Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
11026	2023-08-03 13:51	pablozx.exe 7456977c738208470a01d84ed531f081 email stealer Downloader Escalate priviledges PWS DNS Code injection persistence KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key crashed		1		17.0	M	43	ZeroCERT

11027	2023-08-03 13:46	60293824632766269097.msi 2dca491ef853829346413533f9dc7a4d CAB MSOffice File VirusTotal Malware unpack itself crashed				1.0		4	ZeroCERT

11028	2023-08-03 10:31	I00000000q0000q00000q00000%23%... 2e8e51303d4a8f2a575fbc72ebd19cac MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed	2 Keyword trend analysis	1	6 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Generic .bin download from Dotted Quad ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.0	M	29	ZeroCERT

11029	2023-08-03 10:29	lawzx.exe f7687a10bf31777ddad97b1d0907bdc6 PWS SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Browser Email ComputerName Software crashed				9.8	M	41	ZeroCERT

11030	2023-08-03 10:27	cm9292000000000000000%23%23%23... e26f05916ee04b50b7e98416f0905b8c MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed	1 Keyword trend analysis	1	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.2	M	35	ZeroCERT

11031	2023-08-03 10:25	gdf04000000000000000000%23%23%... 74b5dbbaecd8ad665dfa124659885fad MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic ICMP traffic exploit crash unpack itself Windows Exploit DNS crashed	4 Keyword trend analysis Info http://www.w2w37.com/gs22/?x4ahHtwP=sxpFiT/QnuwqbREFEalc4xGkI+X15UMLgBOmnpWdTi7yXahnG8Uo0ChTsXgqiqTJ7vwSjSB2&9r=gdidSh0H http://23.95.60.83/rft/PiNqnEquXXipiHilYV223.bin http://www.mezcalrosario.com/gs22/?x4ahHtwP=9vqGyEwSjFJ65F5HfUu0nj0baUEVEMWVa2VMtqXoJwbLaSy1AFIaNUZVE0qALa569XCftmAp&9r=gdidSh0H http://103.6.248.9/T018W/wininit.exe	8	7 Info ET MALWARE Generic .bin download from Dotted Quad ET MALWARE FormBook CnC Checkin (GET) ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.8	M	29	ZeroCERT

11032	2023-08-03 10:25	Excel.exe 79e5648312a58377ef76d2346404ef12 UPX Malicious Library Malicious Packer MZP Format PE File PE32 VirusTotal Malware RWX flags setting unpack itself				2.8	M	44	ZeroCERT

11033	2023-08-03 10:23	0TTYuKFFp2Neo.exe 99c8b8c9c4b1e113156d2e708766d658 Malicious Library PE64 PE File VirusTotal Malware Check memory Checks debugger unpack itself				2.0	M	24	ZeroCERT

11034	2023-08-03 10:23	kpb0239848585885000000%23%23%2... 780dc1ce7fb814935f6422561b7938bd MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed	1 Keyword trend analysis	1	6 Info ET INFO Executable Download from dotted-quad Host ET HUNTING Suspicious smss.exe in URI ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.0	M	29	ZeroCERT

11035	2023-08-03 10:21	idbk6758400000000000%23%23%23%... 7eb05bcc9d2d6f3edaa773d3d602b1a1 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Windows Exploit DNS crashed	1 Keyword trend analysis	1	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.2		30	ZeroCERT

11036	2023-08-03 10:21	lawzx.doc bc89a42094fac06d565983f94cb4fa2a MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed	1 Keyword trend analysis	1	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.4		27	ZeroCERT

