Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
13036	2021-10-02 13:06	recital-1487837217.xls 0fec278d778de6204e5413f6d14fb6ad MSOffice File RWX flags setting unpack itself suspicious process	3 Keyword trend analysis	6		3.6			guest

13037	2021-10-02 13:08	recital-148818831.xls a2cd903ab4c01af3b11b26e067ecaa79 MSOffice File RWX flags setting unpack itself suspicious process	3 Keyword trend analysis	6		3.6			guest

13038	2021-10-02 13:10	recital-1487872620.xls b43595591c77ad51b6b6ef2fd0e787ae MSOffice File RWX flags setting unpack itself suspicious process	3 Keyword trend analysis	6		3.6			guest

13039	2021-10-02 17:03	Seg.txt c91f71c38431e327a540143742cf9db3 PowerShell MZ ScreenShot AntiDebug AntiVM Check memory unpack itself				1.0			ZeroCERT

13040	2021-10-02 17:05	converter.dot 5f8f3c3d90fc96688c9adaa3f0c96889 VBA_macro Generic Malware MSOffice File unpack itself				0.8			ZeroCERT

13041	2021-10-02 17:07	59.exe d8172401d11b509adb1234c3d8a7f8a9 Lazarus Family Generic Malware Themida Packer Anti_VM Malicious Library PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Windows Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed	1 Keyword trend analysis	3		11.6		42	ZeroCERT

13042	2021-10-02 17:08	vbc.exe 958a836ca5882c407771200812bd1d73 PWS .NET framework Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	8 Keyword trend analysis Info http://www.meta-bot.xyz/scb0/?s0=BfSM6E5CT57kYG5YcQrV1vQh+D95EOiFfI1FDjk8ynIPzfiNz31eNrf6ufynoGrbzvLA/rS6&CZ=7nH8ULV http://www.dgyej.com/scb0/?s0=w1OgDZGhU/H3MzD6cwUvenO2T8TB44DaLbiR+6pmVEBx2UozpIusAGupCFKR+7Q0h5Pk9Jo4&CZ=7nH8ULV http://www.paparazziprom.com/scb0/?s0=Om2DO8dinIcO2CO87K6ZR/peYyktokRih+Dd7Je5+olbyFZGxR3Q9FAWhClAMjdfuEjAjbTN&CZ=7nH8ULV http://www.luxonealbery.com/scb0/?s0=MCXI1I/maeKzNgCo1jUWMR7W3vbdlGG8P7h3fxECt4J5VDAIUWQm3SenRngfsI5vRrkEK1vZ&CZ=7nH8ULV http://www.vaguva.com/scb0/?s0=HDZd4fX5cyoqaEFH3gk3kZ7LR6NoQ39v3McefS1sawbS4+JF4d7n5fNq0vFkaPjw965oQlF+&CZ=7nH8ULV http://www.vetpipes.com/scb0/?s0=gxg+zqdljvpPxvyV8TcZaQyTsJgiXCW12nPBLfw0x17+z7fuZEjjsA+NfGIwoH0RQXd8XrLO&CZ=7nH8ULV http://www.agrigain-soil.com/scb0/?s0=oXXviPhx/3LjShRlFPf/9GB6SrBY9bEiE4fRmwDzzbaPtIARojUFfjO2uHImFoIgLe7ifL7w&CZ=7nH8ULV http://www.killercross.com/scb0/?s0=xpZnN1pDeWISXsD51QZ3RqKAL0bwVM78dJerzXxgbT5mtM4NxkXdwrFnTiziueiGKvzGwiX1&CZ=7nH8ULV	17 Info www.vetpipes.com(104.143.9.210) www.luxonealbery.com(23.227.38.74) www.vaguva.com(5.180.4.224) www.meta-bot.xyz(203.170.129.2) www.emptycc.net() www.paparazziprom.com(91.195.240.68) www.dgyej.com(165.3.38.231) www.killercross.com(209.99.64.55) www.agrigain-soil.com(35.172.94.1) 104.143.9.211 91.195.240.68 35.172.94.1 - phishing 209.99.64.55 - mailcious 165.3.38.231 5.180.4.224 23.227.38.74 - mailcious 203.170.129.2		8.2	M	20	ZeroCERT

13043	2021-10-02 17:11	ASSYbypass.txt.ps1 81c966333a0bef456b8ae8c55f31d111 Generic Malware Antivirus Check memory unpack itself WriteConsoleW Windows Cryptographic key				1.0			ZeroCERT

13044	2021-10-02 17:11	BSTBbypass.txt.ps1 37606adfebe09f58b52a031a845fb9eb Generic Malware Antivirus Check memory unpack itself WriteConsoleW Windows Cryptographic key				1.0			ZeroCERT

13045	2021-10-02 17:13	bbbssttbbypass.txt.ps1 cf1e7678199f55ad21a0b3f4199a3b51 Generic Malware Antivirus VirusTotal Malware Check memory unpack itself WriteConsoleW Windows Cryptographic key				1.6	M	12	ZeroCERT

13046	2021-10-02 17:13	bypassBS.txt.ps1 8a48841ba0eaab6ba03a71bb9aa7c0e3 Generic Malware Antivirus Check memory unpack itself WriteConsoleW Windows Cryptographic key				1.0	M		ZeroCERT

13047	2021-10-02 17:15	Skimm.txt.ps1 f3143cd0d8cf255bdd76b8237bb42e7c Generic Malware Antivirus VirusTotal Malware Check memory unpack itself WriteConsoleW Windows Cryptographic key				1.6	M	13	ZeroCERT

13048	2021-10-03 09:52	image.mp3.html 8bc28f590a753d4ec5bdc948bf487238 NPKI VirusTotal Malware crashed				0.6		3	ZeroCERT

13049	2021-10-03 09:56	image.mp3.html 8bc28f590a753d4ec5bdc948bf487238 NPKI AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2	4.8		3	ZeroCERT

13050	2021-10-03 10:00	2.trf 35e8723ab0414fa2f1d4db45d52e2254 Generic Malware AntiDebug AntiVM VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName				4.4		12	ZeroCERT