Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
13156	2021-10-06 13:35	1371356488.exe 5bec43789401e42ce38a1125f88c7b69 Malicious Library PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself Remote Code Execution					2.4	M	51	ZeroCERT

13157	2021-10-06 13:35	sWpkHYi_300.exe 2230be98a60b2f788f674d605cc79ef0 Emotet Malicious Library UPX DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug AntiVM PE File PE32 OS Proc Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces AppData folder malicious URLs AntiVM_Disk suspicious TLD WriteConsoleW VM Disk Size Check installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	6	1		17.4	M	30	ZeroCERT

13158	2021-10-06 13:37	bde.exe f11c1ffa48aefa8ac955c60a6803f8fa PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed keylogger					13.2	M	27	ZeroCERT

13159	2021-10-06 13:37	zadyx2 b432169dc62064aa3385131ea315d914 Emotet Gen2 Gen1 Malicious Packer Malicious Library PE File PE32 OS Processor Check DLL Dridex TrickBot Malware suspicious privilege MachineGuid Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself Check virtual network interfaces Kovter ComputerName DNS crashed	1 Keyword trend analysis	4	2		6.4	M		ZeroCERT

13160	2021-10-06 13:39	vbc.exe 8f74ae82d335ca3c3efc39a022409b42 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName crashed					10.2	M	23	ZeroCERT

13161	2021-10-06 13:39	vbc.exe c0724a5c274680516eee8e6ce502bcbe RAT PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName crashed					11.6	M	37	ZeroCERT

13162	2021-10-06 13:41	BUSINESS%20FILES.exe 7e360ceb5c5948199b7a9528909e94b5 Generic Malware Admin Tool (Sysinternals etc ...) PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	24	ZeroCERT

13163	2021-10-06 13:44	1906116528.exe 3ab2c790255aaeb328042c08a8ded716 RAT Gen1 Generic Malware Malicious Library ASPack UPX Antivirus Anti_VM Malicious Packer Admin Tool (Sysinternals etc ...) DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API St VirusTotal Malware powershell AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Windows ComputerName Remote Code Execution Cryptographic key crashed					9.2	M	38	ZeroCERT

13164	2021-10-06 13:44	zadyx10 b27c665494363d5cb723353cfcce7574 Emotet Gen2 Gen1 Malicious Packer Malicious Library PE File PE32 OS Processor Check DLL Dridex TrickBot Malware suspicious privilege MachineGuid Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself Check virtual network interfaces Kovter ComputerName DNS crashed	2 Keyword trend analysis	5	2	1	5.0	M		ZeroCERT

13165	2021-10-06 13:45	for.exe ee38cbd21dd2171fdeae3beecd05a113 RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	8 Keyword trend analysis Info http://www.gaminghallarna.net/ef6c/?q48=klh7vGPfywtzHDqBe0mXtw9R4RUvLJCc3Nh/2lv7lW0muO/R44RuNcsYgcRk+/HbCIQeLGan&rTFx8=GBZt2020W4qxT2g - rule_id: 5824 http://www.ahljsm.com/ef6c/?q48=IVc4rtgM9gra+fG0jQBU9em9uNea1MXNkTy/UnYOuL+WBS8ayE+K1GAK8aa2SvCjoWspa1ZS&rTFx8=GBZt2020W4qxT2g - rule_id: 5838 http://www.charlottewright.online/ef6c/?q48=bKl6S2PMskhcSXFE7HfaeHnYXQvAUl613IM//zHPO3TKPYZdoHU3iT1YZPc6b5wFOFr3iCzD&rTFx8=GBZt2020W4qxT2g - rule_id: 5862 http://www.ambrandt.com/ef6c/?q48=LpvmmmP8130l+/J4QjVaSApGnUfMJ5/j1z/KRz5qiZs92IprYNoIBOkfulD2ZI4sCy4j1IwA&rTFx8=GBZt2020W4qxT2g - rule_id: 5836 http://www.test-testjisdnsec.store/ef6c/?q48=pCgBXBmDeodDN9Ij/QwvhvCGUOrFtlbKKwJyINTUtb59Z1VInJrq7ZxQE5p6wLD76RTmpOOc&rTFx8=GBZt2020W4qxT2g - rule_id: 5831 http://www.restaurant-utopia.xyz/ef6c/?q48=QQd8BU9Fy5B/Jf1+m4pKDxcRFm34j4nz3hSoRKYyqec7FRTFu3B5N5pbbojH/ir2XBTcopEK&rTFx8=GBZt2020W4qxT2g - rule_id: 5839 http://www.conversationspit.com/ef6c/?q48=2B3AR6Tylpqs5Gri0FIlqBRxWQiEdo1VgukX0Re3vdIAR+O8ytnn3lUzDvQXM3H/f6RyrHJq&rTFx8=GBZt2020W4qxT2g - rule_id: 5823 http://www.publicationsplace.com/ef6c/?q48=69obzrOqqjyeWfIWJOBGpgM4gb/C38tuSyxXcmdwhPVCiSErrrcVtImRdCopiSdNHcaNy3Iv&rTFx8=GBZt2020W4qxT2g - rule_id: 5871	16 Info www.ahljsm.com(45.39.212.162) www.ambrandt.com(156.234.138.25) www.conversationspit.com(34.102.136.180) www.publicationsplace.com(108.170.14.102) www.test-testjisdnsec.store() www.gaminghallarna.net(194.9.94.85) www.charlottewright.online(203.170.80.250) www.restaurant-utopia.xyz(104.21.35.47) 172.67.213.229 - mailcious 108.170.14.102 - mailcious 209.99.40.222 - mailcious 34.102.136.180 - mailcious 156.234.138.25 - mailcious 45.39.212.162 - mailcious 194.9.94.85 - mailcious 203.170.80.250 - phishing	2	8 Info http://www.gaminghallarna.net/ef6c/ http://www.ahljsm.com/ef6c/ http://www.charlottewright.online/ef6c/ http://www.ambrandt.com/ef6c/ http://www.test-testjisdnsec.store/ef6c/ http://www.restaurant-utopia.xyz/ef6c/ http://www.conversationspit.com/ef6c/ http://www.publicationsplace.com/ef6c/	7.2	M		ZeroCERT

13166	2021-10-06 13:46	arab.exe 360fe2af76dc3faffa92b6f8cdd201a2 RAT PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed					8.0	M		ZeroCERT

13167	2021-10-06 13:46	2145457315.exe ee98c1f6708926a136a805fa80652733 RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key crashed		1			9.8	M	42	ZeroCERT

13168	2021-10-06 13:48	1831612761.exe 66cf057af6a7014d593b3afc35ea9a6a RAT PWS .NET framework Generic Malware PE File PE32 OS Processor Check .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key		1			3.8	M	46	ZeroCERT

13169	2021-10-06 13:50	.winlogon.exe 0518bf639cc856d129f734a20b6ec573 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName Cryptographic key Software crashed keylogger					11.6	M	40	ZeroCERT

13170	2021-10-06 13:50	http://suriyecastajanslari.byk... 3c4bb0d8ea06d2b95ee937a82a860d69 Generic Malware UPX Anti_VM AntiDebug AntiVM PE File PE32 .NET EXE Malware download VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit DNS crashed Downloader		2	2		4.8	M		guest