Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
13606	2023-04-27 10:04	vbc.exe bfce1c2471b74c39a21f034bd3ba0ca2 UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution					2.4	M	47	ZeroCERT

13607	2023-04-27 10:04	vbc.exe bf06b230800b247480122519febf9b1b Formbook NSIS UPX Malicious Library PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files ICMP traffic unpack itself DNS	19 Keyword trend analysis Info http://www.white-hat.uk/u2kb/?glZ5uP=PXfMycAZpTAipct8YN0l/5TWhYE4yPgF2k7967nf/qU1A0mUqq9Jlnm9rK8XSf3D04yKTuePtKPnTCgwye3M0h5ZtqacmtcmNe/sHow=&7Q=nWGXeSX0z - rule_id: 28001 http://www.gritslab.com/u2kb/ - rule_id: 28002 http://www.energyservicestation.com/u2kb/?glZ5uP=IK59b/MdFRha+CUVM3V2TqbXgrTjD6F66TLC1fPPNwLnZq29gpb1hRWNlrDr258EhEsSnFmalKQEmudxTrusBmUmj2xyJgahFTdaUmU=&7Q=nWGXeSX0z - rule_id: 28005 http://www.sqlite.org/2016/sqlite-dll-win32-x86-3120000.zip http://www.bitservicesltd.com/u2kb/?glZ5uP=rr+sOBvEXsBdGevUk44F/k+BAr88zC1YNHmXivr92FQhRIIYsedR2a+6GoV1WAKeGdj+MTdX512lJXz4UaWEmNABCelIWOCZ3yhH4Z4=&7Q=nWGXeSX0z - rule_id: 28003 http://www.sqlite.org/2016/sqlite-dll-win32-x86-3150000.zip http://www.energyservicestation.com/u2kb/ - rule_id: 28005 http://www.thewildphotographer.co.uk/u2kb/ - rule_id: 28007 http://www.younrock.com/u2kb/?glZ5uP=05tPwqSdqXO2xf32BmsnsHpgCfZIa2c80hhB3sQ3FFDNPs5AZDU6TyUQmX911UO6Ssjq2b6k9nBD4uDOZrqd7XHQTF+IIpbM/DoOhU4=&7Q=nWGXeSX0z - rule_id: 28006 http://www.thedivinerudraksha.com/u2kb/ - rule_id: 28009 http://www.thedivinerudraksha.com/u2kb/?glZ5uP=im5SXjRwbJIZeY2yetpTdO7N29MJtck2UhYi2fNZ2Kf/X7lq2SPRiB6LR8y/FeM3y7tdA/WTtliq4uHTfapDkaA0PJ0fXInXaKlPglI=&7Q=nWGXeSX0z - rule_id: 28009 http://www.shapshit.xyz/u2kb/?glZ5uP=Yd5Rzn4EVOpL1Cl/eY8jjeGdoEKZlYBpl8BtE0ZhlgLGbR5cH1Fn7sihS3XP3GCDon1xi4vL0lQ4XtydV6BMyXIOMzObAfzgUMU2ykM=&7Q=nWGXeSX0z - rule_id: 28008 http://www.shapshit.xyz/u2kb/ - rule_id: 28008 http://www.bitservicesltd.com/u2kb/ - rule_id: 28003 http://www.thewildphotographer.co.uk/u2kb/?glZ5uP=pn+zaWXo7szcfRSxp4kAcR5iap+7ulP+x3705F5u21IqvN9WG9kcDL2FxdXl2W/5MjovaUotkmG6JgF/Eyaa9PeBR2yUVivPQ+uGbEI=&7Q=nWGXeSX0z - rule_id: 28007 http://www.222ambking.org/u2kb/?glZ5uP=IEUpLmGg2fqLmrhwD8IHX/zhiiNjbOQDFcodV2ACJcW4bHSQscR3Nc4uRx31p3m0gGv03uToPch8hDrce1eNAdUBSmpSNalx6DQXGQo=&7Q=nWGXeSX0z - rule_id: 28004 