052dee07826 Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key		2	1		9.8		3	ZeroCERT