Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10861	2021-08-04 09:59	zoom.doc e5ec8603bbcfe3820c59749a24641570 Malicious Packer UPX Malicious Library PE File OS Processor Check DLL PE32 Dridex TrickBot VirusTotal Malware suspicious privilege Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself Check virtual network interfaces suspicious process IP Check Kovter ComputerName DNS	7 Keyword trend analysis Info http://api.ipify.org/ https://185.56.175.122/rob119/TEST22-PC_W617601.456BB1605131C7BB14DF183E3BBE59FD/23/100019/ https://185.56.175.122/rob119/TEST22-PC_W617601.456BB1605131C7BB14DF183E3BBE59FD/14/user/test22/0/ https://185.56.175.122/rob119/TEST22-PC_W617601.456BB1605131C7BB14DF183E3BBE59FD/5/file/ https://185.56.175.122/rob119/TEST22-PC_W617601.456BB1605131C7BB14DF183E3BBE59FD/14/DNSBL/listed/0/ https://185.56.175.122/rob119/TEST22-PC_W617601.456BB1605131C7BB14DF183E3BBE59FD/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/GRNKLdJfQOG57mLhT/ https://185.56.175.122/rob119/TEST22-PC_W617601.456BB1605131C7BB14DF183E3BBE59FD/14/path/C:%5CUsers%5Ctest22%5CAppData%5CRoaming%5Cwise-toolsQQO0WX%5Csvzoomfg.grf/0/	6	4		6.4	M	14	ZeroCERT

10862	2021-08-04 10:01	a24a7a925420fc48542f870656109f... a92922a71a9bf58cc2d95a6039c9a1b6 UPX Malicious Library PE File PE32 VirusTotal Malware Check memory Windows crashed					2.2	M	31	ZeroCERT

10863	2021-08-04 10:07	0803_4233265847.doc 6a3290e7ad1b96b6a10a94626cd1716a VBA_macro DNS Socket ScreenShot AntiDebug AntiVM MSOffice File GIF Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency Buffer PE MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Collect installed applications Check virtual network interfaces suspicious process suspicious TLD sandbox evasion anti-virtualization IP Check installed browsers check Ransomware Stealer Windows Browser ComputerName Software	6 Keyword trend analysis	12 Info fiom65pre.ru(8.209.65.137) - malware arviskeist.ru(185.68.93.20) - mailcious api.ipify.org(23.21.173.155) stionsomi.ru(45.129.237.96) - mailcious pospvisis.com(95.213.179.67) - mailcious priekornat.com(212.193.48.110) - mailcious 50.16.235.219 212.193.48.110 185.68.93.20 - mailcious 8.209.65.137 - malware 92.62.115.177 - mailcious 45.129.237.96 - mailcious	6		21.0	M	7	ZeroCERT

10864	2021-08-04 10:12	7sdjhui32sof.exe 270c3859591599642bd15167765246e3 Ficker Stealer UPX Malicious Library PE File PE32 VirusTotal Malware IP Check	1 Keyword trend analysis	4	1		4.0	M	56	ZeroCERT

10865	2021-08-04 10:29	vbc.exe ecc19a6e75196aba87b243737d5fd361 PE File PE32 VirusTotal Malware					1.4	M	15	ZeroCERT

10866	2021-08-04 10:41	.wininit.exe 8dffb7cb10c04f3cef0a90e77304448b Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities AppData folder Windows Cryptographic key	12 Keyword trend analysis Info http://www.previem.com/n84e/ http://www.lojaautomatica.com/n84e/ http://www.wdi.technology/n84e/?inzXwP5P=IpnI7BJcLrJ67SGYGYHhRDyffQdPudewicDgGClghUeJL8BH8S3a0cS/9EZy35tEY35S+Xi+&SP=cnxh5jUh http://www.lojaautomatica.com/n84e/?inzXwP5P=KM8/RJbscxw6RCQcWiAcr4+7xSKlBVrbYD0kduoGpJ88rMBQIO2t0YEuyJiTYbvTX8pAXSku&SP=cnxh5jUh http://www.conectaragora.com/n84e/ http://www.conectaragora.com/n84e/?inzXwP5P=p6i+kRTznlIfp8/7XMyecgcPSEfEpCNZNLU/042ESd3JmDRQsTR5UXzjOO9R4eeSQMVHZgcS&SP=cnxh5jUh http://www.upscalebuyer.com/n84e/?inzXwP5P=HSYf9ckuIWPwdxwIiUJqcRVULvuhbtuavyhIt3yUmAAcOtUmxqjS9cG+/EBZNBlhSlkJh+W5&SP=cnxh5jUh http://www.mz66a.com/n84e/?inzXwP5P=jks/rihBJZCVAEZcz0kZtUf27/U6N/J0NQilUbeRUUoLU/5j7LJ1nNsnlmedJg97PKfYronE&SP=cnxh5jUh http://www.upscalebuyer.com/n84e/ http://www.mz66a.com/n84e/ http://www.wdi.technology/n84e/ http://www.previem.com/n84e/?inzXwP5P=bNXhMYMuDlFe+XJQU5c0i4xLKlE8dTbc/0OnjJQurqTbw4APg+PVimQ9vsGkNKgyWMhV7lYu&SP=cnxh5jUh	14 Info www.wdi.technology(78.46.190.69) www.instrumentwinebreathe.net() www.previem.com(151.106.116.68) www.mz66a.com(34.102.136.180) www.conectaragora.com(184.168.131.241) www.lojaautomatica.com(81.88.57.70) www.upscalebuyer.com(34.102.136.180) www.hheiy35.com(156.245.12.121) 156.245.12.121 184.168.131.241 - mailcious 151.106.116.68 34.102.136.180 - mailcious 78.46.190.69 81.88.57.70 - mailcious	1		10.8	M	23	ZeroCERT

