Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12826	2021-09-27 08:06	installszxc.exe d04d4d9896a08dc0ec357ca574814a1b RAT PWS .NET framework Generic Malware PE File OS Processor Check .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1		7.8		33	ZeroCERT

12827	2021-09-27 08:08	f20-c.exe be5006a529a06f16a268bdb477d8878b RAT Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		1			8.6		48	ZeroCERT

12828	2021-09-27 08:08	alan_miller102.exe 96dce028459cf26be5816b14c6b14484 RAT PWS .NET framework Generic Malware PE File OS Processor Check .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces suspicious TLD installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	3 Keyword trend analysis	5	1	1	8.2	M	34	ZeroCERT

12829	2021-09-27 08:17	27.exe 6a46023492d437f7a9ef76a8a9b38684 Malicious Packer Malicious Library PE File PE32 VirusTotal Malware Check memory unpack itself Tofsee		2	1		2.0	M	43	ZeroCERT

12830	2021-09-27 08:17	42.exe 8fd56b6131390d2d8c7ccb008304aa74 Themida Packer PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1		11.6	M	27	ZeroCERT

12831	2021-09-27 08:19	pub3.exe a831382bbc3598da4552c504012b48cc Malicious Library PE File PE32 PDB unpack itself					1.4			ZeroCERT

12832	2021-09-27 08:20	Stub.exe 856543b98724304b70a2224a975b8760 RAT Generic Malware Themida Packer Malicious Packer Admin Tool (Sysinternals etc ...) DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDe VirusTotal Malware AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Windows utilities Check virtual network interfaces suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis Info http://176.31.32.199/DriverGraphDevicea.exe http://62.109.1.30/triggers/vm_.php?mICvfro6PEXVDXrLSnC2C=s6yb&e8f6de43394a8e2ef93b201a0d2ec922=c0280c4c3f572aabfa038560a3f515da&65ab24948c084368808c084126a043f5=gZlFWOwQDMhlTO2kjZ2QjN4MmNiRWZ3UmZyIGZxYTM0QjMxITZmhTY&mICvfro6PEXVDXrLSnC2C=s6yb - rule_id: 3585	2	5	1	11.0	M	45	ZeroCERT

12833	2021-09-27 08:22	askinstall58.exe 0c9f30771449c16fb45f722fa354d370 Gen2 Trojan_PWS_Stealer NPKI BitCoin Credential User Data Generic Malware Malicious Packer Malicious Library SQLite Cookie UPX Anti_VM DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenS Browser Info Stealer VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Checks debugger WMI Creates executable files exploit crash unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW installed browsers check Tofsee Windows Exploit Browser ComputerName Remote Code Execution crashed	4 Keyword trend analysis	8	1	3	11.4	M	49	ZeroCERT

12834	2021-09-27 08:22	file10.exe 8901e210772d2dcf1438407108443ca5 RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	7	1		13.0		7	ZeroCERT

12835	2021-09-27 08:22	Zenar.exe 844b7e033c078ed67b52558b5d891741 Generic Malware UPX Antivirus PE64 PE File GIF Format VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process AntiVM_Disk sandbox evasion WriteConsoleW Firewall state off VM Disk Size Check Tofsee Windows ComputerName Cryptographic key	2 Keyword trend analysis	4	2		9.8		17	ZeroCERT

12836	2021-09-27 08:24	sfx_123_204.exe cff84fea06f0817f75cea379be441300 Malicious Library UPX DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug AntiVM PE File OS Processor Check PE32 DLL VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger WMI unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName					6.8	M	40	ZeroCERT

12837	2021-09-27 08:25	installer_394347.exe 8ea39f89ddfc0a91322b1760956e1514 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 OS Processor Check powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process AppData folder AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check Windows ComputerName Cryptographic key crashed					13.4			ZeroCERT

12838	2021-09-27 08:26	lyla2109.exe b5fc67332e05420980a00e2e4da7ebbc RAT Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		1			8.6	M	47	ZeroCERT

12839	2021-09-27 08:29	installer.exe ad609bad1a449dafd1ff082939c6a734 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 OS Processor Check powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process AppData folder AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check Windows ComputerName Cryptographic key crashed					13.4			ZeroCERT

12840	2021-09-27 08:31	easyragu.exe a84b11c08ba28a067687569a9ddd4cd9 Generic Malware Themida Packer PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed	1 Keyword trend analysis	5	1		12.6	M	32	ZeroCERT