http://www.gritslab.com/u2kb/?glZ5uP=ydCzFiH7iMWnz6xHMKiyYVGDKfWH5+fYQUsmgPEoYCSsyD6HgT3yOGCjssC2N8mKn+GjINYvhr7iKNezbHZCh47jo+mhlV2uXG5eH60=&7Q=nWGXeSX0z - rule_id: 28002 http://www.222ambking.org/u2kb/ - rule_id: 28004 http://www.younrock.com/u2kb/ - rule_id: 28006	20 Info www.thewildphotographer.co.uk(45.79.19.196) - mailcious www.gritslab.com(78.141.192.145) - mailcious www.shapshit.xyz(199.192.30.147) - mailcious www.energyservicestation.com(213.145.228.111) - mailcious www.222ambking.org(91.195.240.94) - mailcious www.bitservicesltd.com(161.97.163.8) - mailcious www.thedivinerudraksha.com(85.187.128.34) - mailcious www.white-hat.uk(94.176.104.86) - mailcious www.younrock.com(192.187.111.222) - mailcious 63.141.242.44 - mailcious 91.195.240.94 - phishing 85.187.128.34 - mailcious 78.141.192.145 - mailcious 199.192.30.147 - mailcious 172.217.27.14 213.145.228.111 - mailcious 94.176.104.86 - mailcious 45.33.6.223 161.97.163.8 - mailcious 45.33.30.197 - mailcious	3	17 Info http://www.white-hat.uk/u2kb/ http://www.gritslab.com/u2kb/ http://www.energyservicestation.com/u2kb/ http://www.bitservicesltd.com/u2kb/ http://www.energyservicestation.com/u2kb/ http://www.thewildphotographer.co.uk/u2kb/ http://www.younrock.com/u2kb/ http://www.thedivinerudraksha.com/u2kb/ http://www.thedivinerudraksha.com/u2kb/ http://www.shapshit.xyz/u2kb/ http://www.shapshit.xyz/u2kb/ http://www.bitservicesltd.com/u2kb/ http://www.thewildphotographer.co.uk/u2kb/ http://www.222ambking.org/u2kb/ http://www.gritslab.com/u2kb/ http://www.222ambking.org/u2kb/ http://www.younrock.com/u2kb/	5.8	M	36	ZeroCERT

13608	2023-04-27 09:59	calcinstall.exe 881bef8377f48946c3863d06b3de735a RAT Gen1 Gen2 Schwerer Generic Malware UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM Obsidium protector .NET EXE PE32 PE File DLL OS Processor Check GIF Format MZP Format PE64 HWP MSOffice File VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces AppData folder AntiVM_Disk suspicious TLD sandbox evasion WriteConsoleW VM Disk Size Check human activity check Tofsee Ransomware Windows ComputerName crashed	1 Keyword trend analysis	6	1		13.0	M	34	ZeroCERT

13609	2023-04-27 09:58	vbc.exe 7ee7421fc12096ec24a2cb1706c5c734 UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution					2.4	M	51	ZeroCERT

