Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
13651	2021-10-15 18:11	audio.exe 98fc6998c7943f10c6eab32dd5f87e92 RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Check virtual network interfaces malicious URLs Tofsee Windows Cryptographic key crashed	26 Keyword trend analysis Info http://www.thepropertygoat.com/mexq/ http://www.fightfigures.com/mexq/?lxldV=nF8Mi7Lo4h+4yZVT5Ia3Bbev17k0Adz6GOgv+uMYTn1aoIKK7kPNVt7dZ/cJJMW4PgTrtPs8&Tj8=YBZL http://www.dogiadunggiare.online/mexq/ http://www.ikkbs-a02.com/mexq/?lxldV=VV5AgV3GCIayE1q/uEC3YKUlRjxT/D9Wjoi84UeRM+gohUBTid2T1AFz2q8EbYiQSNLVot46&Tj8=YBZL http://www.girlspiter.club/mexq/ - rule_id: 6377 http://www.divinevoid.com/mexq/?lxldV=KqxNkYKwhK8QCGnTjvaSVFverL9tDCQk0D0fcPjoodLCHWHMSCJf+11BJWe1YSP1vIOC7L4x&Tj8=YBZL http://www.dogiadunggiare.online/mexq/?lxldV=aMphtwNDzsdiE6X2ifxu9cLfxHarG5ZcKcAFFOnAQEmMg5UnruKiUh8bnA8dfmdKNc1n63nj&Tj8=YBZL http://www.cyebang.com/mexq/?lxldV=g6L0/Z2cdy+PQR0/l6rXBhzWGtzMcF3Ol137FLHMI1/7C2CX6Ije7QQ81WlooZwAwjE41ZtU&Tj8=YBZL - rule_id: 6367 http://www.fightfigures.com/mexq/ http://www.rd26x.com/mexq/ - rule_id: 6370 http://www.paomovar.com/mexq/?lxldV=keGnqMLdj851sJRi2j39jp79R3melR4wNuD9uq7cFAzjBnJQcKEU6p8BE35gFM0DNsm1xZQ1&Tj8=YBZL http://www.abbastanza.info/mexq/ - rule_id: 6317 http://www.abbastanza.info/mexq/?lxldV=HxheXHNeZnuh7hWJGhsr6d5umAb+gTBnlbDLBsLWbPaXIzw9yocRim9m9M79jCReeU6Lm+iq&Tj8=YBZL - rule_id: 6317 http://www.mabnapakhsh.com/mexq/?lxldV=OU1GtVXDbsnAoZAJ+r3UhPtpR181l/ARJ5oFEWbh76Mk/J1Ds5ZKsjMHrQjA03ZUl7BK7iZc&Tj8=YBZL - rule_id: 6371 http://www.girlspiter.club/mexq/?lxldV=fzhR5iDoK/FMbNanNPgySKtGhsLhyiuSpsOSscLZe2SSRgDl3GCmdM/c8tfRmghpgq4HDdiJ&Tj8=YBZL - rule_id: 6377 http://www.asistente-ti.com/mexq/ http://www.mabnapakhsh.com/mexq/ - rule_id: 6371 http://www.rd26x.com/mexq/?lxldV=NkB1NXPBFDbDKRQZsa3bgqux4BDsfoNouiBmY062wfTHfxIwCLTnegL+vUKelNVaBIOAn2Cu&Tj8=YBZL - rule_id: 6370 http://www.thepropertygoat.com/mexq/?lxldV=a7LEMNgPF40tNRiX8Nab284n24B1ISiHmaUOi826CaNlLuQPC7P9Z06/J0q5w54UkOOw30O0&Tj8=YBZL http://www.cyebang.com/mexq/ - rule_id: 6367 http://www.divinevoid.com/mexq/ http://www.ikkbs-a02.com/mexq/ http://www.asistente-ti.com/mexq/?lxldV=FXytxKb7hlS0NB95F4E2l5t7HPJ3Y/hCXozEuR5SBn2hmfCvUpXKCkvUGJqgiwTgq5SCS4oc&Tj8=YBZL http://www.paomovar.com/mexq/ https://cdn.discordapp.com/attachments/893177342426509335/898388093822984232/13289851.jpg https://cdn.discordapp.com/attachments/893177342426509335/898388092430483526/7A426138.jpg	27 Info www.cyebang.com(154.216.110.149) www.paomovar.com(34.102.136.180) www.ikkbs-a02.com(172.67.162.204) www.abbastanza.info(216.58.220.115) www.dogiadunggiare.online(13.250.255.10) www.rd26x.com(172.104.94.112) www.fightfigures.com(74.208.236.170) www.girlspiter.club(23.105.244.169) www.divinevoid.com(18.176.133.53) www.xn--l6qw76agwi5rjeuzk9q.com() - mailcious www.aliexpress-br.com() - mailcious www.thepropertygoat.com(34.102.136.180) cdn.discordapp.com(162.159.135.233) - malware www.asistente-ti.com(34.102.136.180) www.sjmdesignstudio.com() www.mabnapakhsh.com(198.54.117.217) 216.58.220.115 74.208.236.170 162.159.130.233 - malware 34.102.136.180 - mailcious 198.54.117.217 - phishing 154.216.110.149 - mailcious 18.181.31.166 23.105.244.169 - mailcious 172.67.162.204 172.104.94.112 - mailcious 13.250.255.10	2	10 Info http://www.girlspiter.club/mexq/ http://www.cyebang.com/mexq/ http://www.rd26x.com/mexq/ http://www.abbastanza.info/mexq/ http://www.abbastanza.info/mexq/ http://www.mabnapakhsh.com/mexq/ http://www.girlspiter.club/mexq/ http://www.mabnapakhsh.com/mexq/ http://www.rd26x.com/mexq/ http://www.cyebang.com/mexq/	9.8	M	10	ZeroCERT

