Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
11641	2021-08-23 10:10	12345.exe d7e22317a5f7472c6b7fc588a870b3b6 RAT ILProtector Packer Generic Malware PE File OS Processor Check .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName				6.2	M	27	ZeroCERT

11642	2021-08-23 10:10	file.exe 3906bd87156d29380e32e4aa14cdb61a Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself				2.0	M	30	ZeroCERT

11643	2021-08-23 10:13	apines.exe 36b265fe0aa983ec569a8b66e89ee2d4 Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself				1.8	M	25	ZeroCERT

11644	2021-08-23 10:35	backdoor_rdp.ps1 8e268f425357f74354709fc72b6c5cad Antivirus VirusTotal Malware AutoRuns Check memory WMI unpack itself WriteConsoleW Windows ComputerName Cryptographic key				2.6		2	ZeroCERT

11645	2021-08-23 10:38	FACTCARREFES122224324221128434... c7f61bcdad06be4d2f14d67f428765cd Gen2 Admin Tool (Sysinternals etc ...) Malicious Library Malicious Packer OS Processor Check MSOffice File VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName				2.4		17	ZeroCERT

11646	2021-08-23 11:49	jefim.crt.html 109347b7aa3d2255a5986e1e6cc06f35 Antivirus AntiDebug AntiVM MSOffice File powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut exploit crash unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	2	2	9.0	M		ZeroCERT

11647	2021-08-23 11:52	faveSQTg6lvyAQO.exe fd496a2b10e16382abba374c4ce2fc4d PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege Checks debugger Creates executable files unpack itself Windows utilities suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName crashed				7.0	M	39	ZeroCERT

11648	2021-08-23 11:54	41304353790.pdf b90be1be290be860d8a5be2b40ca7c08 PDF Suspicious Link PDF VirusTotal Malware unpack itself Windows utilities Windows				2.0	M	13	ZeroCERT

11649	2021-08-23 11:54	2109921313.exe 73920582a5c2d3b28d17e77af42001cb Generic Malware UPX AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed				11.4	M	42	ZeroCERT

11650	2021-08-23 11:56	vunateduremar.pdf 72950325644838b18c5d4e86d4dbda1d PDF Suspicious Link PDF unpack itself Windows utilities Windows				1.4	M		ZeroCERT

11651	2021-08-23 11:57	lv.exe d45632f4da6d087725ab90968d141650 Emotet Gen1 NPKI Gen2 Malicious Library Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows		1		6.2	M	27	ZeroCERT

11652	2021-08-23 11:58	tepserv.exe 864c136d9e0cd51b72375e23e7184dc0 Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself				2.0	M	30	ZeroCERT

11653	2021-08-23 11:59	file7.exe 25b1f480760dd65b48c99c4b64a8375c RAT Generic Malware Themida Packer Malicious Library PE File OS Processor Check .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1	10.6	M	24	ZeroCERT

11654	2021-08-23 12:01	raccon.exe 96aa01335a023fbcefe17ccea67cf999 Malicious Library PE File OS Processor Check PE32 PDB unpack itself				1.0	M		ZeroCERT

11655	2021-08-23 12:02	ksbgixgq.exe f410aa20278033a2158bc670a4d341a8 PWS Loki[b] Loki.m AgentTesla RAT Gen1 browser info stealer Generic Malware UPX Malicious Library Malicious Packer ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check DLL JPEG Format Browser Info Stealer Malware download FTP Client Info Stealer Vidar Arkei VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Buffer PE PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process suspicious TLD sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee ArkeiStealer OskiStealer Stealer Windows Browser Email ComputerName DNS Software Password	10 Keyword trend analysis Info http://188.34.200.103/softokn3.dll http://188.34.200.103/msvcp140.dll http://188.34.200.103/903 http://188.34.200.103/freebl3.dll http://188.34.200.103/nss3.dll http://188.34.200.103/vcruntime140.dll http://188.34.200.103/ http://u1452023.cp.regruhosting.ru/PE/steammaa.dll http://188.34.200.103/mozglue.dll https://eduarroma.tumblr.com/	6	9 Info ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Vidar/Arkei Stealer Client Data Upload ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)	19.2	M	13	ZeroCERT