Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
11896	2021-08-31 09:32	CHUCKS.exe d80188f36c0be5335622ab0a92b0e4c5 AgentTesla backdoor RemcosRAT browser info stealer Google Chrome User Data UPX Malicious Packer Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http VirusTotal Malware AutoRuns Code Injection Check memory Creates executable files Windows utilities malicious URLs WriteConsoleW Windows DNS DDNS		2	1	8.0	M	58	ZeroCERT

11897	2021-08-31 09:34	MAMA.exe 3e1a8ffa07781e63228dcd1c8ef79738 AgentTesla backdoor RemcosRAT browser info stealer Google Chrome User Data UPX Malicious Packer Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http VirusTotal Malware AutoRuns Code Injection Check memory Creates executable files Windows utilities malicious URLs WriteConsoleW Windows DNS DDNS		2	1	7.4	M	59	ZeroCERT

11898	2021-08-31 09:34	vbc.exe ba1153100b00d9580f0600dd5c627adf Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key	2 Keyword trend analysis	8	2	8.6	M	12	ZeroCERT

11899	2021-08-31 09:36	WIN32C.exe eff4f95a7ae8393e96d50e6e8a83b7b3 AgentTesla RAT PWS .NET framework browser info stealer Generic Malware Google Chrome User Data Socket Sniff Audio Escalate priviledges KeyLogger Code injection Internet API Downloader persistence AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key DDNS crashed		2	1	9.0	M	44	ZeroCERT

11900	2021-08-31 09:38	CHUCK.exe 3343149d1253a8ec05b9afbe8cbedbec backdoor RemcosRAT UPX Malicious Packer Malicious Library PE File PE32 VirusTotal Malware DNS DDNS		3	1	4.0	M	60	ZeroCERT

11901	2021-08-31 09:40	WARZONE.exe 953055e0715e637ff0f7fe84b126eac9 Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed				11.0	M	52	ZeroCERT

11902	2021-08-31 10:44	AXC.exe 0cb653b63f1f96cc5b362096cede91e4 UPX Malicious Packer PE File PE32 Malware download VirusTotal Malware AutoRuns Malicious Traffic Check memory RWX flags setting unpack itself suspicious process anti-virtualization Windows DNS		1	1	7.4	M	20	r0d

11903	2021-08-31 10:53	AXC.exe 75fc478585b12d3a8f0216b1b28c6944 Generic Malware UPX PE File PE32 Malware download VirusTotal Malware AutoRuns Malicious Traffic Check memory RWX flags setting unpack itself suspicious process anti-virtualization Windows DNS keylogger		3	1	8.0	M	28	r0d

11904	2021-08-31 11:03	job.exe 00208f1aa6ebd03ebf70e847b6f690c8 Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself				1.6	M	24	ZeroCERT