13652	2021-10-16 09:44	TimeLimit.exe 465784e139b2fb62fa2ee0cce3ee5551 Crossrider Adware PE File PE32 VirusTotal Malware AutoRuns Check memory unpack itself suspicious process WriteConsoleW Windows					4.6	M	20	r0d

13653	2021-10-16 12:38	Đề nghị thanh toán.exe a247b100fbea1e86267e033716a3e3df RAT PWS .NET framework Generic Malware UPX PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself ComputerName					2.4		19	ZeroCERT

13654	2021-10-16 12:39	FYI.exe d100485ad14f8463450278591b10c698 RAT Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself human activity check Windows DNS Cryptographic key DDNS		3	1		13.8		28	ZeroCERT

13655	2021-10-16 12:42	Ner Order.exe 7cfff0e3f8ccab0661299c826aa73e1a RAT PWS .NET framework Generic Malware Antivirus DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key DDNS		3	1		15.0		20	ZeroCERT

13656	2021-10-16 12:42	KRSEL000005628644.PNG.scr bd8f7a95d63891f57462cfa5b2179888 Gen2 Gen1 Generic Malware Malicious Library UPX Malicious Packer DNS AntiDebug AntiVM PE File OS Processor Check PE32 VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName Remote Code Execution DNS DDNS crashed		2	1		15.8		44	ZeroCERT

13657	2021-10-16 12:43	New Order.exe 1c347ce8723c87e82c1d22de5e1fe046 RAT PWS .NET framework Generic Malware Antivirus DNS AntiDebug AntiVM PE File PE32 .NET EXE powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key DDNS crashed		3	1		15.0			ZeroCERT

13658	2021-10-16 12:45	New Order List & Specification... 39f59475d4b4672638a90ac2e475cd90 AgentTesla browser info stealer Generic Malware Google Chrome User Data Malicious Library UPX Create Service Socket Code injection Sniff Audio KeyLogger Escalate priviledges Downloader AntiDebug AntiVM PE File OS Processor Check PE32 Buffer PE AutoRuns PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files suspicious process AppData folder sandbox evasion Windows Remote Code Execution DNS DDNS crashed keylogger		2	1		12.0			ZeroCERT

13659	2021-10-16 12:53	ORIGINAL DOCUMENTS BL, C.I. & ... a0747b376c17728fe2731e9e98d1b017 Gen2 Gen1 Generic Malware Malicious Library UPX Anti_VM AntiDebug AntiVM PE File OS Processor Check PE32 Buffer PE AutoRuns PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious process sandbox evasion Windows Remote Code Execution crashed					6.2			ZeroCERT

13660	2021-10-16 12:53	PURCHASE ORDER _467889899098.x... 90a7b2355d1a256a4dc4e72caca1fb35 RAT Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW human activity check Tofsee Windows ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	5	1		16.4		20	ZeroCERT

13661	2021-10-16 12:54	SMS LOGS.COM 6a4e8dbad4bd58452d15a706ff60bea5 AgentTesla NetWire RAT RAT email stealer browser info stealer Generic Malware Google Chrome User Data Malicious Packer Malicious Library UPX Socket DNS KeyLogger ScreenShot AntiDebug AntiVM PE64 PE File OS Processor Check VirusTotal Malware AutoRuns MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key DDNS		2			10.0		30	ZeroCERT

13662	2021-10-16 12:55	SB_09837635673-309873653673.ex... 91f4fb77450caf87383a80bca76af4b9 Gen2 Gen1 Generic Malware Malicious Library UPX DNS AntiDebug AntiVM PE File OS Processor Check PE32 VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process sandbox evasion WriteConsoleW human activity check Windows ComputerName Remote Code Execution DNS DDNS crashed		2	1		16.4		33	ZeroCERT

13663	2021-10-16 12:56	VWT_0397467389948-039874674.ex... eb84b407ad189ab0024269c8ccb42ddb RAT PWS .NET framework Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS		2	1		15.0		26	ZeroCERT

13664	2021-10-16 12:58	ADH_Quotation_Sheet-Q202107055... 8b79c77c9736b590089dc899c6129abf RAT Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process human activity check Tofsee Windows DNS Cryptographic key crashed	1 Keyword trend analysis	4	1		13.8		22	ZeroCERT

13665	2021-10-16 13:01	Deposit Payment.exe c3e635b8e9d4fea44f5c5f9aee4edb3f RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) UPX SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed					13.8			ZeroCERT