Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
12331	2021-09-12 15:03	yy.exe 2252ddad7c8502bec6cfc48bd01f6945 RAT PWS .NET framework NPKI Generic Malware PE File OS Processor Check .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1	8.0	M	50	ZeroCERT

12332	2021-09-12 15:05	BLT-018881033022.exe 144c71aa3c0921610e282c58749b5e39 RAT PWS .NET framework Generic Malware UPX Antivirus AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key crashed				12.4	M	40	ZeroCERT

12333	2021-09-12 15:06	f.exe 6a55f0aa7770e3a0b95f916adb8f107e RAT Generic Malware PE File .NET EXE PE32 VirusTotal Malware PDB Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee	4 Keyword trend analysis	6	1	3.8	M	44	ZeroCERT

12334	2021-09-12 15:06	build_2021-09-11_01-55.exe 3ccf44c470e00c5f42ca53044a0609ab Darkside Ransomware Cobalt Strike Admin Tool (Sysinternals etc ...) Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself				2.2	M	44	ZeroCERT

12335	2021-09-12 15:08	PL_52003200112.exe 1b7a6aadd6da69544aadee4057b2a415 RAT Generic Malware KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI RWX flags setting unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName crashed	2 Keyword trend analysis	4		11.8	M	38	ZeroCERT

12336	2021-09-12 15:09	tt.exe 7663b802e20ee47b431ca593b76e000a RAT PWS .NET framework Generic Malware PE File OS Processor Check .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1	8.6	M	44	ZeroCERT

12337	2021-09-12 15:10	pl_7000320066.exe c156f5367443c436b6a54f16a725d261 RAT Generic Malware KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI RWX flags setting unpack itself Check virtual network interfaces ComputerName DNS crashed	2 Keyword trend analysis	5		11.0	M	43	ZeroCERT

12338	2021-09-12 15:11	NiceProcessX64.bmp 3f22bd82ee1b38f439e6354c60126d6d Malicious Packer Malicious Library PE64 PE File OS Processor Check DLL VirusTotal Malware Creates executable files sandbox evasion Browser				2.8	M	11	ZeroCERT

12339	2021-09-12 15:15	PublicDwlBrowser144.exe 350591b477d7865635d863aec5da6379 Gen1 Generic Malware Malicious Library Malicious Packer UPX DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug AntiVM PE F Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key Software crashed	12 Keyword trend analysis Info https://iplogger.org/1aGEa7 https://wheelllc.bar/api.php https://phonefix.bar/ https://iplogger.org/1c6My7 https://phonefix.bar/api.php?getusers https://startupmart.bar/?user_auth=p4_4 https://startupmart.bar/?user_auth=p4_5 https://startupmart.bar/?user_auth=p4_6 https://startupmart.bar/?user_auth=p4_7 https://startupmart.bar/?user_auth=p4_1 https://startupmart.bar/?user_auth=p4_2 https://startupmart.bar/?user_auth=p4_3	9	1	15.0	M	23	ZeroCERT

12340	2021-09-13 08:53	raccon.exe e45bef85aabecedb6ba2e4b0aaf7be90 Malicious Library PE File PE32 PDB unpack itself				1.0			ZeroCERT

12341	2021-09-13 08:54	conhost.exe 86ec1c19a29d25b109102faa921c7796 PE64 PE File VirusTotal Open Directory Cryptocurrency Miner Malware Cryptocurrency Malicious Traffic Check memory Checks debugger Creates executable files sandbox evasion Windows Exploit Browser ComputerName Firmware DNS	2 Keyword trend analysis	3	7 Info ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET EXPLOIT_KIT DRIVEBY Likely Evil EXE with no referer from HFS webserver (used by Unknown EK) ET POLICY Cryptocurrency Miner Checkin	7.0	M	30	ZeroCERT

12342	2021-09-13 08:56	toolspab2.exe 9ab045a10142aa46a2c6e3aa01f7b31b Malicious Library AntiDebug AntiVM PE File OS Processor Check PE32 Malware PDB Code Injection Checks debugger buffers extracted unpack itself DNS		1		6.6			ZeroCERT

12343	2021-09-13 08:56	Bioblasts.exe 183227e529d66b26c7077c2476d10f58 RAT Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1	12.2	M	34	ZeroCERT

12344	2021-09-13 08:58	c.bin df81ed87368141a4e55a550efba25460 Emotet Malicious Library PE File PE32 Checks debugger unpack itself Windows utilities WriteConsoleW Windows ComputerName crashed				2.6			ZeroCERT

12345	2021-09-13 08:58	jj.exe 91099022e0883c28b73aaf924b6b238b Lazarus Family Themida Packer Malicious Library PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1	10.6	M	27	ZeroCERT