popup

Submissions

No Date Request Urls Hosts IDS Rule Score Zero VT Player Etc
12211 2021-09-08 11:22 judecrypted.exe  

d1afdf5f45a0fe6b6629f82c19e178d1


Gorgon Group PE File PE32 VirusTotal Malware Tofsee 		1 2 2 1.0 M 30 r0d

12212 2021-09-08 11:59 eth.exe  

293c7e2ffc7a0ad49ede6f396ecbfb81


Emotet Gen1 NPKI Malicious Library UPX DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug AntiVM PE File PE VirusTotal Malware Buffer PE AutoRuns PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows Remote Code Execution crashed 		1 11.6 M 26 ZeroCERT

12213 2021-09-08 12:01 JP Morgan Chase Job Opportunit...  

aefa2caddfeb3bccb1e696cc2cd6955a


Generic Malware Anti_VM DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM GIF Format VirusTotal Malware Code Injection Check memory Creates shortcut RWX flags setting suspicious process malicious URLs Tofsee Interception 		1 2 1 4.6 28 ZeroCERT

12214 2021-09-08 16:50 BlonkHonk (2).exe  

8ef61d30073bda7c03a20fe5e9614eee


RAT PWS .NET framework Generic Malware Malicious Packer PE File PE32 .NET EXE VirusTotal Malware PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee ComputerName 		1 4 1 5.2 27 guest

12215 2021-09-08 17:09 BlonkHonk (2).exe  

8ef61d30073bda7c03a20fe5e9614eee


RAT PWS .NET framework Generic Malware Malicious Packer PE File PE32 .NET EXE VirusTotal Malware PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee ComputerName 		1 4 1 5.2 27 guest

12216 2021-09-08 17:31 raccon.exe  

864a871c403534258270290a4a930466


Malicious Library PE File PE32 OS Processor Check PDB unpack itself Remote Code Execution 		1.2 ZeroCERT

12217 2021-09-08 17:31 mag.exe  

31dc73e5387996aaba575acc83e1ea39


RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows ComputerName DNS Cryptographic key crashed 		1 3 1 11.4 40 ZeroCERT

12218 2021-09-08 17:33 baz.exe  

43c4cf6c6e519b98937786ac167bdee5


Dimnie PE File PE32 VirusTotal Malware unpack itself Tofsee 		1 2 2 1.6 M 40 ZeroCERT

12219 2021-09-08 17:33 esbu.exe  

7393923210116d47a98fd9cb67a5136e


PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed 		9.0 M 26 ZeroCERT

12220 2021-09-08 17:35 ab.exe  

d35a920b33e638e40ee6d00e3a76753e


Dimnie PE File PE32 VirusTotal Malware unpack itself Tofsee 		1 2 2 1.0 M 19 ZeroCERT

12221 2021-09-08 17:35 obn.exe  

4f4126b538d7862b2bc1c7c1513d2a18


PE File PE32 VirusTotal Malware Tofsee 		1 2 2 0.8 M 22 ZeroCERT

12222 2021-09-08 17:37 nd.exe  

63425ec377156298620b9a0c79554172


PE File PE32 VirusTotal Malware unpack itself Tofsee 		1 2 2 1.6 M 42 ZeroCERT

12223 2021-09-08 18:10 obn.exe  

4f4126b538d7862b2bc1c7c1513d2a18


Admin Tool (Sysinternals etc ...) PE File PE32 VirusTotal Malware Tofsee crashed 		1 2 2 1.2 M 36 r0d

12224 2021-09-08 18:17 nd.exe  

63425ec377156298620b9a0c79554172


Buhtrap Group PE File PE32 VirusTotal Malware unpack itself Tofsee crashed 		1 2 2 1.8 M 42 r0d

12225 2021-09-09 08:51 Invoice-No.-9004_20210908.xlsb  

cc064043229bad8f94a41de8a6ce8721

VirusTotal Malware RWX flags setting unpack itself 		1.6 5 ZeroCERT

keyword