Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
13366	2021-10-11 10:08	Chrome.exe 8ab931942d6b5665a1917bc14bfd2071 Generic Malware PE64 PE File VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Checks debugger buffers extracted exploit crash unpack itself Windows Exploit Cryptographic key crashed					8.4	M	35	ZeroCERT

13367	2021-10-11 10:08	AnyDesk.exe 2086fed5fce8f4c172a31a02ddad5391 RAT PWS .NET framework Generic Malware PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key crashed					7.4	M	42	ZeroCERT

13368	2021-10-11 10:09	vbc.exe fbc1ed64be96f47d5cc3fbcb21cce10f RAT PWS .NET framework Gen2 Gen1 Emotet Generic Malware NSIS Malicious Library ASPack Malicious Packer UPX Admin Tool (Sysinternals etc ...) Anti_VM KeyLogger ScreenShot AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder installed browsers check Windows Browser DNS		1			11.8	M	24	ZeroCERT

13369	2021-10-11 10:11	95.exe 60007c052e7372566d09c3402db31915 Generic Malware Antivirus PE File PE32 .NET EXE VirusTotal Malware powershell PDB suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Disables Windows Security powershell.exe wrote Check virtual network interfaces suspicious process Tofsee Windows ComputerName Cryptographic key crashed	1 Keyword trend analysis	2	1		8.8	M	21	ZeroCERT

13370	2021-10-11 10:11	e.exe 5df69875f996257406096d8d8b9fcdbe Lazarus Family Themida Packer PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed	2 Keyword trend analysis	5	2		11.4	M	50	ZeroCERT

13371	2021-10-11 10:13	AnyDesk.exe 9636132ab7d9952ec2f9134615e9320c AgentTesla RAT PWS .NET framework browser info stealer Generic Malware Google Chrome User Data Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection Downloader AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key DDNS crashed keylogger		2	1		12.6	M	41	ZeroCERT

13372	2021-10-11 10:14	pctool.exe 4a67cb6ed0cf60ddcf3e45917898dec4 RAT PWS Loki[b] Loki.m Gen2 Gen1 Emotet Formbook .NET framework Generic Malware Themida Packer Malicious Library Malicious Packer UPX Admin Tool (Sysinternals etc ...) ASPack Antivirus DGA DNS Socket Create Service Sniff Audio Escalate priviledges Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Detects VMWare powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk suspicious TLD sandbox evasion WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Windows Browser Email ComputerName Firmware DNS Cryptographic key Software crashed	26 Keyword trend analysis Info http://yar.kamisime.ru/ http://crl.identrust.com/DSTROOTCAX3CRL.crl http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D http://ip-api.com/json/ http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgQVjN4Q905euDMmw%2BEAjATiZQ%3D%3D http://staticimg.youtuuee.com/api/fbtime - rule_id: 5258 http://apps.identrust.com/roots/dstrootcax3.p7c http://staticimg.youtuuee.com/api/?sid=98641&key=9f2d977870b3e92d4d4a9b5e3c08a523 - rule_id: 5258 http://ip-api.com/json/?fields=8198 http://abgtt.com/74.exe http://x1.c.lencr.org/ https://iplogger.org/1hEur7 https://speeddatingstudio.com/ - rule_id: 5782 https://cdn.discordapp.com/attachments/893177342426509335/896777640629903450/2FE43389.jpg https://niemannbest.me/?username=p10_3 https://niemannbest.me/?username=p10_2 https://niemannbest.me/?username=p10_1 https://niemannbest.me/?username=p10_7 https://niemannbest.me/?username=p10_6 https://bh.mygameadmin.com/report7.4.php https://niemannbest.me/?username=p10_4 https://pcandtool.com/catalano-installer.exe https://iplogger.org/1hAur7 https://niemannbest.me/?username=p10_5 https://cdn.discordapp.com/attachments/893177342426509335/896777639031885904/27C3EFAE.jpg https://iplogger.org/2xu8X6	41 Info pcandtool.com(199.188.201.24) - malware x1.c.lencr.org(104.74.168.254) ocsp.digicert.com(117.18.237.29) speeddatingstudio.com(104.21.94.228) - mailcious cdn.discordapp.com(162.159.134.233) - malware vwe.ckauni.ru(81.177.141.85) toa.mygametoa.com(34.64.183.91) iplogger.org(88.99.66.31) - mailcious yar.kamisime.ru(81.177.141.85) fg.mygameagend.com(104.21.91.59) bh.mygameadmin.com(172.67.213.194) the-lead-bitter.com(104.21.66.135) niemannbest.me(104.21.51.48) ip-api.com(208.95.112.1) apps.identrust.com(119.207.65.137) topniemannpickshop.cc() abgtt.com(94.142.143.143) crl.identrust.com(119.207.65.153) r3.o.lencr.org(119.207.65.138) staticimg.youtuuee.com(45.136.151.102) - mailcious 117.18.237.29 104.21.91.59 96.16.99.51 162.159.133.233 - malware 199.188.201.24 - malware 172.67.160.101 61.111.58.34 - malware 81.177.141.85 - mailcious 88.99.66.31 - mailcious 104.21.94.228 104.21.75.46 104.74.211.103 94.142.143.143 96.16.99.43 178.63.26.132 208.95.112.1 34.64.183.91 45.136.151.102 - mailcious 107.172.13.162 185.215.113.121 104.21.51.48	8 Info ET POLICY External IP Lookup ip-api.com SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query for .cc TLD ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE JS/Nemucod.M.gen downloading EXE payload ET INFO EXE - Served Attached HTTP ET DROP Spamhaus DROP Listed Traffic Inbound group 25	3	31.2	M	36	ZeroCERT

