Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
11371	2021-08-16 17:20	file1.exe efb3e6929403a295ee9f8a0dfcdd591c RAT Generic Malware Anti_VM UPX PE File OS Processor Check .NET EXE PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key crashed	2 Keyword trend analysis	4	2		9.0	M	26	ZeroCERT

11372	2021-08-16 17:21	askinstall52.exe ed8353cf1e80cb6afd65dedd1f83071a Gen2 Trojan_PWS_Stealer Credential User Data Malicious Packer UPX Malicious Library SQLite Cookie PE File OS Processor Check PE32 Browser Info Stealer VirusTotal Malware PDB suspicious privilege WMI Creates executable files Windows utilities suspicious process WriteConsoleW installed browsers check Tofsee Windows Browser ComputerName Remote Code Execution	2 Keyword trend analysis	4	1	1	6.4	M	51	ZeroCERT

11373	2021-08-16 17:45	One Million British Pounds.pdf 9b4e673fb8467b6dac5c13fff8db4213 PDF VirusTotal Malware					0.6		17	guest

11374	2021-08-16 18:12	One Million British Pounds.pdf 9b4e673fb8467b6dac5c13fff8db4213 PDF VirusTotal Malware Windows utilities Windows	5 Keyword trend analysis Info http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip				2.0		17	ZeroCERT

11375	2021-08-17 07:39	console-play.exe a43be7341e3d13810d20b9e64e329c83 Gen2 Gen1 RAT Generic Malware UPX Malicious Library Malicious Packer Anti_VM PE File OS Processor Check PE32 DLL PNG Format GIF Format .NET DLL PE64 VirusTotal Malware Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities AppData folder AntiVM_Disk VM Disk Size Check Windows ComputerName crashed					5.2	M	21	ZeroCERT

11376	2021-08-17 09:25	Simplydisk_TPEB_Tariff_CtoC_16... fd7075efa74442ec550ba1b0613f0db3 Malicious Packer Malicious Library PE File DLL PE32 VirusTotal Malware Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities suspicious process Tofsee Windows ComputerName crashed	5 Keyword trend analysis Info https://cdn.discordapp.com/attachments/876792192524501045/876810977381847040/222_mod.dll https://cdn.discordapp.com/attachments/876792192524501045/876811276905480202/222_mod.dll https://beklear.net/wp-content/plugins/nhpakbigch/9YfqVdDVOAG.php https://cdn.discordapp.com/attachments/876792192524501045/876811874048565268/222_mod.dll https://cdn.discordapp.com/attachments/876792192524501045/876811523593482320/222_mod.dll	4	1		7.2		9	ZeroCERT

11377	2021-08-17 09:26	unknown.exe fe51eac852001236448794e51ba22956 RAT PWS .NET framework Generic Malware PE File .NET EXE PE32 suspicious privilege MachineGuid Check memory Checks debugger unpack itself ComputerName					1.6			ZeroCERT

11378	2021-08-17 09:33	sufile.exe 0ca116299ae13d37e2368d09f208fd2d UPX Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.6	M	42	ZeroCERT

11379	2021-08-17 09:34	plugmanzx.exe ec9dc86cbda5ad0a0b6c79654e361642 Generic Malware Admin Tool (Sysinternals etc ...) DNS AntiDebug AntiVM PE File .NET EXE PE32 Malware download Nanocore VirusTotal Malware c&c Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS		2	2		14.2	M	30	ZeroCERT

11380	2021-08-17 09:36	mazx.exe 1423f1e7d436fa26d50fd804f5b93431 Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	3 Keyword trend analysis Info http://www.alphamillls.com/mxwf/?D8k8=8vU0MhDguONSVZAFdaETy8wVZ8V0psLBFo6hXJA6TygAJBDGiYZVt84widBx7fwwbqBQDNAu&uTxXA=Apm8lx http://www.orders-cialis.info/mxwf/?D8k8=5ldtLAd4WjWQpBn2D9at1Sp5llf8TUCQYgmbUZbfSF6mwcPpZP54RYPSSKh/3i002J3HIC53&uTxXA=Apm8lx http://www.sierp.com/mxwf/?D8k8=Ao4ZudGNGCCq/bz1F1jp8r1nNp3jUASgPiEiflfcY9lwBGukS/0V2qMMjZrQt7h4MdjTjHfn&uTxXA=Apm8lx - rule_id: 3878	6	1	1	8.2	M	24	ZeroCERT

