Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
11701	2021-08-24 09:06	pen.exe 70ed4eb21284e9359cf11d375724f299 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) DNS AntiDebug AntiVM PE File OS Processor Check .NET EXE PE32 VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key DDNS crashed		2	1		14.2	M	29	ZeroCERT

11702	2021-08-24 09:08	clip.exe 92bfafc1e9023665745fee7ef443712e Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key					7.0	M	46	ZeroCERT

11703	2021-08-24 09:08	220821new.exe 008608dca212d3f45e4c7fda3cacb663 RAT Generic Malware Themida Packer PE File OS Processor Check .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1		10.6	M	25	ZeroCERT

11704	2021-08-24 09:10	23.exe bd07a2728f0a5c4a971125e51830b459 Gen2 RAT Generic Malware UPX Malicious Library Malicious Packer PE File OS Processor Check .NET EXE PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces Windows DNS Cryptographic key		1			4.8	M	26	ZeroCERT

11705	2021-08-24 09:10	Pluton.exe 89af8d786625c48a71ce9cb93a8d367f Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					1.8	M	25	ZeroCERT

11706	2021-08-24 09:17	yg.exe 577b5fbdcf47f70f4d17d87cc8a20550 RAT Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key					2.8	M	34	ZeroCERT

11707	2021-08-24 09:18	deck.exe 0afb31c3e6018c85df11d2a25a581079 RAT Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key					3.0	M	47	ZeroCERT

11708	2021-08-24 09:19	sy.exe 3ca87d704392649bdfd2e0e50c2cca35 PE File PE32 VirusTotal Malware unpack itself					1.6	M	23	ZeroCERT

11709	2021-08-24 09:20	nd.exe e249c3cf931a39ce861670aca977b737 PE File PE32 VirusTotal Malware unpack itself					1.6	M	23	ZeroCERT

11710	2021-08-24 09:23	bom-02.exe 6e33655754e13782626f4b2282a8264d Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	9 Keyword trend analysis Info http://www.searchlakeconroehomes.com/wufn/?lJBtHN_=PMoU3Bb4pp7kIq7s9Lu9lk9x8XSdLDPlrC1uiYxj/TRDLGMuRYRvVOWSTnHGXDduCYD74xYV&_hrpX=kzrxUp - rule_id: 3867 http://www.prinothhusky.com/wufn/?lJBtHN_=GFt2TzYQfdSiNG603WLL+Cz/jkuaKDaMw91O9Wlio7W/+JMlkABrabAp9DL5ExKj8sqeUNNS&_hrpX=kzrxUp - rule_id: 3291 http://www.nathanielwhite108.com/wufn/?lJBtHN_=YfnY/Fsmz+QKrLXZBRDCHXjbe12Sn7h7KuPrYhZcTvyjTPZF+555S5Iv48Qw/Q2USlOtryNo&_hrpX=kzrxUp http://www.reshemporium.com/wufn/?lJBtHN_=wp/rTAq+nefw0Ut8gBAFiAOZsxmfnTEjPBWm4zxzbrCD8Q+PSp7/6kESKmxQvFdTe2TjazgW&_hrpX=kzrxUp - rule_id: 4201 http://www.rootmoover.com/wufn/?lJBtHN_=jUqWC+wM+s2Yehearj52syV+yALdMbb6PeN2CvBJSFCwW1HLktm3ATZosqzbiXJTH9I2JiE2&_hrpX=kzrxUp - rule_id: 3570 http://www.feathertiara.net/wufn/?lJBtHN_=kBuwGfiPz7ySFvcjUzLnibr355l72ljuv5/5hH3ZydAEXYL8DZHvf8y8kbj1LoIM4KSTAosX&_hrpX=kzrxUp http://www.laterlifelendingsupermarket.com/wufn/?lJBtHN_=JK53FQapth9VDdSHXGajN0L5nsR3wCbJsKyzCV6oZDicv5erkPKtybHomSqu7DQ5sf8AoARo&_hrpX=kzrxUp - rule_id: 3501 http://www.mybodysaver.com/wufn/?lJBtHN_=iAyrziyFF9RqM6kqTrR2Gz8v85ou6HqcZ1qFLOyqSC08U8XZpeh2g5fFjWykbq8K9Lt/Vzcu&_hrpX=kzrxUp - rule_id: 3227 http://www.frystmor.city/wufn/?lJBtHN_=eWg3OYora75B6Z+tLCzm5f6Ri2Qy6T4wPAbOFkNyDPrqSJvJlKf467sJrNVRbgaUTepkudSS&_hrpX=kzrxUp - rule_id: 3223	19 Info www.systemofyouth.com() - mailcious www.searchlakeconroehomes.com(172.67.151.130) www.nathanielwhite108.com(172.217.175.19) www.mybodysaver.com(104.21.91.185) www.prinothhusky.com(34.102.136.180) - mailcious www.feathertiara.net(154.220.112.199) www.cuadorcoast.com() www.laterlifelendingsupermarket.com(85.233.160.22) www.rootmoover.com(91.195.240.117) www.reshemporium.com(34.102.136.180) www.frystmor.city(198.54.117.217) 172.67.151.130 198.54.117.211 - phishing 85.233.160.23 - mailcious 34.102.136.180 - mailcious 154.220.112.199 172.217.26.19 - phishing 91.195.240.117 - mailcious 104.21.91.185		7	9.2	M	24	ZeroCERT