13373	2021-10-11 10:15	ld.exe 4327ed1671deb9f1b0169cf10680840a Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					2.4	M	45	ZeroCERT

13374	2021-10-11 10:17	fj.exe baf212e9711b33e14adcaef461189e40 NSIS Malicious Library PE File PE32 DLL FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder	2 Keyword trend analysis	7	1		5.8	M	26	ZeroCERT

13375	2021-10-11 10:19	rollerkind.exe 525b0a0e9ba85ab570d7c8ebef356711 Malicious Library PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself					1.8	M	23	ZeroCERT

13376	2021-10-11 10:20	lv.exe 4db7eb28029846ea78925a192dd837ae Gen1 Gen2 Generic Malware Themida Packer Malicious Library Admin Tool (Sysinternals etc ...) Anti_VM Malicious Packer PE File PE32 DLL PE64 VirusTotal Malware Check memory Creates executable files unpack itself Checks Bios Detects VMWare AppData folder VMware anti-virtualization Windows Firmware crashed					6.8	M	35	ZeroCERT

13377	2021-10-11 10:23	lv.exe 9ce4e1f3f1e2a963f5fc8a644f8a98f8 Gen1 Gen2 Themida Packer Generic Malware Malicious Library Malicious Packer PE File PE32 DLL PE64 Check memory Creates executable files unpack itself Checks Bios Detects VMWare AppData folder VMware anti-virtualization Windows Firmware crashed					5.8	M		ZeroCERT

13378	2021-10-11 10:24	mix.exe 26d5e1ae26ccb09891aa9d610a0331eb Malicious Library PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself					1.8	M	23	ZeroCERT

13379	2021-10-11 10:26	5t6yujh.exe 211ca7c8d5fd20f7dcaebdbe354662be NPKI Generic Malware Malicious Packer UPX Malicious Library Antivirus PE64 PE File PE32 .NET DLL DLL VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Windows ComputerName Cryptographic key					8.6	M	40	ZeroCERT

13380	2021-10-11 10:27	vbc.exe 7d22685ef9d80598a24d2f096e527da9 PWS .NET framework Gen2 Emotet Gen1 Generic Malware NSIS Malicious Library ASPack Malicious Packer UPX Admin Tool (Sysinternals etc ...) Anti_VM KeyLogger ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check .NET EXE VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious process AppData folder installed browsers check Windows Browser					10.0	M	60	ZeroCERT