Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
13621	2021-10-15 09:51	vbc.exe 81ecab9fa2aa18c3d5dc61e9b2bebb7b RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	6 Keyword trend analysis Info http://www.appliancestar.xyz/wogm/?FTjlCFf=CZa7IhhKqH+i67SZ8DlxL7SD9/c86vP1pUqMFjpE9JLrEijbe5cqjfJtalcieGMffdwsnkHJ&vR-h8=khOtRrQxX4YlEtU http://www.truenettnpasumo2.xyz/wogm/?FTjlCFf=++H91393A+kX/y57heqir4yoHK/0wF8hbhB6ZkZ2FevYLBcUz29qdFfIsbl4hf6qK5sS70Fr&vR-h8=khOtRrQxX4YlEtU http://www.cvkf.email/wogm/?FTjlCFf=sRTLAMGyy4X7UY05DVBPxGqu9GiCi5X1NGTsSugbG85T5MJdD4skDqvEhNnlyFyuRx/UAW/w&vR-h8=khOtRrQxX4YlEtU http://www.santamariamoto.express/wogm/?FTjlCFf=XFl2HGFZDbM3ilnNSLCKR55vAZz9/GlrmlrmLStPz+t/Cfryq2xL+Ou2JEuSZKfyQZPLJhwt&vR-h8=khOtRrQxX4YlEtU http://www.javaportal.info/wogm/?FTjlCFf=lSKsitiyws6CV1iMLxhrahVtvrIwWCHcUDACNSJ1QCT90EZMnOuQMhpHp/9WWeYlZFWK0aAa&vR-h8=khOtRrQxX4YlEtU http://www.porchlightwoodworks.com/wogm/?FTjlCFf=hTlYLujhLIBfNhXKle4Ne5c9nbuG2ANBn8MRHjr/JSY/AGMyu0tlASlL1mMShb9c7W3t9T0r&vR-h8=khOtRrQxX4YlEtU	15 Info www.truenettnpasumo2.xyz(150.95.255.38) www.cvkf.email(217.160.0.253) www.javaportal.info(217.70.184.50) www.goodspaz.com() www.porchlightwoodworks.com(23.229.175.71) www.appliancestar.xyz(104.21.85.225) www.santamariamoto.express(185.27.134.221) www.hypermediastore.com() www.884651.com() 185.27.134.221 150.95.255.38 - mailcious 217.160.0.253 23.229.175.71 - malware 217.70.184.50 - mailcious 172.67.211.221 - phishing	2	7.8	M	16	ZeroCERT

13622	2021-10-15 09:53	vbc.exe e1ece154e7d217115851bb74b8b79e24 RAT Generic Malware Admin Tool (Sysinternals etc ...) Antivirus SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process Windows Browser Email ComputerName Cryptographic key Software crashed				13.6	M	27	ZeroCERT

13623	2021-10-15 09:53	h_online.exe 2bfef42ea03e4fbb32243da6cb861205 PWS Loki[b] Loki.m .NET framework NPKI Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Checks Bios Detects VirtualBox malicious URLs AntiVM_Disk VMware anti-virtualization VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software		1		16.4	M	42	ZeroCERT

13624	2021-10-15 09:55	vbc.exe f11ebc7e0b269ee17f61f7a4ab4ce9ec UPX Malicious Library PE File PE32 VirusTotal Malware				1.0	M	14	ZeroCERT

13625	2021-10-15 09:55	CHILESKY.exe 2838a508700df0b9ae80674c2f42ef4b RAT Generic Malware PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself ComputerName				1.4		6	ZeroCERT