11037	2023-08-03 10:20	IB_iso.exe 4ef341e4b9c3229fe2281ddece402c22 NSIS UPX Malicious Library PE File PE32 DLL VirusTotal Malware suspicious privilege Check memory Creates executable files unpack itself AppData folder ComputerName DNS	23 Keyword trend analysis Info http://www.ridonestore.shop/mv9h/?U4Qv-=9VxnjTCqrqAAIhZwG9PoTS29kvYV+Vsyiu2Fvyx7VLgNyAFzPPwxiPtN8AaY7yAV9hQiJzLhpdoSmgIbJxvhNzuKboEGgwYKJo7uw1I=&cimW=lS77a8 http://www.potent-tech.com/mv9h/ http://www.expelledclothing.com/mv9h/ http://www.hncovnyyra.best/mv9h/ http://www.expelledclothing.com/mv9h/?U4Qv-=9a4cyonTP0e6NuzSlLJ27FO37WvMSZ0WaVw1AMtOxtaCv+m5JRKGBAYKzIKL0anZ1A3e1EfBSBxBW9/OLTmFzaHtcxx2Mn8hsStbcMw=&cimW=lS77a8 http://www.ceravolt.life/mv9h/ http://www.rva.info/mv9h/ http://www.hncovnyyra.best/mv9h/?U4Qv-=HcykeIqVbXhfppJwoSsM/lzOWEv/63sUc26l9Pyzi/RiJWpkCKG7rYCg+zEFiCvlKsq6aaTMW0S7wU6+gIahRGdD6ziJ49MY8t7Y4AU=&cimW=lS77a8 http://www.help-hair.info/mv9h/?U4Qv-=GNz0FM0e5ScvNElU2Hu2om6Rqm4e+67FZh9yl10aFczOUMs8DWUv0BGRHOdPh5hc0CAdyJzRrvN/qShJrEMPe4vi0TNirV+929KqINs=&cimW=lS77a8 http://www.ridonestore.shop/mv9h/ http://www.weinbrenner-stiftung.org/mv9h/?U4Qv-=KriJDkyr9ZSDK5SncDruUH89KQPsZisyljIEVA7ACCuqryEISDWc4fIbxiwjaj9YllKMJ4K263YcXqSukN/9eRkxhZw6ZQvhn0MgKpA=&cimW=lS77a8 http://www.aquatic-organisms.info/mv9h/ http://www.help-hair.info/mv9h/ http://www.eventz9.com/mv9h/?U4Qv-=DhN/pfZhMnl4HQr18JX+oR8+aYaT8DsUwwvwmuFtuqFZv8xoKl2cv7n6clvWh1ER01rwIDgQIfjRcGmRjQxyMnOEIFklWxiWmR0afZM=&cimW=lS77a8 http://www.sqlite.org/2016/sqlite-dll-win32-x86-3130000.zip http://www.eventz9.com/mv9h/ http://www.rva.info/mv9h/?U4Qv-=VRRqi/ql977uvieqYsG4fOrDt8dXLrN86EfRdYcOQNSbko9uA8lJYMBA/4W5F4bPxRFvp/KzmV+IiXK6fR3lqPQiRqLY9cobKkCJQRY=&cimW=lS77a8 http://www.brownie.rest/mv9h/?U4Qv-=vmn/PMHMKvttZlwOVZyOjTJZ+WpUZFfmH6ozGnWYHclktmcXFHgsldQI8V2t6yLP30Sy4KtKyocnDpxwpleQA38uNlwzTJH7fcDgzks=&cimW=lS77a8 http://www.sqlite.org/2016/sqlite-dll-win32-x86-3120000.zip http://www.ceravolt.life/mv9h/?U4Qv-=9IeKlzzeiCBmV6GZneJqnhQdGcMOrN2zpJl1PcRdXHgPlBFjKoUh2wO5Xuu1XzrnlBtm9u1a/Ow39lO36+F22xQtyEIwfDBXWZJ5lHc=&cimW=lS77a8 http://www.weinbrenner-stiftung.org/mv9h/ http://www.brownie.rest/mv9h/ http://www.aquatic-organisms.info/mv9h/?U4Qv-=iptoip7pWRsS9xKJtuuMpZ3pZju1uspYTD6Awsn8x9vJeBkpaHApDsxm5SKYRJmJIPm4Br1em9F8LnG0RKBgEpAwWbXUGUe5zk5WzmM=&cimW=lS77a8	23 Info www.ridonestore.shop(84.32.84.32) www.brownie.rest(202.172.26.52) www.rva.info(3.64.163.50) www.aquatic-organisms.info(199.59.243.224) - mailcious www.expelledclothing.com(198.58.118.167) www.eventz9.com(35.241.18.84) www.help-hair.info(104.21.83.214) www.ceravolt.life(203.161.53.83) www.weinbrenner-stiftung.org(46.30.213.165) www.potent-tech.com(119.28.69.86) www.hncovnyyra.best(172.67.145.145) 202.172.26.52 - phishing 84.32.84.32 - mailcious 199.59.243.224 - mailcious 104.21.83.214 172.67.145.145 35.241.18.84 3.64.163.50 - mailcious 46.30.213.165 - mailcious 45.33.6.223 45.33.30.197 - mailcious 203.161.53.83 119.28.69.86	2	4.6		30	ZeroCERT

11038	2023-08-03 10:18	schtasks.exe ef85c294d69ed1cc66f26b7ea200b425 AsyncRAT UPX .NET framework(MSIL) Malicious Packer OS Processor Check .NET EXE PE File PE32		2					ZeroCERT

11039	2023-08-03 10:18	IBS_Cortana.exe 08defe80ace1f032875c8127ae5e4481 UPX Malicious Library PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder		1		2.4		21	ZeroCERT

11040	2023-08-03 10:16	wininit.exe 398168319933805c70238c679be79bdb UPX Malicious Library PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder				2.6		32	ZeroCERT