Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
13021	2023-05-24 16:12	AndroidManifest.xml c6d8af0226761c1108aef91cbb496df8 Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2		4.8			guest

13022	2023-05-24 16:11	AndroidManifest.xml 64ad92717f01502701816b59d6e886f4 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		3.8			guest

13023	2023-05-24 16:09	publicsuffixes.gz 3f5d769a4a9d7e1a7e7ac2f63ee1c78f								guest

13024	2023-05-24 16:09	shinhan.apk ee04424c59044712a0f5e890d48ec2f6 ZIP Format VirusTotal Malware					0.6		15	guest

13025	2023-05-24 16:09	shinhan.apk ee04424c59044712a0f5e890d48ec2f6 ZIP Format VirusTotal Malware					0.6		15	guest

13026	2023-05-24 16:09	publicsuffixes.gz 3f5d769a4a9d7e1a7e7ac2f63ee1c78f								guest

13027	2023-05-24 16:04	http://45.113.130.152:443 Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	2		4.8			guest

13028	2023-05-24 15:16	fotocr45.exe 45ef32456aac94be8e1bac27ed574868 Gen1 Emotet PWS .NET framework RAT RedLine Stealer UPX Malicious Library Admin Tool (Sysinternals etc ...) Confuser .NET SMTP Code injection HTTP PWS[m] Http API Internet API AntiDebug AntiVM CAB PE File PE32 OS Processor Check DLL .NET EXE Browser Info Stealer Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	3 Keyword trend analysis	2	6 Info ET MALWARE Amadey CnC Check-In ET INFO Dotted Quad Host DLL Request ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	3	19.4	M		ZeroCERT

13029	2023-05-24 11:07	untrimming.js f5dfea277631d928a0df5399fdc8a138 Generic Malware Antivirus Hide_URL AntiDebug AntiVM PowerShell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key					5.6			ZeroCERT

13030	2023-05-24 11:07	unthriftily.js 3127d0f1530abf9479f6bbdb7bc3d87a Generic Malware Antivirus Hide_URL AntiDebug AntiVM PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key	1 Keyword trend analysis				5.6			ZeroCERT

13031	2023-05-24 11:07	untasty.js 59d8aec55f776196e51ab3945dbdba82 Generic Malware Antivirus Hide_URL AntiDebug AntiVM PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key	3 Keyword trend analysis				5.6			ZeroCERT

13032	2023-05-24 10:49	Buz2.exe e862112b0a3781dcf75eaf11b8b6ea7d PWS .NET framework RAT .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key					2.6	M	22	ZeroCERT

13033	2023-05-24 10:47	the_what.exe 914d34ecdfa0ef6430ca4809e7a8c10c PWS .NET framework RAT PhysicalDrive Generic Malware UPX Malicious Library Malicious Packer .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName DNS		1			3.4	M	42	ZeroCERT

13034	2023-05-24 10:46	photo660.exe 18091cc747be815a7b757e5c439df36e Gen1 Emotet PWS .NET framework RAT RedLine Stealer UPX Malicious Library Admin Tool (Sysinternals etc ...) Confuser .NET SMTP Code injection HTTP PWS[m] Http API Internet API AntiDebug AntiVM CAB PE File PE32 OS Processor Check DLL .NET EXE Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Malware AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	5 Keyword trend analysis Info http://77.91.124.20/store/games/Plugins/clip64.dll - rule_id: 32546 http://77.91.124.20/store/games/Plugins/cred64.dll - rule_id: 31849 http://77.91.124.20/DSC01491/fotocr45.exe http://77.91.124.20/store/games/index.php - rule_id: 32547 http://77.91.124.20/store/games/index.php	2	6 Info ET MALWARE Amadey CnC Check-In ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request	3	21.8	M	40	ZeroCERT

13035	2023-05-24 10:32	230523 서울강서kih0507.apk de6e70f252dc3b4c305f218c1032e4dc ZIP Format								guest