13626	2021-10-15 09:58	vbc.exe da7b4c213039524dd2cd661cb20e62ae PWS .NET framework Gen2 Emotet Gen1 Generic Malware NSIS Malicious Library UPX ASPack Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM AntiDebug AntiVM PE File PE32 OS Processor Check FormBook Malware download VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself AppData folder installed browsers check Windows Browser DNS	14 Keyword trend analysis Info http://www.tongtongticket.com/bntn/ http://www.paramustowing.com/bntn/ http://www.xn--299akkrtr22f.com/bntn/ http://www.willpowerleggings.com/bntn/?jBZ4=O+Z4LQPQMzYbpWLT3n0a9n7LtLYJPcJESV/d+o2qxkdmboFsYtVgbm2hYoZiQsujkqIXV11z&P0D=kFQ0DXAxEZATHl http://www.willpowerleggings.com/bntn/ http://www.tongtongticket.com/bntn/?jBZ4=ne/6WiBYUUUYQtT3BG3QSc8o6g/z53bI83kA9iocdDFA9OjsJRvH1C2xfRGKXih8pzuXfb+c&P0D=kFQ0DXAxEZATHl http://www.empyrealgrowva.com/bntn/ http://www.9veronicaavenue.com/bntn/ http://www.frayahanson.com/bntn/?jBZ4=oFO9RmlSl++/v1YDeSY3mProiyQgi2+hlMkg7b4/PLGp1WpF3yb5DGOQUG8BL3f9IcGrhQt0&P0D=kFQ0DXAxEZATHl http://www.9veronicaavenue.com/bntn/?jBZ4=kSOzIuOqf33icb7jL3P6+lFIMnyjwDTENnNLAiqlHmACuDUj5PbuHRXtUmX7xoWaH4Ofc9nZ&P0D=kFQ0DXAxEZATHl http://www.paramustowing.com/bntn/?jBZ4=Zmfw4Esej640264nBF8rRgm9yb3Ifbhj/DSE9epy9UGl8RSLepUQfgEIh5a3fktibnFgotl4&P0D=kFQ0DXAxEZATHl http://www.xn--299akkrtr22f.com/bntn/?jBZ4=kgkGF9Ysfd8zYCE+QJErmgVuQlgymn5hReCN8pGF7TzUt2dFl2/L26qKOsVtiPdmfnb0j80y&P0D=kFQ0DXAxEZATHl http://www.frayahanson.com/bntn/ http://www.empyrealgrowva.com/bntn/?jBZ4=Au27EvwJrp50AVYHCUDqIIfox0HKUlVAbeEX7KAUxjtVY392IdfHlm/4EUWeS5gsUs7MiyW6&P0D=kFQ0DXAxEZATHl	18 Info www.71zkck.biz() www.paramustowing.com(88.214.207.96) www.9veronicaavenue.com(52.147.15.202) www.tongtongticket.com(114.31.52.67) www.frayahanson.com(66.96.162.137) www.shristientreprise.com() www.xn--299akkrtr22f.com(121.254.178.253) www.empyrealgrowva.com(198.187.31.100) www.eclipsegl.com() www.bakermckenzieny.com() www.willpowerleggings.com(23.227.38.74) 114.31.52.67 52.147.15.202 - mailcious 121.254.178.253 - mailcious 88.214.207.96 - mailcious 66.96.162.137 23.227.38.74 - mailcious 198.187.31.100	2	11.0	M	60	ZeroCERT

13627	2021-10-15 09:58	cssrss1.exe 1bd356bd20a2de1c53bc28104ee97d18 RAT email stealer Generic Malware ASPack UPX Malicious Packer Malicious Library Antivirus Socket DNS Code injection KeyLogger Escalate priviledges Downloader persistence AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check Tofsee Windows ComputerName DNS Cryptographic key crashed	2 Keyword trend analysis	3	1	16.4	M	34	ZeroCERT

13628	2021-10-15 10:00	Dpo.exe 19b40e11d12dc217a5fb301437c0d7f7 RAT PWS .NET framework email stealer BitCoin Generic Malware Malicious Library ScreenShot Steal credential DNS SMTP Code injection KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs AntiVM_Disk IP Check VM Disk Size Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key keylogger	3 Keyword trend analysis	7	2	15.8	M	22	ZeroCERT

13629	2021-10-15 10:01	vbc.exe ab5135e71815ad27daf57be78754c85d UPX PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself Remote Code Execution				2.2	M	34	ZeroCERT

13630	2021-10-15 10:05	nwaba.exe 3567206f02eac9b9b004bf8f7ffad7a2 RAT BitCoin email stealer Generic Malware Malicious Library DNS SMTP Code injection KeyLogger ScreenShot Steal credential AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs AntiVM_Disk IP Check VM Disk Size Check Tofsee Windows Browser Email ComputerName Cryptographic key keylogger	4 Keyword trend analysis Info http://whatismyipaddress.com/ https://cdn.discordapp.com/attachments/893177342426509335/898153339576021032/1C84D56B.jpg https://cdn.discordapp.com/attachments/893177342426509335/898153343401226240/FBC84B57.jpg https://cdn.discordapp.com/attachments/893177342426509335/898153341647982662/F33830EF.jpg	6	2	15.2	M	20	ZeroCERT

13631	2021-10-15 10:10	@haiz_install.exe 7ae610290258f93dead5795ad70c793d RAT Generic Malware UPX AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI ICMP traffic unpack itself Collect installed applications Check virtual network interfaces suspicious TLD installed browsers check Windows Browser ComputerName DNS Cryptographic key crashed	2 Keyword trend analysis	4	1	14.0	M	35	ZeroCERT

13632	2021-10-15 10:10	Kofi.exe 4e956950a9aea405936b0ba0653138ef RAT PWS .NET framework BitCoin email stealer Generic Malware DNS SMTP Code injection KeyLogger ScreenShot Steal credential AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs AntiVM_Disk IP Check VM Disk Size Check Tofsee Windows Browser Email ComputerName Cryptographic key keylogger	3 Keyword trend analysis	6	2	15.0	M	12	ZeroCERT

13633	2021-10-15 10:17	1562391525.exe 604b759172262363118ab37833ca63bb PE File PE32 VirusTotal Malware unpack itself Windows utilities WriteConsoleW Windows ComputerName				3.0	M	30	r0d

13634	2021-10-15 10:22	1562391525.exe 604b759172262363118ab37833ca63bb Admin Tool (Sysinternals etc ...) PE File PE32 VirusTotal Malware unpack itself Windows utilities WriteConsoleW Windows ComputerName				3.0	M	30	r0d

13635	2021-10-15 10:27	vbc.exe 025eaccfdecb9df000e526122ce84aa2 Gorgon Group Generic Malware UPX PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself Remote Code Execution				2.6	M	31	r0d