13610	2023-04-27 09:53	vbc.exe 773da960aeb7c6260cfe6328aafd922f UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution					2.4	M	49	ZeroCERT

13611	2023-04-27 09:51	vbc.exe a1ef3aeba94469b98befd1a6ba1a8b47 RAT UPX Malicious Library OS Processor Check PE64 PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.6	M	42	ZeroCERT

13612	2023-04-27 09:49	vbc.exe 50a75fb5b12450844ace5ef53a050ead UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution					2.4	M	41	ZeroCERT

13613	2023-04-27 09:47	originalbuild.exe 6bdbea0ec35358cc728f0213603bc9f5 RAT Generic Malware Antivirus .NET EXE PE32 PE File PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key		1			6.0	M	38	ZeroCERT

13614	2023-04-27 07:47	name.hta 1e34ba7ca79958f904b2fcaebe9532e2 RAT Generic Malware task schedule Anti_VM Antivirus ScreenShot AntiDebug AntiVM PowerShell .NET EXE PE32 PE File Browser Info Stealer Malware download FTP Client Info Stealer NetWireRC Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI heapspray Creates shortcut Creates executable files unpack itself Checks Bios Detects VMWare powershell.exe wrote Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW VMware anti-virtualization VM Disk Size Check Tofsee DCRat Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed	15 Keyword trend analysis Info http://94.131.112.154/PythonphpGeneratortemporary.php?JGvO=Epaz1Kj512gUSKaunbDS8tIMq1b&udXBuXppBF=k9NirryZAEUfpr62VhNI9tS&c72f30bfdace9699f08f265105715607=QYyMzYwImY4cjMjJWNzcTZ1ATY0kDZ1MzYkBDZygjM0YGNyQmZlVjZ0IjN1ITNxEDOzADO5QjM&12bb8387f02771b3530361d45f8bc47f=wYjlDMyYDO0YWMwUjNzI2YhVGM0QDZycTN2QjM0YDMlFzNyUmZmFzM http://94.131.112.154/PythonphpGeneratortemporary.php?JGvO=Epaz1Kj512gUSKaunbDS8tIMq1b&udXBuXppBF=k9NirryZAEUfpr62VhNI9tS&c72f30bfdace9699f08f265105715607=QYyMzYwImY4cjMjJWNzcTZ1ATY0kDZ1MzYkBDZygjM0YGNyQmZlVjZ0IjN1ITNxEDOzADO5QjM&12bb8387f02771b3530361d45f8bc47f=wYjlDMyYDO0YWMwUjNzI2YhVGM0QDZycTN2QjM0YDMlFzNyUmZmFzM&9ff31bbcdffb4b2ee507e80d804540cc=0VfiIiOiEGM0AjZkFmN3YjZjFTZ5MGOyMWO2UGZyMWO0IWYjR2MiwiI1YGN0YmNxEWMygDNmhTZmJDZ0UGMmBjN0MjNihjMxImM3ATNmlzMhJiOiUWY3YGN3kTY1MzYyYWN1YWN5YTMjRjM1MGO5EWY0ImYiwiIwQWMzIjYmhDN2kTZlBTN1cjM0IzYyYzN0MjY2gDNxgTO1UTNyUGOmJiOigTNihjY5UDMlRmYykDOidjY3cDNmNDOxQGNiRmMlhDOis3W