11381	2021-08-17 09:40	.wininit.exe 73c3916832698d6d47cde8593d7816f8 Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	2 Keyword trend analysis	4	2		10.0	M	40	ZeroCERT

11382	2021-08-17 09:42	vbc.exe 3244a92cbba0f5edcae4ea2f2f0d1b7d UPX Malicious Library PE File PE32 VirusTotal Malware unpack itself Remote Code Execution					2.0	M	32	ZeroCERT

11383	2021-08-17 09:43	zxcvb.exe 2cae1b3be4c37e8f0ca5dac99dbbac17 PWS Loki[b] Loki.m RAT Gen1 Gen2 Generic Malware UPX Malicious Library Malicious Packer DNS Socket KeyLogger HTTP Internet API ScreenShot Http API Steal credential AntiDebug AntiVM PE File .NET EXE PE32 JPEG Format DLL OS Processor Check GIF Format Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Buffer PE suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check Tofsee Ransomware OskiStealer Stealer Windows Browser Email ComputerName DNS crashed Password	13 Keyword trend analysis Info http://kullasa.ac.ug/nss3.dll http://185.163.45.248//l/f/VAuJUXsBPvGyIjkLtOpJ/d657180f13db0ff9b8ee6da6bdfe300a7ea52ed9 http://kullasa.ac.ug/msvcp140.dll http://kullasa.ac.ug/ http://myproskxa.ac.ug/index.php http://185.163.45.248/ http://kullasa.ac.ug/vcruntime140.dll http://kullasa.ac.ug/softokn3.dll http://kullasa.ac.ug/mozglue.dll http://185.163.45.248//l/f/VAuJUXsBPvGyIjkLtOpJ/cd7c869b70884aeb0988dc2ac3b497411564fd4d http://kullasa.ac.ug/main.php http://kullasa.ac.ug/sqlite3.dll http://kullasa.ac.ug/freebl3.dll	6	8 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET DROP Spamhaus DROP Listed Traffic Inbound group 25 ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2 ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)		24.4	M	15	ZeroCERT

11384	2021-08-17 09:45	planes.exe fa98ed9794e56f5598319a77831d6339 RAT Generic Malware Admin Tool (Sysinternals etc ...) Antivirus AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					9.8	M	26	ZeroCERT

11385	2021-08-17 09:48	dow.exe fc610878793ee9ee26ed44da1549f4f8 RAT Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	8 Keyword trend analysis Info http://www.mimortgageexpert.com/wufn/?zZhxv2=dH6MS4iXfwK5vVCsjjY0pJ1yp3fpUyK5ZhheQrTomEU+/cdclqzrfoafLlR5qbdrvg8w2+Rd&U6ht=NvsduruhTd5tbZY - rule_id: 2911 http://www.gaigoilaocai.com/wufn/ - rule_id: 2912 http://www.hk6628.com/wufn/ - rule_id: 2909 http://www.gaigoilaocai.com/wufn/?zZhxv2=+cvcaH9t4IGOvfSH2s/pGQCzCoMlKLNX9S4pg+CdqO+ehvTRSw4m6C0WiIEOYf+cYXNRRXby&U6ht=NvsduruhTd5tbZY - rule_id: 2912 http://www.martabaroagency.com/wufn/ - rule_id: 2915 http://www.martabaroagency.com/wufn/?zZhxv2=r0PGHSY2SUcZB8VeRTqckmU+v7wbtMF1fJATAoKMkp5jXhuYZ6C7mu0EbtSkXg+d4UfDPRR1&U6ht=NvsduruhTd5tbZY - rule_id: 2915 http://www.hk6628.com/wufn/?zZhxv2=Mbz3eb2htBuwJm9my9qYpH4UWvi7L1jn54VVewVZerqVccc7GhECZ0+c8NYoPjvN/okzts0t&U6ht=NvsduruhTd5tbZY - rule_id: 2909 http://www.mimortgageexpert.com/wufn/ - rule_id: 2911	13 Info www.collegevillepaareahomes.com() - mailcious www.martabaroagency.com(185.14.56.84) www.mimortgageexpert.com(100.24.208.97) www.hk6628.com(34.102.136.180) www.organicdiscover.com() www.chinanl168.com() - mailcious www.gaigoilaocai.com(172.67.187.204) www.cuadorcoast.com(156.231.25.88) 156.231.25.88 - mailcious 34.102.136.180 - mailcious 185.14.56.84 - mailcious 100.24.208.97 104.21.84.71	1	8	9.6	M	27	ZeroCERT