10867	2021-08-04 10:43	0803_1140088877.doc 6376baf5eaead1abb0ec71546fd4e4b5 hancitor VBA_macro MSOffice File GIF Format Malware Malicious Traffic Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Check virtual network interfaces IP Check ComputerName	2 Keyword trend analysis	8	1	1	9.6	M		ZeroCERT

10868	2021-08-04 10:43	fineFB.exe 76ade6d0feb5897a933dbca533be4ca1 RAT Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Tofsee crashed	6 Keyword trend analysis Info http://www.alliancefb.com/support/en/?5j=E9P+t5aMWSD3TCjLS7wsY7NUIYxz2U33Ldo09wpuEhFP28xbW8bmWX4A0/kALO2yod300/s/&vTdDF=LJBx http://www.intlgcap.com/support/en/?5j=yUPGOazhmvJ2CH9iveJV3c6q5n8a839rRUuOKhB1ehBnAJmTBA/qAAmyLVpSMz8YXnAKD7NQ&vTdDF=LJBx http://www.cutass.com/support/en/?5j=Dj996a3h2qboTLKZjRVTU3yTCokC5la5/bDYIKZf1f+40ghf16aux1W+Ojmg1zuK+8dAGGea&vTdDF=LJBx http://www.littlehousenursery.com/support/en/?5j=+fkBQExBug/W6CRY/WlLuwYAm4n6F3ntZ2n1qN5ZglaqvIkQHxZi1AhS8ZV4317vdVVeyrPl&vTdDF=LJBx https://cdn.discordapp.com/attachments/869310376943181867/869390552234356837/DEFB.exe https://cdn.discordapp.com/attachments/867927972013809777/871568246497755246/emlak.dll	10 Info www.intlgcap.com(34.102.136.180) www.alliancefb.com(3.223.115.185) www.cutass.com(52.128.23.153) www.littlehousenursery.com(3.130.158.209) cdn.discordapp.com(162.159.133.233) - malware 52.128.23.153 - mailcious 162.159.133.233 - malware 34.102.136.180 - mailcious 3.223.115.185 - mailcious 3.133.163.136	2		8.8	M	29	ZeroCERT

10869	2021-08-04 10:47	0803_6700186721.doc 52e17e1d3122e3157cb40e9b57711bc6 hancitor VBA_macro MSOffice File GIF Format Malware Malicious Traffic Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Check virtual network interfaces IP Check ComputerName	2 Keyword trend analysis	8	1	1	9.6	M		ZeroCERT

10870	2021-08-04 10:57	vbc.exe ecc19a6e75196aba87b243737d5fd361 UPX Admin Tool (Sysinternals etc ...) PE File PE32 VirusTotal Malware Check memory crashed					1.8	M	15	r0d

10871	2021-08-04 12:18	document.xlsm 3823aa0c8a9a48d236cce65b53bc9c6b VBA_macro Antivirus VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger WMI Creates shortcut RWX flags setting unpack itself powershell.exe wrote Check virtual network interfaces suspicious process Windows ComputerName Cryptographic key	1 Keyword trend analysis	2			9.2		20	guest

10872	2021-08-04 12:20	heliocentrically.db 106b947aa2e8101bff6e3ff0f82bfe95 Generic Malware Malicious Packer UPX Malicious Library Escalate priviledges AntiDebug AntiVM PE File OS Processor Check PE32 VirusTotal Malware Code Injection unpack itself					3.8		26	guest

10873	2021-08-04 12:26	document_set_20210208_T6253773... c2747012f95b22cb9b627a16bd62a7e6 VirusTotal Malware RWX flags setting unpack itself Tofsee		2	2		2.2		15	guest

10874	2021-08-04 12:28	vbc.exe 302f2eb940ca97b21128171b43cf20b7 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows Cryptographic key crashed					5.6		37	guest

10875	2021-08-04 12:31	decree-08.03.2021.doc f6f72e3d91f7b53dd75e347889a793da AntiDebug AntiVM Vulnerability VirusTotal Malware Code Injection Check memory RWX flags setting unpack itself suspicious process Interception	1 Keyword trend analysis Info http://millscruelg.com/bdfh/3d9Ob0yEwAUkUUNyHskxJb4Zky89/56302/bE5YBOFyZvWHbGv9wPr7QVmkuplYkgZNGYoZ/49344/QhlXPkzDH5WAkx1w/13541/FRfIza4UA20X3W74QQ10gdOWb14BWJTd/31791/xar2?ref=8G8tetEug&fQed=39qouy&sid=ErETbrbz&id=PRDTNX0w2lw6Ff2DhnSyWYUR&user=0nRmXO7YbHH9FCk&ref=d1Kr5UM29JW29PHyh20ag&page=kFGzbhu23oKZEkTvdWUbrAg7y5WThN&PyATUI0=M7BU76Rl9wKGCII2&search=0agiEcPmAwxoUmelcrgIyXt	2			6.6		14	guest