http://94.131.112.154/PythonphpGeneratortemporary.php?JGvO=Epaz1Kj512gUSKaunbDS8tIMq1b&udXBuXppBF=k9NirryZAEUfpr62VhNI9tS&c72f30bfdace9699f08f265105715607=QYyMzYwImY4cjMjJWNzcTZ1ATY0kDZ1MzYkBDZygjM0YGNyQmZlVjZ0IjN1ITNxEDOzADO5QjM&12bb8387f02771b3530361d45f8bc47f=wYjlDMyYDO0YWMwUjNzI2YhVGM0QDZycTN2QjM0YDMlFzNyUmZmFzM&c7b752fd708acb9907ff5fceaaa3c6a8=d1nI1YGN0YmNxEWMygDNmhTZmJDZ0UGMmBjN0MjNihjMxImM3ATNmlzMhJiOiUWY3YGN3kTY1MzYyYWN1YWN5YTMjRjM1MGO5EWY0ImYiwiIwQWMzIjYmhDN2kTZlBTN1cjM0IzYyYzN0MjY2gDNxgTO1UTNyUGOmJiOigTNihjY5UDMlRmYykDOidjY3cDNmNDOxQGNiRmMlhDOis3W http://94.131.112.154/PythonphpGeneratortemporary.php?JGvO=Epaz1Kj512gUSKaunbDS8tIMq1b&udXBuXppBF=k9NirryZAEUfpr62VhNI9tS&c72f30bfdace9699f08f265105715607=QYyMzYwImY4cjMjJWNzcTZ1ATY0kDZ1MzYkBDZygjM0YGNyQmZlVjZ0IjN1ITNxEDOzADO5QjM&12bb8387f02771b3530361d45f8bc47f=wYjlDMyYDO0YWMwUjNzI2YhVGM0QDZycTN2QjM0YDMlFzNyUmZmFzM&c7b752fd708acb9907ff5fceaaa3c6a8=d1nI5IDNxMjN1YWZ0MTMmJTN0EGZhlDM4UWZmhTN4UmMhNWO5IGN2ATN3IiOiUWY3YGN3kTY1MzYyYWN1YWN5YTMjRjM1MGO5EWY0ImYiwiIwQWMzIjYmhDN2kTZlBTN1cjM0IzYyYzN0MjY2gDNxgTO1UTNyUGOmJiOigTNihjY5UDMlRmYykDOidjY3cDNmNDOxQGNiRmMlhDOis3W&9ff31bbcdffb4b2ee507e80d804540cc=d1nIiojIhBDNwYGZhZzN2Y2YxUWOjhjMjljNlRmMjlDNiF2YkNjIsISOyQTMzYTNmVGNzEjZyUDNhRWY5ADOlVmZ4UDOlJTYjlTOiRjNwUzNiojIlF2NmRzN5EWNzMmMmVTNmVTO2EzY0ITNjhTOhFGNiJmIsICMkFzMyImZ4QjN5UWZwUTN3IDNyMmM2cDNzImN4QTM4kTN1UjMlhjZiojI4UjY4IWO1ATZkJmM5gjY3I2N3QjZzgTMkRjYkJTZ4gjI7xSfiElZ5oUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlGOqlkNJNkTpRGValmTXpFeNdlT6lFRNNTUX9EeN1WW0k1RaBTWqpleFpXTspEVOh3Yq5EenpmW0MGRPl2cu9UaFdEZoJVRkRjVtl0cVp2TpFFWkZnVXJGcSZ0YsZ1RiRlSDxUaV1GZwJ1MZJkSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50Z0UUSzZUbiZHbyMmeW1mW2pESVd2YElkekNjYrVzVhhlSp9UaJhlWXVzVhhlSDxUOKNkYxkzVaRVOTlFcOhVUp9maJxWNyImNWdlYwJlbJNXSD10dBRUT3FkaJZTSDJGaSNzY2JkbJNXSTlFbKNjYMJ0QhBjVzIGVCNFTnF1VaBnWXFmaWd0Y6J0QkZXNrlkNJlnW5lTbJNXS55kMjRUT1NmaNh3dT9UMVpmT1NmeNl2bqlka5ckYpdXaJNFdrlkNJNVZ5JlbiFTOykVa3lWSzZ1MixmTslkNJlmY2xmMaxmSul0cJNFZuFTaiZHZzI2TKl2TptGSkBnTtl0cJlWTxUkaMBTTU1UdnRUT5RzUONTRqlkNJN0YwpUelZTS5JWb1c1U3x2aJNXSp1UeRNzYsJlbJZTSTpFdG1GV5ZlMjZlSDxUaNVUV0lkaNVlTWJVVKl2TpV1VihWNwEVUKNETp1keNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiEGM0AjZkFmN3YjZjFTZ5MGOyMWO2UGZyMWO0IWYjR2MiwiI4cTMkVTM5cjMwAzNhRmZyEDOkJTM2MWY1YWZ1M2N2UDMyEDZwEWOzIiOiUWY3YGN3kTY1MzYyYWN1YWN5YTMjRjM1MGO5EWY0ImYiwiIwQWMzIjYmhDN2kTZlBTN1cjM0IzYyYzN0MjY2gDNxgTO1UTNyUGOmJiOigTNihjY5UDMlRmYykDOidjY3cDNmNDOxQGNiRmMlhDOis3W