Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12226	2021-09-09 08:51	RFQ-Order_Sheet#43254363-Sept-... 68038cd6686e726c8d5fcfdf5b62d37a Malicious Library PE File PE32 Emotet VirusTotal Malware AutoRuns Code Injection buffers extracted Creates executable files RWX flags setting unpack itself Tofsee Windows crashed	1 Keyword trend analysis	2	1		7.4		40	ZeroCERT

12227	2021-09-09 08:54	taSPcCva.rtf 7ddc68d92fe65b2509f16c6a27876347 VirusTotal Malware RWX flags setting					1.4		15	ZeroCERT

12228	2021-09-09 09:03	abdcffc9bcf6d5c536c89f879e95ed... 7411bd9a32735dfdeee38ee1f6629a7f Malicious Library PE File OS Processor Check PE32 DLL VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder sandbox evasion IP Check Tofsee ComputerName	6 Keyword trend analysis Info http://ip-api.com/json/?fields=8198 http://crl.identrust.com/DSTROOTCAX3CRL.crl http://x1.c.lencr.org/ https://a.goatgame.co/userf/dat/2201/sqlite.dat - rule_id: 4651 https://a.upstloans.net/report7.4.php - rule_id: 4649 https://a.goatgame.co/userf/dat/sqlite.dll - rule_id: 4717	13 Info google.vrthcobj.com(34.97.69.225) - mailcious a.goatgame.co(104.21.79.144) - malware a.upstloans.net(172.67.179.248) - mailcious crl.identrust.com(23.43.165.66) ip-api.com(208.95.112.1) b.upstloans.net(172.67.179.248) - mailcious x1.c.lencr.org(104.76.75.146) 104.21.79.144 - malware 182.162.106.26 104.74.211.103 34.97.69.225 - mailcious 208.95.112.1 104.21.31.210 - mailcious	2	3	8.0	M	42	ZeroCERT

12229	2021-09-09 09:04	linesloters.png ec330c275ef5bc70e187e7d167b03484 Malicious Library AntiDebug AntiVM PE File OS Processor Check PE32 Dridex TrickBot Malware PDB suspicious privilege Code Injection Malicious Traffic buffers extracted RWX flags setting unpack itself Check virtual network interfaces suspicious process IP Check Kovter ComputerName DNS crashed	11 Keyword trend analysis Info http://icanhazip.com/ https://185.56.175.122/rob129/TEST22-PC_W617601.99B3C97B5F99BD1F3B34A1F586177F69/14/user/test22/0/ https://185.56.175.122/rob129/TEST22-PC_W617601.99B3C97B5F99BD1F3B34A1F586177F69/5/file/ https://185.56.175.122/rob129/TEST22-PC_W617601.99B3C97B5F99BD1F3B34A1F586177F69/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/3sJT83o5WJMcS5vFWYdczdMViZ/ https://185.56.175.122/rob129/TEST22-PC_W617601.99B3C97B5F99BD1F3B34A1F586177F69/14/NAT%20status/client%20is%20behind%20NAT/0/ https://179.189.229.254/rob129/TEST22-PC_W617601.99B3C97B5F99BD1F3B34A1F586177F69/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/tHiBidsluI48eG4clGcD6KL/ https://179.189.229.254/rob129/TEST22-PC_W617601.99B3C97B5F99BD1F3B34A1F586177F69/14/path/C:%5CUsers%5Ctest22%5CAppData%5CRoaming%5CAnyLiteGamesFXVN%5Clinesloters.exe/0/ https://182.253.210.130/rob129/TEST22-PC_W617601.99B3C97B5F99BD1F3B34A1F586177F69/5/pwgrabb64/ - rule_id: 3682 https://182.253.210.130/rob129/TEST22-PC_W617601.99B3C97B5F99BD1F3B34A1F586177F69/5/pwgrabb64/ https://185.56.175.122/rob129/TEST22-PC_W617601.99B3C97B5F99BD1F3B34A1F586177F69/14/exc/E:%200xc0000005%20A:%200x00000000771D9A5A/0/ https://185.56.175.122/rob129/TEST22-PC_W617601.99B3C97B5F99BD1F3B34A1F586177F69/10/62/XFNRLHZRPDJ/7/	7	4	1	10.4			ZeroCERT

12230	2021-09-09 09:05	3_Microsoft.Windows.Applicatio... eba153737466deaebf551beb08a4640a Malicious Library PE File DLL PE32 VirusTotal Malware unpack itself Windows crashed					2.2		13	ZeroCERT

12231	2021-09-09 09:05	vbc.exe c1785d8700149baeae56390c9d543d7b AgentTesla RAT PWS .NET framework browser info stealer Generic Malware Google Chrome User Data Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection Downloader AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key		4			14.4	M	25	ZeroCERT

12232	2021-09-09 09:07	svchost.exe fc8ce0eb1a60a03e0b167b680af1625d Generic Malware PE File PE32 VirusTotal Malware suspicious privilege unpack itself Windows DNS keylogger		1			7.4	M	48	ZeroCERT

12233	2021-09-09 09:07	ghi.exe fa61d6fc42b8f654ea665c5e9bf35f10 RAT Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows ComputerName Cryptographic key crashed	1 Keyword trend analysis	2	1		10.8	M	41	ZeroCERT

12234	2021-09-09 09:09	BIN.exe 4103a2b04ede0d36e5079f6799cdfa14 Admin Tool (Sysinternals etc ...) UPX PE File PE32 VirusTotal Malware RWX flags setting unpack itself DNS crashed		1			4.0	M	31	ZeroCERT

12235	2021-09-09 09:09	yarozx.exe 3d63160bc30d8291f27e46ecfe70d38a RAT PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed		1			10.2	M	20	ZeroCERT

12236	2021-09-09 09:12	tik.exe 2436aadd7124bfff17bf344d22a8552f Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut ICMP traffic unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed		2			13.0	M	43	ZeroCERT

12237	2021-09-09 09:13	vbc.exe c9ddf1bb09008b98a0a4555724cc6ceb Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					2.0	M	25	ZeroCERT

12238	2021-09-09 09:16	0_WFSR.dll.dll c5ac37fbe684e1a02f20aa99e599b266 Malicious Library PE File DLL PE32 VirusTotal Malware unpack itself Windows crashed					2.2		14	ZeroCERT

12239	2021-09-09 09:18	whesilozx.exe 0f48e15f12d8c4d49f456aae86f59c29 RAT PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					8.6	M	24	ZeroCERT

12240	2021-09-09 09:21	okc.exe add9f6ce0fabf00a7b16911122e81f96 RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows ComputerName Cryptographic key crashed	2 Keyword trend analysis	4			10.6	M	42	ZeroCERT