Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10771	2021-08-02 03:45	implant.exe 4ff87fb043b8d4d5dbb0d9fc3eb31dd1 Malicious Packer UPX Malicious Library PE64 OS Processor Check PE File RWX flags setting unpack itself crashed					1.2			guest

10772	2021-08-02 09:12	helk.exe 25741ac45ffe74f8c4817b28500fa48d Malicious Packer UPX Malicious Library OS Processor Check PE32 PE File DLL VirusTotal Malware AutoRuns Windows Remote Code Execution DNS		1			3.4	M	57	ZeroCERT

10773	2021-08-02 09:12	%E9%80%A0%E5%B0%8F%E4%BA%BA.ex... 21614cd641f1b0564630a4dffe6c54e2 VMProtect Malicious Library PE32 PE File VirusTotal Malware Checks debugger unpack itself DNS		1			3.6	M	32	ZeroCERT

10774	2021-08-02 09:14	bbrpg.exe 207450ff08453cc47b40df231032d4d0 PE32 PE File VirusTotal Malware					1.8	M	20	ZeroCERT

10775	2021-08-02 09:14	ly%E7%99%BB%E9%99%86%E5%99%A82... e4dc1316bde5f058c3eaf297a378f07e Malicious Library PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself Windows utilities WriteConsoleW Windows	2 Keyword trend analysis	2			5.0	M	41	ZeroCERT

10776	2021-08-02 09:16	eacing.exe 964d27f847238a3ff9b11f21d99aff90 PWS .NET framework RAT Generic Malware UPX OS Processor Check .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	4	2	1	7.2	M	35	ZeroCERT

10777	2021-08-02 09:16	z.exe fd047a74224274e29409c2b841c2b306 UPX Malicious Library OS Processor Check PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency Malicious Traffic Check memory unpack itself suspicious TLD sandbox evasion installed browsers check Interception Browser DNS Software	1 Keyword trend analysis	3	2		7.4	M	48	ZeroCERT

10778	2021-08-02 09:18	hello.exe bd90d76652738c92e4b632d312e5fd04 RAT BitCoin Generic Malware AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	2		12.4	M	18	ZeroCERT

10779	2021-08-02 09:18	build3.exe 0fea771099e342facd95a9d659548919 UPX Malicious Library AntiDebug AntiVM OS Processor Check PE32 PE File VirusTotal Malware PDB Code Injection Checks debugger buffers extracted unpack itself Windows utilities WriteConsoleW Windows ComputerName					7.8	M	45	ZeroCERT

10780	2021-08-02 09:19	6.exe 598c53bfef81e489375f09792e487f1a PE32 PE File VirusTotal Email Client Info Stealer Malware MachineGuid Check memory unpack itself AntiVM_Disk VM Disk Size Check Ransomware Email ComputerName crashed		2			9.0		47	ZeroCERT

10781	2021-08-02 09:20	file.exe 0fe287305bd628a147644229ed9d3c07 UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution					2.4	M	29	ZeroCERT

10782	2021-08-02 09:21	agwl.exe 02ab49305f95f010772aba55ea61744e Malicious Packer Malicious Library UPX PE32 PE File OS Processor Check DLL VirusTotal Open Directory Malware AutoRuns suspicious privilege Malicious Traffic Creates executable files unpack itself Windows Exploit DNS	1 Keyword trend analysis	1	7 Info ET INFO Executable Download from dotted-quad Host ET ADWARE_PUP User-Agent (Mozilla/4.0 (compatible)) ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET EXPLOIT_KIT DRIVEBY Likely Evil EXE with no referer from HFS webserver (used by Unknown EK) ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP		7.6	M	55	ZeroCERT

10783	2021-08-02 09:22	kazah.exe 87e5df4b2d1ad17687a506394018aeb8 PWS .NET framework RAT Generic Malware .NET EXE PE32 PE File VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself ComputerName					2.8	M	53	ZeroCERT

10784	2021-08-02 09:25	lv.exe dbb0c9da2351647df7e732303f3294fd NPKI Gen1 Emotet Gen2 Malicious Library UPX Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiD VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows		1			6.6	M	23	ZeroCERT

10785	2021-08-02 09:27	2.doc 4ed6ab29138f363708968244d5c5eb59 VBA_macro MSOffice File VirusTotal Malware RWX flags setting unpack itself					2.8		29	ZeroCERT