http:///PythonphpGeneratortemporary.php?JGvO=Epaz1Kj512gUSKaunbDS8tIMq1b&udXBuXppBF=k9NirryZAEUfpr62VhNI9tS&c72f30bfdace9699f08f265105715607=QYyMzYwImY4cjMjJWNzcTZ1ATY0kDZ1MzYkBDZygjM0YGNyQmZlVjZ0IjN1ITNxEDOzADO5QjM&12bb8387f02771b3530361d45f8bc47f=wYjlDMyYDO0YWMwUjNzI2YhVGM0QDZycTN2QjM0YDMlFzNyUmZmFzM&c7b752fd708acb9907ff5fceaaa3c6a8=d1nI5IDNxMjN1YWZ0MTMmJTN0EGZhlDM4UWZmhTN4UmMhNWO5IGN2ATN3IiOiUWY3YGN3kTY1MzYyYWN1YWN5YTMjRjM1MGO5EWY0ImYiwiIwQWMzIjYmhDN2kTZlBTN1cjM0IzYyYzN0MjY2gDNxgTO1UTNyUGOmJiOigTNihjY5UDMlRmYykDOidjY3cDNmNDOxQGNiRmMlhDOis3W&9ff31bbcdffb4b2ee507e80d804540cc=0VfiIiOiEGM0AjZkFmN3YjZjFTZ5MGOyMWO2UGZyMWO0IWYjR2MiwiI5IDNxMjN1YWZ0MTMmJTN0EGZhlDM4UWZmhTN4UmMhNWO5IGN2ATN3IiOiUWY3YGN3kTY1MzYyYWN1YWN5YTMjRjM1MGO5EWY0ImYiwiIwQWMzIjYmhDN2kTZlBTN1cjM0IzYyYzN0MjY2gDNxgTO1UTNyUGOmJiOigTNihjY5UDMlRmYykDOidjY3cDNmNDOxQGNiRmMlhDOisHL9JSOx4WSPpUaPlWUU5kMN1WW610RaBTVX5UMZpWW0kUbNlXVy4EasR1TsJkaNNTStpFejR1TohGRNlGZU9kMFpWSzlUaUl2bqlENJRkWqZFROpmTU9EaOdUToJEROpGbE10aadlW4VEVZdXRE9EaCpmWzEFVaJTRXlFaoRVTtp0QMlGNrlkNJlWWwEVbZVTQ6lVbGJTW1UFVapXVX5keFdkWs50RahmUt1UbsRVT1UUbO1GZqlVMJJTTppkaal2dpl0TKl2TpllMN1mVt1UbSJTWtxGRPlmSH1UeRdVWoJEVaNzYE9kaGpWWrpkaNRTVqlFerR0T5VFROdXStl0cJlGVp9maJVTRXllMFRUTxk1VPxGZE90MnpmTphmaaRTVU5UbORlW4VFVPJTUE9UNJRVTyklaNBTRXpleJNETpRzaJZTSTpVeZdkT31keZhXQUplaSJjTxMmaNJTRtp1dZd0T0UlaOhGZqlFNJRUTpZkaNFTS610dZ1WTpdXaJ9kSp9UaFJjTwkleOFzZU9EMrpmTqp1VNRTTX10dRdUT5NGVZNTT61EaaR0TxsGVZlGbU90MVRkTrpUbJNXSpRVavpWS4V1VOFTSH1EaapmT4lFRPhmRU9UMjpXW1EkaNBTTq5EMJdUTzU1VNhXSq1kMjRlT3VlaaFTSDxUa0sWS2kUaNRTTE9keVRUT3V0VPlmUtplMBpXW0sGRahXRH9EaS1mW3lUbaxmTUlVaCpmWqZ1Ral3aq1Ua3lWSPpUaPlWUU1UaCRVWrpkMOBzaE5UMVdVT4l1VapmTU9UNBpmTpp1VadXWy0UMVpWTrpERalXQ610djpWSzlUaUl2bqlkMF1WTtplaOBTTE5EbOpmWyUEVPRTUt1UMZpXWshmeNtmSX1EMFRVW4VERPtmUUplMFd1Txk0QMlGNrlkNJlnTxUFRaRTTq5keFdVT0U0VNNTSU1UMZdkW3FFRaNTUtlFNJR1T6dmeN1mSUlVenpXTsRGROl2dpl0TKl2TpdGRNhmSyk1dnpWTqpFROFzZ65kaO1mTpxGVOhXVE5kMBRlWyMGVOhGaUpVNJd1TzUEVZpmUql0cJlGVp9maJlmVXlFaoR0TpJERNhmUy40MJdkT3V0VaBzY61UNZpWT4lkaNFTRt5UMFRlTrJ1VaFTWUlVbKNETpRzaJZTSp5EMFdVWo50VNNzYqllMBpXWwEEVPl3aU1kMrpWT0UkMOhXRtpFboRkWwkEVOlXREplaKRlWpdXaJ9kSp9UaJpmT4VkMNpmRt10dJJTW3lFRaxmRXlFNNpXTtJ1VPVTTE1UaCpWTtRGRPdXVH5UeBRkWspUbJNXSpRVavpWS6FkaaNTSyklaCpnTw0kaN1mVUpVboRUTrp0VOpXQEpVMJRVT0sGRNlXR6llaWdUTy0keOJTSDxUa0sWS2k0QalXRyk1djpmWrZEVPpmSE9kaCpXWxEkeZRTRy4UeNR1Ttp1RONzYUpVMRRlT10kMNlmSX1Ua3lWSPpUaPlWVq10aWJTWqpEROhXRX1UMZpWW61keOVTRq50MrpWWyklaOJTRtp1aspmTspVbaJTRH9EbGpWSzlUeQl2bql0dnRkWxE1RadXRE1UeVR0T1UlMZhmUy4UbCRlW0U1VZhXRy00MNpmT0kVbOBzaU10akRUT4l0QMlGNrlkNJNkTpRGValmTXpFeNdlT6lFRNNTUX9EeN1WW0k1RaBTWqpleFpXTspEVOh3Yq5EenpmW0MGRPl2cu9UaFdEZoJVRkRjVtl0cVp2TpFFWkZnVXJGcSZ0YsZ1RiRlSDxUaV1GZwJ1MZJkSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QM http://45.67.228.48/host1.exe http://45.67.228.48/123.txt http://94.131.112.154/PythonphpGeneratortemporary.php?JGvO=Epaz1Kj512gUSKaunbDS8tIMq1b&udXBuXppBF=k9NirryZAEUfpr62VhNI9tS&c72f30bfdace9699f08f265105715607=QYyMzYwImY4cjMjJWNzcTZ1ATY0kDZ1MzYkBDZygjM0YGNyQmZlVjZ0IjN1ITNxEDOzADO5QjM&12bb8387f02771b3530361d45f8bc47f=wYjlDMyYDO0YWMwUjNzI2YhVGM0QDZycTN2QjM0YDMlFzNyUmZmFzM&c7b752fd708acb9907ff5fceaaa3c6a8=d1nIzkDO5EDOhRmN5YmMhZWZ4UTYzIjNjhzMjVmN0UWYmNzN3cDNxMzMxIiOiUWY3YGN3kTY1MzYyYWN1YWN5YTMjRjM1MGO5EWY0ImYiwiIwQWMzIjYmhDN2kTZlBTN1cjM0IzYyYzN0MjY2gDNxgTO1UTNyUGOmJiOigTNihjY5UDMlRmYykDOidjY3cDNmNDOxQGNiRmMlhDOis3W http://94.131.112.154/PythonphpGeneratortemporary.php?ffj4evtisdSvL=e2caMa8rTyfUHx&d2903fd8b5e9625169a73c9bf16b0b7c=25907a775ae0c50e6896b3b0f4ed5546&12bb8387f02771b3530361d45f8bc47f=wMwYWY3EWO1IDOhlTMiBjZwgjZmRTZhZGN5YjMzgTYmBzY4YjMygTZ&ffj4evtisdSvL=e2caMa8rTyfUHx http://94.131.112.154/PythonphpGeneratortemporary.php?JGvO=Epaz1Kj512gUSKaunbDS8tIMq1b&udXBuXppBF=k9NirryZAEUfpr62VhNI9tS&c72f30bfdace9699f08f265105715607=QYyMzYwImY4cjMjJWNzcTZ1ATY0kDZ1MzYkBDZygjM0YGNyQmZlVjZ0IjN1ITNxEDOzADO5QjM&12bb8387f02771b3530361d45f8bc47f=wYjlDMyYDO0YWMwUjNzI2YhVGM0QDZycTN2QjM0YDMlFzNyUmZmFzM&46784cd6da072d8e9a00a34d02493da5=QX9JyZUZTUYp1c4dVWYJUeiBjQYVWeOVUS6Z0RTtEMnRlNRhlWzh3VZhlQTFmdKNjYaBXUE9EcERGb4dkYoRmRJlmVyY1Z0ADVVBXUE9EcERGb4dkYoRmRJRXOHRWdGdUYRBXUE9EcERGb4dkYoRmRJlmVyY1ZVJTW1ZUbiBnSrNkT0s2TwY1RiNnRyY1Z0cVY1lTbVtEMnRlNRhlWzh3VZhlQ5FWdsdEV1lTbjVFcRR0TwREZsh3RihGZGlkcOhVWOZ0RkxWMrNkT0s2TwY1RiNnRyY1ZnJzYo5UbXtEMnRlNRhlWzh3VZhlQ5JWeW1mY2FzaD5ENr9EMWdkYzZkMWdWVtNmdOtmYwljMZxmUYFWTwFFRPBHRkxGeHJGakZUS6ZFSaZHaYJ1SwcGV2EFWaNHeXlFWCNlYxYVbjxGaHRmRwFFRPBHRkxGeHJGakZUS0ZlbjBjTXp1cWt2QORzaPBjVHJ2cGJjVnVVbjZnTFFmeGdkULBzZUZTUYp1c4dVWYJUaiBXOykFbShVZDBXUE9EcERGb4dkYoRmRJxmSzIGR1cVY250RkBnSrNkT0s2TwY1RiNnRyY1ZNdVY0lzRkJEcRR0TwREZsh3RihGZGlUNKNjY0pEWRtEMnRlNRhlWzh3VZhlQTpla1cVW1xWbRJiOiEGM0AjZkFmN3YjZjFTZ5MGOyMWO2UGZyMWO0IWYjR2MiwiI1YGN0YmNxEWMygDNmhTZmJDZ0UGMmBjN0MjNihjMxImM3ATNmlzMhJiOiUWY3YGN3kTY1MzYyYWN1YWN5YTMjRjM1MGO5EWY0ImYiwiIwQWMzIjYmhDN2kTZlBTN1cjM0IzYyYzN0MjY2gDNxgTO1UTNyUGOmJiOigTNihjY5UDMlRmYykDOidjY3cDNmNDOxQGNiRmMlhDOis3W