Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10996	2021-08-06 10:09	togo.exe dc48298f19bb6f6fb30f997d6f327b15 Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed		1			10.6	M	23	ZeroCERT

10997	2021-08-06 10:45	KV-Update.exe 7d2ce53d4201aa1d997a1da890015e7f RAT Generic Malware .NET EXE PE File PE32 VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself					2.2		31	guest

10998	2021-08-06 10:46	Chaos Ransomware2.exe 3330316c5956f83f0009d68cb63c636d RAT Generic Malware .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself suspicious process					3.0		33	guest

10999	2021-08-06 10:47	Chaos Ransomware.exe 98274f8ae42ac490c3441b3b14459356 RAT Generic Malware .NET EXE PE File PE32 VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself suspicious process					3.4		46	guest

11000	2021-08-06 10:56	Adscouponcode.hta 822fb233e4614239ae79d9f901d98821 Check memory Creates executable files RWX flags setting unpack itself Tofsee	1 Keyword trend analysis	2	1		1.8			ZeroCERT

11001	2021-08-06 10:56	coupon.exe 19b5b2947386eabf904ccc41e7bd226f RAT Generic Malware .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces	2 Keyword trend analysis	1			1.8		7	ZeroCERT

11002	2021-08-06 14:02	invitation.dotm 23a471d956410bc80dc0cabc006252f6 VBA_macro VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces WriteConsoleW Tofsee ComputerName	1 Keyword trend analysis	2	2		5.0	M	35	guest

11003	2021-08-06 15:44	test.py 2f93ce31724966024df8cc2cb167e96d Antivirus								guest

11004	2021-08-06 16:01	xmrig_win32.exe 6d28a08caf2d90f5d02a2bf8794c7de9 UPX Malicious Packer Malicious Library PE64 OS Processor Check PE File VirusTotal Malware unpack itself					1.6		57	Kim.GS

11005	2021-08-06 16:03	xmrig_win32 6d28a08caf2d90f5d02a2bf8794c7de9 UPX Malicious Packer Malicious Library PE64 OS Processor Check PE File VirusTotal Malware unpack itself					1.6		57	JYC

11006	2021-08-06 16:29	payload.exe a89b5a1a3c1a93488c80c0068fa16109 UPX Malicious Library OS Processor Check PE File PE32 Browser Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency sandbox evasion installed browsers check Browser DNS		1			4.0		27	ZeroCERT

11007	2021-08-06 16:36	VanillaStub.exe 3e82d4b205d458e65db00eb0f4231546 RAT PWS .NET framework Generic Malware UPX Antivirus .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS		3	1		4.8		54	ZeroCERT

11008	2021-08-06 16:40	krb5ptcpratserver.exe 78c1154bcba17c3d636e698e81e8499d RAT Generic Malware .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces WriteConsoleW ComputerName crashed					2.6		17	ZeroCERT

11009	2021-08-06 16:41	olde-1.exe 465f28ec62439d3213d557636d48c8ea PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities AppData folder Windows Cryptographic key	14 Keyword trend analysis Info http://www.balloon-artists.com/p2io/ http://www.iotcloud.technology/p2io/?yVMpQLtX=L/l9chWQ9dl2ZFWb8vVro19pFM6JqqsPd4ppl3EKhtG9qh305X+eskSv5sG7vGkNeAZDxwTr&1bz=o8rLp http://www.myfavbutik.com/p2io/?yVMpQLtX=dKp6rERBK113SD0GvHZ5ksFEU2G9ncFkpMVxqDe1xbP28bbT8N8SqFHc7ZWN2qvn1fWpyoOF&1bz=o8rLp - rule_id: 1552 http://www.adultpeace.com/p2io/ - rule_id: 1554 http://www.lucytime.com/p2io/ http://www.myfavbutik.com/p2io/ - rule_id: 1552 http://www.shopihy.com/p2io/ - rule_id: 2198 http://www.anewdistraction.com/p2io/ http://www.shopihy.com/p2io/?yVMpQLtX=Ei6RqbmvJXwd1KhoWyb/BZtLNDk4B448l51n8Zz8P/g/u3IBdZc5bHR/QCXBboISRM182550&1bz=o8rLp - rule_id: 2198 http://www.iotcloud.technology/p2io/ http://www.anewdistraction.com/p2io/?yVMpQLtX=ia0dgIkf6GE3KUyi3zp8eo0tNiPxoXJfkPx9mMo4EgGg3oj1VKxHFK3qhmtZH/rnht5B/RmY&1bz=o8rLp http://www.adultpeace.com/p2io/?yVMpQLtX=4oufm6g7w9cVhgu+mDBWoA8I6Q2bNaX51teMhl/6i5f1woTl8Y4Ohfe29cQ9y7IaJQfIj0iK&1bz=o8rLp - rule_id: 1554 http://www.balloon-artists.com/p2io/?yVMpQLtX=/DMwn9vRv8pPZran9syYwdBt6sFcRXVvVa9RfefW4qtbzd0YMa9UIXTiu4mlEuUVWx6wVl8M&1bz=o8rLp http://www.lucytime.com/p2io/?yVMpQLtX=Ymn5WmwLC00z4pVZK6ihuPaaOKCT+v+tuyygdx+oVo/PHq8Kcnnt5pAnbMy7+QY4AB/111t7&1bz=o8rLp	15 Info www.tpcgzwlpyggm.mobi() www.adultpeace.com(163.44.239.73) www.shopihy.com(160.153.137.40) www.lucytime.com(160.124.11.194) www.myfavbutik.com(104.21.15.16) www.anewdistraction.com(198.49.23.144) www.iotcloud.technology(34.102.136.180) www.balloon-artists.com(147.255.162.204) 163.44.239.73 - mailcious 147.255.162.204 160.124.11.194 34.102.136.180 - mailcious 104.21.15.16 - mailcious 160.153.137.40 - mailcious 198.185.159.144 - mailcious	1	6	11.6	M	34	ZeroCERT

11010	2021-08-06 16:42	9lkybpoly.exe 39991c5e94a83a32104da4c4543e74d2 RAT Generic Malware .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces WriteConsoleW ComputerName crashed					2.6		15	ZeroCERT