Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12286	2021-09-10 10:29	Documents new.xlsb e2c5c7d099745fa74d4653b6d49338d2 Excel Binary Workbook file format(xlsb) VirusTotal Malware Creates executable files unpack itself suspicious process		1			3.6		23	r0d

12287	2021-09-10 17:20	tgrewads.exe 268d55d7e322a47435b83d71d3610f81 PE File OS Processor Check PE32 VirusTotal Malware					0.6		12	ZeroCERT

12288	2021-09-10 17:20	readytunes.png 40932e7f31ad53c47c03592a1de47151 Malicious Library PE File OS Processor Check PE32 Dridex TrickBot Malware PDB suspicious privilege Malicious Traffic buffers extracted unpack itself Check virtual network interfaces suspicious process IP Check Kovter ComputerName DNS crashed	7 Keyword trend analysis Info http://wtfismyip.com/text https://185.56.175.122/rob130/TEST22-PC_W617601.F23B783DDF38DBB86097125BBF17EB14/14/exc/E:%200xc0000005%20A:%200x0000000077919A5A/0/ https://185.56.175.122/rob130/TEST22-PC_W617601.F23B783DDF38DBB86097125BBF17EB14/14/path/C:%5CUsers%5Ctest22%5CAppData%5CRoaming%5CAnyLiteGamesYX5S%5Creadytunes.exe/0/ https://185.56.175.122/rob130/TEST22-PC_W617601.F23B783DDF38DBB86097125BBF17EB14/5/file/ https://185.56.175.122/rob130/TEST22-PC_W617601.F23B783DDF38DBB86097125BBF17EB14/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/3r3r57PfZRZnF5NBVnVbZZp15X9911N/ https://185.56.175.122/rob130/TEST22-PC_W617601.F23B783DDF38DBB86097125BBF17EB14/14/NAT%20status/client%20is%20behind%20NAT/0/ https://185.56.175.122/rob130/TEST22-PC_W617601.F23B783DDF38DBB86097125BBF17EB14/14/user/test22/0/	6	4		6.6			ZeroCERT

12289	2021-09-10 17:22	tlogs.exe acce458c80680c29571dd40ced566af1 Themida Packer UPX Antivirus Anti_VM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces suspicious TLD VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed	2 Keyword trend analysis	7	1		12.6	M	36	ZeroCERT

12290	2021-09-10 17:24	vbc.exe 09abff7fd37311b306d557540ecbb5c0 Malicious Packer PE File PE32 VirusTotal Malware unpack itself Tofsee crashed	1 Keyword trend analysis	2	2		1.8	M	36	ZeroCERT

12291	2021-09-10 17:46	WoodeProcurement_Specification... e79a346563c8229ade00a77e2cebc81a AgentTesla PWS .NET framework browser info stealer Generic Malware Google Chrome User Data Antivirus Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection Downloader AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut ICMP traffic unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows Browser ComputerName Cryptographic key crashed keylogger		5			13.2		30	ZeroCERT

12292	2021-09-10 17:46	Subcontractor Reviews (Sep 202... 18eecb5cea32c71850814005629f9c00 Generic Malware DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug AntiVM GIF Format VirusTotal Malware Code Injection Creates shortcut suspicious process WriteConsoleW					2.6		16	ZeroCERT

12293	2021-09-10 17:55	tgrewads.exe 268d55d7e322a47435b83d71d3610f81 Generic Malware PE File OS Processor Check PE32 VirusTotal Malware					0.6	M	12	r0d

12294	2021-09-10 23:25	vvv.exe c530826a10c7781d906169eb6b579d89 RAT Generic Malware PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows	1 Keyword trend analysis	2	1		4.8		25	guest

12295	2021-09-11 15:01	82550150ac3397ed391e34aa99d35b... 9d56e1cd866bb657e457e382e0e06682 Darkside Ransomware Cobalt Strike Admin Tool (Sysinternals etc ...) Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					1.6		17	ZeroCERT

12296	2021-09-11 15:01	miner.exe 66fb954571c27484485b9d47c79362c3 RAT Generic Malware DNS Socket Create Service BitCoin Escalate priviledges KeyLogger Code injection ScreenShot AntiDebug AntiVM PE64 PE File VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Auto service Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName Firmware DNS	1 Keyword trend analysis	5	3	1	14.8	M	30	ZeroCERT

12297	2021-09-11 15:03	dcc7975c8a99514da06323f0994cd7... 71ac541da6d41bf24fadb543a23ebf96 Darkside Ransomware Cobalt Strike Admin Tool (Sysinternals etc ...) Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					1.6		17	ZeroCERT

12298	2021-09-11 15:04	Nfe03092021.exe 513f5b2b6d1a1ccd5d43d83ee1304a8a NPKI Gen2 Malicious Library ASPack PE File OS Processor Check PE32 DLL Browser Info Stealer VirusTotal Malware AutoRuns Checks debugger Creates executable files unpack itself AppData folder sandbox evasion IP Check Windows Browser ComputerName DNS crashed	3 Keyword trend analysis	7	2		9.0	M	45	ZeroCERT

12299	2021-09-11 15:05	togo.exe 2fde71a8f29b35cfe910b9fffd6b6334 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself					1.8	M	39	ZeroCERT

12300	2021-09-11 15:06	lv.exe 4053a37b2fea7c4bbf78830e6f023f66 Gen1 NPKI Gen2 Themida Packer Generic Malware Malicious Library Anti_VM UPX Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities AppData folder malicious URLs Windows crashed		1			9.8	M	35	ZeroCERT