http://45.67.228.48/system32.exe http://94.131.112.154/PythonphpGeneratortemporary.php?JGvO=Epaz1Kj512gUSKaunbDS8tIMq1b&udXBuXppBF=k9NirryZAEUfpr62VhNI9tS&c72f30bfdace9699f08f265105715607=QYyMzYwImY4cjMjJWNzcTZ1ATY0kDZ1MzYkBDZygjM0YGNyQmZlVjZ0IjN1ITNxEDOzADO5QjM&12bb8387f02771b3530361d45f8bc47f=wYjlDMyYDO0YWMwUjNzI2YhVGM0QDZycTN2QjM0YDMlFzNyUmZmFzM&9ff31bbcdffb4b2ee507e80d804540cc=QX9JSUNJiOiEGM0AjZkFmN3YjZjFTZ5MGOyMWO2UGZyMWO0IWYjR2MiwiI3QmN5MGM5MWZyUjNxMGMwUWMjJTZ0kDOycTMwUmZmFmZkljY1ITY4IiOiUWY3YGN3kTY1MzYyYWN1YWN5YTMjRjM1MGO5EWY0ImYiwiIwQWMzIjYmhDN2kTZlBTN1cjM0IzYyYzN0MjY2gDNxgTO1UTNyUGOmJiOigTNihjY5UDMlRmYykDOidjY3cDNmNDOxQGNiRmMlhDOis3W http://94.131.112.154/PythonphpGeneratortemporary.php?JGvO=Epaz1Kj512gUSKaunbDS8tIMq1b&udXBuXppBF=k9NirryZAEUfpr62VhNI9tS&c72f30bfdace9699f08f265105715607=QYyMzYwImY4cjMjJWNzcTZ1ATY0kDZ1MzYkBDZygjM0YGNyQmZlVjZ0IjN1ITNxEDOzADO5QjM&12bb8387f02771b3530361d45f8bc47f=wYjlDMyYDO0YWMwUjNzI2YhVGM0QDZycTN2QjM0YDMlFzNyUmZmFzM&46784cd6da072d8e9a00a34d02493da5=0VfikjST9EeNRUT6RzQNVXUqR2Y4FTY5ljMkxWMXlVeaVEWjJlVS9UNDRWb5IzY2p0MZBXMFh1YONDZ2JVbiBHZGh1YwpXUp9maJ9mUYlVUKNETpRjMkZXNyEWdWxWS2k0QhBjRHV1aKNjYq5EWhVkSDxUaJl2Tpd2RkhmQWJGaKNjWsh3VaVlSDxUaJl2Tp1ESjdnRVJGaWdEZUp0QMlGNyQmd1ITY1ZFbJZTSDJlSKhlW6ZlVihmVHRGVKNETpRjMkZXNyEWdWxWS2kUajxmTYZFdGdlWw4EbJNXSpJ2M50mYyVzVWl2bqlkb1cVWNFzVZxmUzUVa3lWS1R2MiVHdtJmVKl2Tpd2RkhmQWJGaWdEZUp0QMl2aD1WN5VGcll3TJZHbHpVMGVUS1lzVhBDbtJGcadlWFJ0Qh5GbHN1b3F2Z0RlYuNna0AncMl2Tp1EWaVXOHF2d502Yqx2VUl2dplUavpWS6FzVZpmSXpFWKNETpRzRYlHeW1kWGVEVR5kVTVEeGhVd3ZEWjhHbJZTS5NWdWdlW55kMVl2dplUM0MkTp9maJVXOXFmeKhlWXRXbjZHZYpFdG12YHpUelJiOiEGM0AjZkFmN3YjZjFTZ5MGOyMWO2UGZyMWO0IWYjR2MiwiIzMjYkhTY3QjNlBDNxEWOykzY3YmM3EmMklDN2M2MiNjZ4UGM0MmMzIiOiUWY3YGN3kTY1MzYyYWN1YWN5YTMjRjM1MGO5EWY0ImYiwiIwQWMzIjYmhDN2kTZlBTN1cjM0IzYyYzN0MjY2gDNxgTO1UTNyUGOmJiOigTNihjY5UDMlRmYykDOidjY3cDNmNDOxQGNiRmMlhDOis3W