Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
10996	2023-08-04 09:21	ChromeSetup.exe 690bca3a7bc4f216912a93d45a8fc99c AgentTesla Generic Malware .NET framework(MSIL) Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed		3	2	15.4	M	30	ZeroCERT

10997	2023-08-04 09:20	73cceb_b5b6005e2aa74cf48cd55dc... 9932fab98f2c021632045d04966db4fd ZIP Format Word 2007 file format(docx) VirusTotal Malware unpack itself Tofsee	2 Keyword trend analysis	2	1	2.4	M	29	ZeroCERT

10998	2023-08-04 09:19	plugmanzx.exe 5ec330fe2550aa08c66a9ffc6c034306 Client SW User Data Stealer Backdoor RemcosRAT browser info stealer Google Chrome User Data Downloader .NET framework(MSIL) Create Service Socket Escalate priviledges PWS Sniff Audio DNS ScreenShot Internet API KeyLogger AntiDebug AntiVM .NET EXE PE File Remcos VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows DNS DDNS keylogger	1 Keyword trend analysis	4	2	10.6	M	22	ZeroCERT

10999	2023-08-04 09:17	Document_20022949450%23.doc 5c90c56d044b8660bd78f51bec0b4795 MS_RTF_Obfuscation_Objects RTF File doc LokiBot Malware download VirusTotal Malware c&c Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed	2 Keyword trend analysis	3	12 Info ET INFO Executable Download from dotted-quad Host ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE LokiBot Fake 404 Response	4.6	M	30	ZeroCERT

11000	2023-08-04 09:17	utilsxupdater.exe 96c30f7179f2d7045aba556d3b8f92af Generic Malware UPX Malicious Library Antivirus PE64 PE File VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key				5.0	M	21	ZeroCERT

11001	2023-08-04 09:16	defounderzx.exe 7b429c29a5d488db61e5c22bbb162293 Formbook .NET framework(MSIL) AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	4 Keyword trend analysis Info http://www.engaugemate.com/fd62/?JjUdE2=w3iRoJKNMZff+mGYYWMWYRBrnbrLMEl1bjGl8S2ZgkzbfvvvyHRxnzLWDOCJth9SQvHEe5LW&YvLT_=z8o4nHbh36&sql=1 http://www.fifaworldcupatl.com/fd62/?JjUdE2=YVMoob9AlkCy4aE8qYQKw/O3VF2mHSImqoz7Z4r1FJJFGxv0iwEoaCSEuPRDATpRiXd/kVuC&YvLT_=z8o4nHbh36&sql=1 http://www.fifaworldcupatl.com/fd62/ http://www.engaugemate.com/fd62/	4		9.0	M	48	ZeroCERT

11002	2023-08-04 09:15	chrome.exe 8a967536e1b964e0b81a0e0964e26a02 .NET framework(MSIL) .NET EXE PE File PE32 VirusTotal Malware PDB Checks debugger unpack itself DNS		1		2.8	M	31	ZeroCERT

11003	2023-08-04 09:13	nNC0F21PVf7hKUD.exe 0874189f078f8e3fcb59e2900e078b7e .NET framework(MSIL) Admin Tool (Sysinternals etc ...) .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows Cryptographic key crashed				2.6	M	23	ZeroCERT

11004	2023-08-04 09:12	ohoyeczx.doc 84fc75d62738624137845bd3c180ebe6 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Windows Exploit DNS crashed	1 Keyword trend analysis	3	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.4	M	29	ZeroCERT

11005	2023-08-04 09:11	defounderzx.doc f453b83cb4f6c27b4796816e0f628abf MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic ICMP traffic RWX flags setting exploit crash Windows Exploit DNS crashed	5 Keyword trend analysis Info http://www.sdxgwnkf.cfd/fd62/ http://www.soc34m.com/fd62/ http://www.soc34m.com/fd62/?JjUdE2=xn0HKfGIZzHBtebtM2PJoTiRmP7tmvS0K83HwlewIFGHtZl2UfwiPMnZWATjhy2Ku2mJdV27&t8o=FrFL&sql=1 http://www.sdxgwnkf.cfd/fd62/?JjUdE2=ghnUtiMEyEw2O5h1P7vo9Byhe/usWh543+65PpmWc9PRh4YewV0BtpdKaxjHtlCT/jMo+a/V&t8o=FrFL&sql=1 http://2.59.254.18/_errorpages/defounderzx.exe	7	7 Info ET MALWARE FormBook CnC Checkin (GET) ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE FormBook CnC Checkin (POST) M2	6.6	M	29	ZeroCERT

11006	2023-08-04 09:11	yyyyy.exe 686da75c6922eddfe714217f777126e1 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware DNS		1		2.8		44	ZeroCERT

11007	2023-08-04 09:09	whatGodcando.exe 93b477baa88c9520aa5249bb3514d191 Generic Malware .NET framework(MSIL) Antivirus DNS AntiDebug AntiVM .NET EXE PE File PE32 Malware download Nanocore Cobalt Strike NetWireRC VirusTotal Malware c&c Buffer PE PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows RAT ComputerName DNS Cryptographic key DDNS		3	7 Info ET MALWARE Possible NanoCore C2 60B ET MALWARE NanoCore RAT CnC 7 ET INFO DYNAMIC_DNS Query to a .duckdns .org Domain ET INFO DYNAMIC_DNS Query to .duckdns. Domain ET MALWARE NanoCore RAT Keep-Alive Beacon (Inbound) ET MALWARE NanoCore RAT Keepalive Response 3 ET MALWARE NanoCore RAT Keepalive Response 1	14.2	M	28	ZeroCERT

11008	2023-08-04 09:09	lega.exe 253dcfc72aa745e063bc035a1e93daab Gen1 Emotet UPX Malicious Library CAB PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft AutoRuns PDB suspicious privilege MachineGuid Check memory Checks debugger WMI Creates executable files unpack itself Disables Windows Security Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		2	5	11.4	M	42	ZeroCERT

11009	2023-08-04 09:07	j1neaa.bat 1551e43ba5cc0468ffa4d54d29870ac0 Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API FTP KeyLogger AntiDebug AntiVM suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key				4.0			ZeroCERT

11010	2023-08-04 09:07	810000000%23%23%23%23%23%23%23... 925753e9dd326a0cedae8e21f0c23f14 MS_RTF_Obfuscation_Objects RTF File doc Malware download Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed	1 Keyword trend analysis	1	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	3.6	M		ZeroCERT