Submissions

No Date Request Urls Hosts IDS Rule Score Zero VT Player Etc
11656 2021-08-23 12:11 Operon.exe  

871cba396875673097c170edb571a972


RAT PWS .NET framework BitCoin Generic Malware SMTP AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed
2 3 2 1 11.6 M 37 ZeroCERT

11657 2021-08-23 12:11 credit.exe  

4338aca68fbaab846ec6345a7b85c15c


Admin Tool (Sysinternals etc ...) Malicious Library PE File PE32 VirusTotal Malware RWX flags setting unpack itself Tofsee crashed
2 4 1 3.4 M 34 ZeroCERT

11658 2021-08-23 12:13 UhWxIznbHOIvjE2.exe  

37c00a568eef6447fdd49dd5d1cf31b4


RAT PWS .NET framework Generic Malware PSW Bot LokiBot ZeusBot Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 Malware download Malware IoC AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName Cryptographic key
3 2 2 13.4 M ZeroCERT

11659 2021-08-23 12:15 fbtc-client.exe  

7a9a32c45303b7bef1651551799bb68f


Lazarus Family Gen2 RAT BitCoin Generic Malware Themida Packer WebCam UPX Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential D Browser Info Stealer Malware download NetWireRC VirusTotal Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces suspicious process AppData folder malicious URLs sandbox evasion VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key crashed Downloader
7 12 7 19.6 M 30 ZeroCERT

11660 2021-08-23 12:15 lv.exe  

527aafb84de77dc3fe50995fa50b7e4b


NPKI Emotet Gen1 Gen2 Malicious Library Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows DNS
2 6.8 M 27 ZeroCERT

11661 2021-08-23 12:17 12345_protected.exe  

e38762223f23dd3373ba4bff00f94c7a


RAT ILProtector Packer Generic Malware PE File OS Processor Check .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName
6.2 M 24 ZeroCERT

11662 2021-08-23 12:19 Windows.exe  

c74a54611729be7c00a42b47d4d41e00


Themida Packer Anti_VM PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Checks Bios Detects VMWare Check virtual network interfaces VMware anti-virtualization Windows Firmware DNS Cryptographic key crashed
1 1 1 6.6 M 35 ZeroCERT

11663 2021-08-23 12:21 file.exe  

d4c03c86b24c6b5a83c0524e1a9af692


Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself
2.0 M 30 ZeroCERT

11664 2021-08-23 12:23 1664879191.exe  

96d3ef5ec108f2534df06d39ab70aac1


Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution
2.4 M 49 ZeroCERT

11665 2021-08-23 12:27 GodK6jam0J2bDZkC.exe  

80be083d6e199ea9ac0391d791379440


Gen1 Malicious Library Malicious Packer PE File OS Processor Check PE32 DLL JPEG Format Browser Info Stealer Malware download FTP Client Info Stealer Vidar Arkei VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Malicious Traffic Check memory WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee ArkeiStealer OskiStealer Stealer Windows Browser Email ComputerName DNS Software Password
9 3 6 12.8 M 44 ZeroCERT

11666 2021-08-23 12:28 Dran.exe  

224b8bb42508de25bd73489dc6e8ac32


RAT PWS .NET framework Generic Malware PSW Bot LokiBot ZeusBot Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key
10.4 M ZeroCERT

11667 2021-08-23 12:32 vaccine appointment according ...  

f1680aa55c88220bcf83e24d89628cc9

VirusTotal Malware ComputerName
0.6 4 ZeroCERT

11668 2021-08-23 12:33 cx2.crt.html  

c44f8602e3cd5a5f1e720873713df67d


Antivirus AntiDebug AntiVM powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process Tofsee Windows ComputerName Cryptographic key
1 2 3 7.4 ZeroCERT

11669 2021-08-23 12:39 me.exe  

b4b7ec0373ca6105c4450a1763365496


RAT BitCoin Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key crashed
2 3 2 10.4 43 ZeroCERT

11670 2021-08-23 12:41 new.exe  

57f881c03e3b77a572bf422f2b255b4f


Lazarus Family Themida Packer Malicious Library PE File .NET EXE PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key crashed
2 3 2 9.8 27 ZeroCERT