Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
13576	2023-04-29 12:29	EdGen.exe 591c537adab2a4a720f50d84de2b60ea AntiDebug AntiVM MSOffice File Code Injection ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed		5	2		6.0	M		ZeroCERT

13577	2023-04-29 09:56	NVDIA40.exe 4a1f2dc9c8df4981eb8f8003afdf21f9 RAT Generic Malware UPX .NET EXE PE32 PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself					1.8	M	21	ZeroCERT

13578	2023-04-28 21:49	Info.plist f657748c487be57acf2028a6b0cbe26c AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.4			BRY

13579	2023-04-28 17:14	sddd.exe f30050237e1e4b07f13d8b4e4ecf8209 Formbook NSIS UPX Malicious Library PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself Windows	17 Keyword trend analysis Info http://www.gritslab.com/u2kb/ - rule_id: 28002 http://www.shapshit.xyz/u2kb/ - rule_id: 28008 http://www.shapshit.xyz/u2kb/?ml=Yd5Rzn4EVOpL1Cl/eY8jjeGdoEKZlYBpl8BtE0ZhlgLGbR5cH1Fn7sihS3XP3GCDon1xi4vL0lQ4XtydV6BMyXIOMzObAfzgUMU2ykM=&tu=R03uf - rule_id: 28008 http://www.thewildphotographer.co.uk/u2kb/?ml=pn+zaWXo7szcfRSxp4kAcR5iap+7ulP+x3705F5u21IqvN9WG9kcDL2FxdXl2W/5MjovaUotkmG6JgF/Eyaa9PeBR2yUVivPQ+uGbEI=&tu=R03uf&wn=1 - rule_id: 28007 http://www.energyservicestation.com/u2kb/ - rule_id: 28005 http://www.sqlite.org/2016/sqlite-dll-win32-x86-3120000.zip http://www.white-hat.uk/u2kb/?ml=PXfMycAZpTAipct8YN0l/5TWhYE4yPgF2k7967nf/qU1A0mUqq9Jlnm9rK8XSf3D04yKTuePtKPnTCgwye3M0h5ZtqacmtcmNe/sHow=&tu=R03uf - rule_id: 28001 http://www.222ambking.org/u2kb/?ml=IEUpLmGg2fqLmrhwD8IHX/zhiiNjbOQDFcodV2ACJcW4bHSQscR3Nc4uRx31p3m0gGv03uToPch8hDrce1eNAdUBSmpSNalx6DQXGQo=&tu=R03uf - rule_id: 28004 http://www.thedivinerudraksha.com/u2kb/ - rule_id: 28009 http://www.sqlite.org/2021/sqlite-dll-win32-x86-3350000.zip http://www.bitservicesltd.com/u2kb/?ml=rr+sOBvEXsBdGevUk44F/k+BAr88zC1YNHmXivr92FQhRIIYsedR2a+6GoV1WAKeGdj+MTdX512lJXz4UaWEmNABCelIWOCZ3yhH4Z4=&tu=R03uf - rule_id: 28003 http://www.energyservicestation.com/u2kb/?ml=IK59b/MdFRha+CUVM3V2TqbXgrTjD6F66TLC1fPPNwLnZq29gpb1hRWNlrDr258EhEsSnFmalKQEmudxTrusBmUmj2xyJgahFTdaUmU=&tu=R03uf - rule_id: 28005 http://www.younrock.com/u2kb/?ml=05tPwqSdqXO2xf32BmsnsHpgCfZIa2c80hhB3sQ3FFDNPs5AZDU6TyUQmX911UO6Ssjq2b6k9nBD4uDOZrqd7XHQTF+IIpbM/DoOhU4=&tu=R03uf - rule_id: 28006 http://www.bitservicesltd.com/u2kb/ - rule_id: 28003 http://www.gritslab.com/u2kb/?ml=ydCzFiH7iMWnz6xHMKiyYVGDKfWH5+fYQUsmgPEoYCSsyD6HgT3yOGCjssC2N8mKn+GjINYvhr7iKNezbHZCh47jo+mhlV2uXG5eH60=&tu=R03uf - rule_id: 28002 http://www.222ambking.org/u2kb/ - rule_id: 28004 http://www.younrock.com/u2kb/ - rule_id: 28006	20 Info www.thewildphotographer.co.uk(198.58.118.167) - mailcious www.gritslab.com(78.141.192.145) - mailcious www.shapshit.xyz(199.192.30.147) - mailcious www.energyservicestation.com(213.145.228.111) - mailcious www.222ambking.org(91.195.240.94) - mailcious www.bitservicesltd.com(161.97.163.8) - mailcious www.thedivinerudraksha.com(85.187.128.34) - mailcious www.white-hat.uk(94.176.104.86) - mailcious www.younrock.com(81.17.29.147) - mailcious 192.187.111.220 - mailcious 91.195.240.94 - phishing 85.187.128.34 - mailcious 78.141.192.145 - mailcious 199.192.30.147 - mailcious 45.33.23.183 - suspicious 213.145.228.111 - mailcious 94.176.104.86 - mailcious 96.126.123.244 - mailcious 161.97.163.8 - mailcious 45.33.6.223	4	15 Info http://www.gritslab.com/u2kb/ http://www.shapshit.xyz/u2kb/ http://www.shapshit.xyz/u2kb/ http://www.thewildphotographer.co.uk/u2kb/ http://www.energyservicestation.com/u2kb/ http://www.white-hat.uk/u2kb/ http://www.222ambking.org/u2kb/ http://www.thedivinerudraksha.com/u2kb/ http://www.bitservicesltd.com/u2kb/ http://www.energyservicestation.com/u2kb/ http://www.younrock.com/u2kb/ http://www.bitservicesltd.com/u2kb/ http://www.gritslab.com/u2kb/ http://www.222ambking.org/u2kb/ http://www.younrock.com/u2kb/	6.0	M	43	ZeroCERT