11905	2021-08-31 11:04	vbc.exe 3d1d650b2318cdddaf5e92447ba76b56 PWS .NET framework Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	10 Keyword trend analysis Info http://www.apexexprtwaterfilters.com/sqwo/?9r8tLzUh=gFy/qMCEMcB6Hf1nawozuv5uJH4MDdN9p150ATU12nKhcCpmr8edoJhVpn8/X23UeOD/1ow9&IR-8bP=D8bDa http://www.xn--lmqz72a50cuz9a2o4a.com/sqwo/?9r8tLzUh=Le1mh7KuJ/kNkffB/K9G7OkCYRWEntjBtjRwXnIqHjrXv6YIrlJQ4Fqguq963VDFFK8vuOwx&IR-8bP=D8bDa http://www.nfdianqi.com/sqwo/?9r8tLzUh=eq7caouCPspIuf1GNTzxuvP+gOV7dNnqMT4Ig5YmH3TwSpIB4svgnRWz6X/LFmUB1MkO9fh1&IR-8bP=D8bDa http://www.socialbutterfliesny.com/sqwo/?9r8tLzUh=E1tPMx1iIWJaiJ54PmsntZlI55/upwId2ZJWTdUBVNBkPOpaNZRRBf+5oCbBXDWEKmHyakPo&IR-8bP=D8bDa http://www.communityalliances.info/sqwo/?9r8tLzUh=x54d9I76edU/y4+H+MS1pXoHUOdqhv+JR+acb22Tmy+0nkyiVIO9O6VgjqYOpouAOLXq4LwK&IR-8bP=D8bDa http://www.leadershifts.academy/sqwo/?9r8tLzUh=B/sIr30tyQjkGcM27UQ/kCgS5OE5Y2iVRQHF9/Hu5JH95hjU3xoBeLTP2fsjLFv7Fq8YbDGW&IR-8bP=D8bDa http://www.glamandtan.net/sqwo/?9r8tLzUh=JhW4WKUAk7xlkEEDulhqKZMy2L/keqwe9HdINH+9b6LvJc3qx9ABslN47JV5O7XZ+76PGcj5&IR-8bP=D8bDa http://www.ulrich-wiederspahn.net/sqwo/?9r8tLzUh=0BYlXpKY4gB4a1aUse83N3qGFM9EGQdnDLmOB01zn8viaChOorVXHYfTKREeOl7J3cb90Fve&IR-8bP=D8bDa http://www.brefjefaisdutrail.com/sqwo/?9r8tLzUh=6hqREpBLH7SRGbOhk1p98fViE97+Kj2Tl3lrkq31txPAXznAyq/bcksAiAuYnK40u/C0lqfr&IR-8bP=D8bDa http://www.templatelive.com/sqwo/?9r8tLzUh=dFeO523bKyO5b7Y9epEOyjukxxvWufGG3IfqbIdqil7LvMkjFT5MxZiHJRkc5L7YNlJnDZ0f&IR-8bP=D8bDa	18 Info www.nfdianqi.com(156.241.53.147) www.templatelive.com(162.241.68.246) www.leadershifts.academy(34.102.136.180) www.brefjefaisdutrail.com(209.99.40.222) www.socialbutterfliesny.com(198.49.23.144) www.xn--lmqz72a50cuz9a2o4a.com(154.210.188.165) www.glamandtan.net(209.99.40.222) www.apexexprtwaterfilters.com(34.102.136.180) www.communityalliances.info(182.50.132.242) www.ulrich-wiederspahn.net(35.207.168.47) 35.207.168.47 156.241.53.147 154.210.188.165 162.241.68.246 34.102.136.180 - mailcious 182.50.132.242 - mailcious 209.99.40.222 - mailcious 198.185.159.144 - mailcious	1	8.2	M	26	ZeroCERT

11906	2021-08-31 11:05	bobbyzx.exe 5ecf99b81c8f50209f007541dfca08c1 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed				8.6	M	21	ZeroCERT

11907	2021-08-31 11:05	bin.exe b8a04e2c814ff33e4375bcea671ea6f7 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed				10.0	M	27	ZeroCERT

11908	2021-08-31 11:10	catzx.exe 5b86fcaf5ab130c47731cc168a2ca852 Generic Malware DNS AntiDebug AntiVM PE File .NET EXE PE32 Malware download Nanocore VirusTotal Malware c&c Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS		2	2	13.6	M	25	ZeroCERT

11909	2021-08-31 11:10	vbc.exe fdb84298836a2682cf6ed805bc8852de RAT Generic Malware Admin Tool (Sysinternals etc ...) DNS AntiDebug AntiVM PE File .NET EXE PE32 GIF Format Malware download Nanocore VirusTotal Malware c&c Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces AppData folder AntiVM_Disk VM Disk Size Check human activity check Tofsee Windows ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	6	2	15.4	M	21	ZeroCERT

11910	2021-08-31 11:10	arinzezx.exe bbb076c1946e425146450691549f030b PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	5	3	12.8	M	29	ZeroCERT