Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
11311	2021-08-14 09:45	services.exe efc0f46f3fa314f232394e2cb781659f Generic Malware UPX PE File PE32 VirusTotal Malware AutoRuns suspicious privilege Creates executable files unpack itself Windows DNS	1 Keyword trend analysis	2	1	1	4.6	M	57	r0d

11312	2021-08-14 09:45	raccon.exe ed20a01ec2d93943bd0664fafb76daa6 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself DNS		1			3.0	M	31	ZeroCERT

11313	2021-08-14 09:46	rollerkind.exe cde93187ac7d9c6905b6cc747bf339d3 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself DNS		1			2.8		22	ZeroCERT

11314	2021-08-14 09:50	org2.exe 84cef14e10dd889178986bf53ccecf41 AgentTesla(IN) Generic Malware Malicious Packer Malicious Library .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself					2.2	M	38	ZeroCERT

11315	2021-08-14 09:50	installs2.exe 59011b30630b327f21b0c6c070e6bdc3 RAT PWS .NET framework Generic Malware UPX OS Processor Check .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	2		7.4	M	44	ZeroCERT

11316	2021-08-14 09:52	pub1.exe 9f6cc7e30cf819e9e22558d3868a692d UPX Malicious Library OS Processor Check PE File PE32 PDB unpack itself					1.4	M		ZeroCERT

11317	2021-08-14 09:53	update.dll fef6b272e83c2db9338ad55ffb6e8f6e UPX Malicious Library Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE File PE32 VirusTotal Malware Buffer PE Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser DNS Cryptographic key crashed		1			5.2	M	23	ZeroCERT

11318	2021-08-14 09:54	apines.exe d60de31e6e431d66634f84ef0ee29f37 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself					2.4	M	38	ZeroCERT

11319	2021-08-14 09:55	abdulzx.exe a999f70ef203107555ad230346b89c80 Generic Malware Antivirus UPX PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself					1.8	M	21	ZeroCERT

11320	2021-08-14 09:56	rollerkind2.exe 29873d5f4db7060243199e49d7af8930 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself					2.2	M	20	ZeroCERT

11321	2021-08-14 09:57	refno3.exe c7cda00215a9747d2a6142919bd45227 Generic Malware Admin Tool (Sysinternals etc ...) .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key					6.8	M	44	ZeroCERT

11322	2021-08-14 09:59	software.exe e4102e8888cdd54defb8babef27dcaef Gen2 RAT Generic Malware Themida Packer Malicious Packer UPX Malicious Library OS Processor Check .NET EXE PE File PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Remote Code Execution Firmware Cryptographic key crashed	2 Keyword trend analysis	4	1		9.4	M	20	ZeroCERT

11323	2021-08-14 10:00	.svchost.exe 85ef4d2c4d482b353c237e1145fc52bd GuLoader Generic Malware Malicious Packer UPX Malicious Library PE File PE32 VirusTotal Malware RWX flags setting unpack itself					2.2	M	30	ZeroCERT

11324	2021-08-14 10:02	refno2.exe 8ed7a017019ddb3974773f00201ce7ff RAT PWS .NET framework Generic Malware UPX Admin Tool (Sysinternals etc ...) AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key	5 Keyword trend analysis Info http://www.theleedongreen.com/i7dg/?Wz=ypSwwrM3wKNdfLS8mF2vipmcYk/3i6508EavNptUwufqgKOEsgideXOUhIXigZLST3smYLe0&vB=chrxU http://www.japanesexxxvideo7.com/i7dg/?Wz=9+PcFwF+yKwQzFuxBI05Qt+M2ZGoD6AK8+6TrakvekZYWOE0h2iaxxkSU/NDZ/8I9vMQgLcP&vB=chrxU http://www.connorcartledgerock.com/i7dg/?Wz=+QwcFSc3LAszI5STokBrj/G8xmYTR3ePtZ4+LNmYgJK+lnQni8LjtB976bxiuML43SANpGxN&vB=chrxU http://www.fvckshirt.com/i7dg/?Wz=Brxl0ootlrHDmuE8D8C/z9eXAv9DW2BvFzN2VmYPaGRsQUWnFEbzO+2N9aJ9smzbU33e4lgs&vB=chrxU http://www.wqfilter.com/i7dg/?Wz=f8iD9L4dCkbpAKOV3a2zV06Ib9jyqzB9Ki8lcYXtvMA4ssIJMUtZ9I613gG4tg+W1f0MRSWa&vB=chrxU	15 Info www.beerdominant.com() www.japanesexxxvideo7.com(46.182.111.137) www.pdam-lebak.com() www.connorcartledgerock.com(198.49.23.144) www.fvckshirt.com(67.195.197.25) www.bj-htst.com() www.theleedongreen.com(101.100.204.11) www.shoplasero.com() www.xilomo.xyz() www.wqfilter.com(154.88.24.172) 67.195.197.25 - phishing 46.182.111.137 154.88.24.172 101.100.204.11 198.185.159.144 - mailcious	1		9.0			ZeroCERT

11325	2021-08-14 10:06	P4SDww.exe d8b2a0b440b26c2dc3032e3f0de38b72 Gen1 RAT Generic Malware UPX Malicious Library Malicious Packer .NET EXE PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Collect installed applications Check virtual network interfaces AppData folder installed browsers check Tofsee Ransomware Windows Browser ComputerName Cryptographic key Software crashed	13 Keyword trend analysis Info http://music-sec.xyz/?k=v2&user=p4_5 http://music-sec.xyz/?k=v2&user=p4_4 http://sytareliar.xyz/ http://music-sec.xyz/?k=v2&user=p4_6 http://music-sec.xyz/?k=v2&user=p4_1 http://music-sec.xyz/?k=v2&user=p4_3 http://music-sec.xyz/?k=v2&user=p4_2 https://iplogger.org/1XqVr7 https://all-brain-company.xyz/ - rule_id: 2927 https://api.ip.sb/geoip https://all-brain-company.xyz/api.php?getusers - rule_id: 2928 https://iplogger.org/1DSJe7 https://all-brain-company.xyz/api.php - rule_id: 2928	10	2	3	12.4	M	41	ZeroCERT