13580	2023-04-28 17:14	originalbuild.exe 9f9583b07cf9622b9db6299ca6157012 RAT Generic Malware Antivirus .NET EXE PE32 PE File PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key		1			6.0	M	28	ZeroCERT

13581	2023-04-28 17:14	locals.ps1 f5e06be9bc58695ff043f1d9465fb519 Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					4.8		2	ZeroCERT

13582	2023-04-28 17:13	build(3).exe 8bc904cbf806e8b28b6c21f1321fa019 PWS .NET framework RAT Downloader Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenShot AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency Telegram AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder WriteConsoleW IP Check Tofsee Ransomware Windows Browser ComputerName DNS	2 Keyword trend analysis	7	5		10.0	M	52	ZeroCERT

13583	2023-04-28 17:12	vbc.exe 3a15cf1904040c1ce7e87d05c6468d1e Formbook PWS .NET framework AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself DNS		1			8.2	M	30	ZeroCERT

13584	2023-04-28 17:12	vbc.exe ec0a5abf67bd616d4b77dd264a10c643 UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution					2.0	M	23	ZeroCERT

13585	2023-04-28 17:10	vpn.exe 4b32941cd92e048e6a2d16c6069edf62 NPKI Generic Malware UPX MPRESS Antivirus PE32 PE File Browser Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency powershell suspicious privilege Check memory Checks debugger buffers extracted WMI heapspray Creates shortcut unpack itself Windows utilities Checks Bios Detects VMWare powershell.exe wrote suspicious process VMware anti-virtualization Ransomware Windows Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key crashed		1			14.6	M	50	ZeroCERT

13586	2023-04-28 09:43	ProjectFunding_B496.wsf de0e6380f06d01c12e312b58221c1fcd VirusTotal Malware VBScript wscript.exe payload download ICMP traffic DNS Dropper	1 Keyword trend analysis	1			10.0		2	ZeroCERT

13587	2023-04-28 09:10	ads.exe cd675f6fa51e9a1bca95f3eb11c78fc2 UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware Checks debugger RWX flags setting unpack itself DNS crashed		1			3.0		12	ZeroCERT

13588	2023-04-28 09:09	photo_410.exe 522ae0a94eb64b2124168a956e661bc3 Gen1 Emotet PWS .NET framework RAT UPX Malicious Library Confuser .NET Malicious Packer Admin Tool (Sysinternals etc ...) CAB PE32 PE File OS Processor Check .NET EXE DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	5 Keyword trend analysis	2	7 Info ET MALWARE Amadey CnC Check-In ET INFO Executable Download from dotted-quad Host ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)		15.8	M		ZeroCERT

13589	2023-04-28 09:08	ProjectFunding_D305.wsf 254f413905e4ba561b0a85fa7c3a4790 VBScript wscript.exe payload download ICMP traffic DNS Dropper	1 Keyword trend analysis	1			10.0			guest

13590	2023-04-28 09:07	ProjectFunding_B496.wsf de0e6380f06d01c12e312b58221c1fcd VirusTotal Malware unpack itself crashed					1.0		2	guest