Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
12616	2021-09-22 09:54	75796491.exe c9da7eeb35209ea9a47fcde193e77266 RAT PWS .NET framework Generic Malware Antivirus AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key crashed				12.2		43	ZeroCERT

12617	2021-09-22 09:55	21.exe 9495761e569d1589af99bb520cd01a54 AntiDebug AntiVM PE File PE32 DLL Browser Info Stealer Malware download VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder WriteConsoleW anti-virtualization installed browsers check Stealer Windows Browser Email ComputerName DNS	2 Keyword trend analysis	1	4	10.8	M	26	ZeroCERT

12618	2021-09-22 09:56	23.exe 778311c46a25d8f9fc121f06dad4886d Generic Malware UPX Anti_VM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1	11.4	M	33	ZeroCERT

12619	2021-09-22 09:57	4wk3N3ftnNDhOk5.exe 722235b69b44bcc7ebcf84c4356923a0 RAT PWS .NET framework Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed				12.8	M	28	ZeroCERT

12620	2021-09-22 09:58	bryantzx.exe fc7f66871c6d3cd918238eb78bda5369 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed				8.8	M	23	ZeroCERT

12621	2021-09-22 09:59	rollerkind2.exe 85d8cfa3d99b2061e2ff4e9197090133 Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution				2.4	M	24	ZeroCERT

12622	2021-09-22 10:00	EXCEL.exe 49af0abba03a7d559171f378728e9bc7 RAT Generic Malware Antivirus AntiDebug AntiVM PE File .NET EXE PE32 MSOffice File VirusTotal Malware powershell Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut RWX flags setting exploit crash unpack itself Disables Windows Security Check virtual network interfaces suspicious process Tofsee Windows Exploit ComputerName Cryptographic key crashed	1 Keyword trend analysis	2	1	15.0		10	ZeroCERT

12623	2021-09-22 10:02	vbc.exe 0379cf12ef3850e1d9232774a3d469c0 UPX PE File PE32 VirusTotal Malware Remote Code Execution				1.0		25	ZeroCERT

12624	2021-09-22 10:03	remit.exe cf98d2d4d4555323842c8371db09347e UPX Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File PE32 Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName crashed	3 Keyword trend analysis Info https://qcisaa.sn.files.1drv.com/y4m-c7lQsmglgLpCHVpyfHTv-fo-qQNLzYLhCukCDgEj40L4ouHdE35JcJxP4Ijfjql4AbIkPWnLWZKjaVDd9hzCYT37w7wSTsfuyOqIenEATN10Im-4iQu1BYZ4WA_S_crLSZsoh1f840zSiSvh1atDp1KfoUWub8IBmwBV-Kt8ZMBaS5roYSWAyLyFRCKd15XQR--Mqemnisegp5h6Yx7wQ/Srakjlekngtcyxfikcsesbckosunxns?download&psid=1 https://qcisaa.sn.files.1drv.com/y4mWXp5EDLYFsO4Mv8COFN17VmF4wZZ1B0CoFFnmi_kUIzVtGO4mRYUnRBucqR44BejXsCF9tzyBMFT9qOHxyJaXXDbLrl5S7AOSnCEWxMExlHpT6MVE13IZ5LmwvLRnu4TOCWoZs1q0qmpeeFZsOvDvonMYC6gqigoJAycYxp5hSpFM7PNcxtQ_q-jkTPKQ-JiNUk5KKxhdzVWSI6C0qoWtw/Srakjlekngtcyxfikcsesbckosunxns?download&psid=1 https://onedrive.live.com/download?cid=D6676A9A61E841F3&resid=D6676A9A61E841F3%21155&authkey=AG_5U-eWJ37gdC4	6	1	11.2	M	22	ZeroCERT

12625	2021-09-22 10:04	.winlogon.exe 7bbd97d7b4acd4b0a3cf3bb19883c348 RAT PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed				9.8	M	20	ZeroCERT

12626	2021-09-22 10:05	598714267.exe c4ab556b6a1dd537cc1942204fdfd6cd RAT Generic Malware PE64 PE File VirusTotal Malware AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName				6.2	M	47	ZeroCERT

12627	2021-09-22 10:06	Igno.exe 861f9b74fd5fad95a95ea1c1d043f814 Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself				1.8	M	27	ZeroCERT

12628	2021-09-22 10:07	apines.exe 331ad3f4c9d14f480bad2dc82ae4f835 Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution				2.4	M	26	ZeroCERT

12629	2021-09-22 10:08	rollerkind.exe 5ee187036dfa9186004738b99c2b178f Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution				2.4	M	22	ZeroCERT

12630	2021-09-22 10:09	product_specifications_details... 60b5efcc9ea0f944ac7fab44ace01de9 RAT Generic Malware Antivirus AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut ICMP traffic RWX flags setting unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key crashed	1 Keyword trend analysis	8	1	13.6	M	20	ZeroCERT