http://94.131.112.154/PythonphpGeneratortemporary.php?JGvO=Epaz1Kj512gUSKaunbDS8tIMq1b&udXBuXppBF=k9NirryZAEUfpr62VhNI9tS&c72f30bfdace9699f08f265105715607=QYyMzYwImY4cjMjJWNzcTZ1ATY0kDZ1MzYkBDZygjM0YGNyQmZlVjZ0IjN1ITNxEDOzADO5QjM&12bb8387f02771b3530361d45f8bc47f=wYjlDMyYDO0YWMwUjNzI2YhVGM0QDZycTN2QjM0YDMlFzNyUmZmFzM&9ff31bbcdffb4b2ee507e80d804540cc=0VfiIiOiEGM0AjZkFmN3YjZjFTZ5MGOyMWO2UGZyMWO0IWYjR2MiwiIzMjYkhTY3QjNlBDNxEWOykzY3YmM3EmMklDN2M2MiNjZ4UGM0MmMzIiOiUWY3YGN3kTY1MzYyYWN1YWN5YTMjRjM1MGO5EWY0ImYiwiIwQWMzIjYmhDN2kTZlBTN1cjM0IzYyYzN0MjY2gDNxgTO1UTNyUGOmJiOigTNihjY5UDMlRmYykDOidjY3cDNmNDOxQGNiRmMlhDOis3W https://pastebin.com/raw/Cs9EzneX	4	7 Info ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE DCRAT Activity (GET) ET HUNTING Observed Malicious Filename in Outbound POST Request (Information.txt)		22.0	M		ZeroCERT

13615	2023-04-27 03:18	0A7FCD23-2B52-47F2-9A10-79A2B7... 4e55bf3f7eb04fb987a1bfa08f768675 JPEG Format								BRY

13616	2023-04-27 02:26	DS_Store-5 93103d36de62ffb10919f3e7fc51783a AntiDebug AntiVM Email Client Info Stealer Code Injection Check memory Checks debugger unpack itself installed browsers check Browser Email					3.2			BRY

13617	2023-04-27 02:17	DS_Store e84de8d6be88362a63d11938960b1fbd AntiDebug AntiVM Email Client Info Stealer Code Injection Check memory Checks debugger unpack itself installed browsers check Browser Email					3.2			BRY

13618	2023-04-26 18:26	reverse.exe d32a31a376731f31251a2d17ea3828bf Meterpreter PE64 PE File VirusTotal Malware DNS crashed		1			3.2	M	47	r0d

13619	2023-04-26 18:21	%23%23%23%23%23%23%23%23%23%23... 8c04ebf8df5396b9d4cd12056d0a42fe MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed Downloader	4 Keyword trend analysis Info http://www.forgetourco.com/my28/?DVBX=HR/gNFqxMMatrqckjUOgYj8CTraOU5fSyGgP08yra7HG48rWGxKrO4KotdMhMppFy0UjBinN&UbDH=kf50d6RxMtfhif http://www.heruhome.net/my28/?DVBX=XJSMwvStj3TaOyeg51NJJiBQw7kIYWKX/lWLvyDa8ZDmiMdYLcEbycX0tGIYyEtEbF96zC57&UbDH=kf50d6RxMtfhif http://172.245.214.178/25/vbc.exe http://172.245.214.178/007/Dblvvr.dat	6	8 Info ET INFO Executable Download from dotted-quad Host ET MALWARE MSIL/GenKryptik.FQRH Download Request ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE FormBook CnC Checkin (GET)		5.0	M	35	ZeroCERT

13620	2023-04-26 18:19	debug.dbg 070b332f2ba3f1248c43931c8e9b54c2 AntiDebug AntiVM ELF VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					4.4	M	39	ZeroCERT