11711	2021-08-24 09:24	BIN.exe fdbfac3db38e579f28f6a51e55e7b01b Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key	16 Keyword trend analysis Info http://www.wintonplaceoh.com/n8ba/ http://www.dfendglobal.com/n8ba/ http://www.ascope.club/n8ba/ http://www.naamt.com/n8ba/ http://www.goldenstatelabradoodles.com/n8ba/?LZT8=e60qEcsBiihKxWoRMHsW7u7BjuDaTcxFYqqhC6dyhFGy/A9/KDqWhMaJuZl0wMpQJwhi+sN7&uTux=njoTZ26xmz http://www.naamt.com/n8ba/?LZT8=k6UYYutEW45PHOXLeWa6OuzmySSf0U/4OHoQgLQZWOBhR3GPD0Rc3M/2tbIwYil2wNSxlE6G&uTux=njoTZ26xmz http://www.wintonplaceoh.com/n8ba/?LZT8=AVTd1ZN4UWfa3pMJYW+9mBRbWrEnsObc4GxuOgTv+oU74bastT2cYQ1nQ05mxdjtjivpiZLt&uTux=njoTZ26xmz http://www.braun-mathematik.online/n8ba/ http://www.goldenstatelabradoodles.com/n8ba/ http://www.hauhome.club/n8ba/ http://www.hauhome.club/n8ba/?LZT8=NUeE9ayeqIvtmXJqNXjn0BYB7KGsqh3j5qXA7JKIOsOTIn2Xwxqo8UvFEu3rEeEWLrajsBTb&uTux=njoTZ26xmz http://www.ascope.club/n8ba/?LZT8=u7WOyhgpLcKkZ3NME85LieZphkZvcqsYIx1o9bJe3DTXHuf5LOGJb9G8tFdvd6sWNuBR8AZ2&uTux=njoTZ26xmz http://www.braun-mathematik.online/n8ba/?LZT8=+h7Xj+nVXSXdbfNy6Fq1cf2yPuoKyU42UF3/DIUS/dweac3mPynWRx+hybL2rkFqOU3XmxbO&uTux=njoTZ26xmz http://www.animalds.com/n8ba/?LZT8=ma7grn9fRVytzixCP6VmMhjzZf0Hpfy4HhEbvxYYwLK4ZW8Hoq4Np5gx365LkuQGDkZB+u21&uTux=njoTZ26xmz http://www.dfendglobal.com/n8ba/?LZT8=vkKjRLs3CaveMkKih3FkRB4gQWVj8i1HH1jWe2WAqlMZtQHHe7vSVJN92s33LNF/LCFOjYAl&uTux=njoTZ26xmz http://www.animalds.com/n8ba/	18 Info www.braun-mathematik.online(217.160.0.129) www.hauhome.club(199.59.242.153) www.animalds.com(99.83.230.40) www.wintonplaceoh.com(198.71.233.107) - mailcious www.thehighstatusemporium.com() www.dfendglobal.com(94.127.7.174) www.goldenstatelabradoodles.com(34.102.136.180) www.naamt.com(3.130.158.209) www.oneninelacrosse.com() www.ascope.club(95.215.210.10) 198.71.233.107 - mailcious 94.127.7.174 - malware 3.130.158.209 - mailcious 75.2.124.199 - mailcious 34.102.136.180 - mailcious 95.215.210.10 - mailcious 199.59.242.153 - mailcious 217.160.0.129 - malware	1		11.2	M	32	ZeroCERT

11712	2021-08-24 09:24	pals.exe 1995b0023c950d538750ede62a7c19db RAT Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key					3.0	M	44	ZeroCERT

11713	2021-08-24 09:24	joboy.exe 0fe65d945d9f773bec35a27ce6999a3f RAT Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key					2.8	M	37	ZeroCERT

11714	2021-08-24 09:26	jojo.exe 7de8ca081578b160483afc1f4d84c960 RAT Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key					3.0	M	45	ZeroCERT

11715	2021-08-24 09:27	Windows.exe a6b0c68d5870d0962b905eb433ab1cb7 RAT PWS .NET framework Generic Malware Antivirus AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					11.0	M	26	ZeroCERT