Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
13711	2023-04-21 18:16	%23%23%23%23%23%23%23%23%23%23... 631e3b2149903d8569c16f2a9ddb3b11 MS_RTF_Obfuscation_Objects RTF File doc Malware download Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	1	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE MSIL/GenKryptik.FQRH Download Request ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		4.6			ZeroCERT

13712	2023-04-21 18:15	vbc.exe b96f2033d74025f2bc5b29e52a9cb650 PWS .NET framework RAT Generic Malware Antivirus DNS SMTP PWS[m] KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	4	2		15.6	M	33	ZeroCERT

13713	2023-04-21 18:14	vbc.exe e8ab54ff681e5009795d0030d626c9b3 AgentTesla PWS .NET framework NPKI browser info stealer Generic Malware Google Chrome User Data Downloader Antivirus Create Service Socket DNS PWS[m] Sniff Audio Internet API Escalate priviledges KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Remcos VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key crashed keylogger	1 Keyword trend analysis	4	1		12.4	M	51	ZeroCERT

13714	2023-04-21 18:13	4496TmGAmszliFaJddlAQYLYCUMW.e... 249e72c284e40f491a40290b0b22fc58 UPX Malicious Packer Malicious Library OS Processor Check PE64 PE File VirusTotal Malware					1.0	M	23	ZeroCERT

13715	2023-04-21 18:13	90fd60b1-8165-498a-8d9a-6914fb... 348c57dac7e0bee0e41bdc20fb74f0f1 UPX Malicious Library AntiDebug AntiVM OS Processor Check PE32 PE File Browser Info Stealer Malware download VirusTotal Malware RecordBreaker MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications installed browsers check Stealer Windows Browser Remote Code Execution DNS	9 Keyword trend analysis Info http://trastform.com/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll http://trastform.com/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll http://trastform.com/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll http://trastform.com/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll http://trastform.com/ http://trastform.com/82e37821d932fcf72a02ada74078fdfd http://trastform.com/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll http://trastform.com/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll http://trastform.com/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll	4	4		11.2	M	53	ZeroCERT

13716	2023-04-21 18:12	Ruzvelt.exe 2f9b84fb886f602b7bf1216419fbb91f Malicious Library PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution					2.2	M	38	ZeroCERT

13717	2023-04-21 18:09	vbc.exe 1cf326e3aee40d07fcb969a4ab5e34f1 PWS .NET framework RAT Hide_EXE .NET EXE PE32 PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.6	M	43	ZeroCERT

13718	2023-04-21 18:07	Client.jpg 6ef1e04016619a23768fbb6ace3c5be5 RAT UPX OS Processor Check .NET EXE PE32 PE File VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName DNS		1			4.4	M	56	ZeroCERT

13719	2023-04-21 18:06	toba22bbc.exe 13348cb1966e434e5cb63b82e42291b7 RAT SMTP PWS[m] AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs Windows ComputerName Cryptographic key					9.8	M	47	ZeroCERT

13720	2023-04-21 18:04	pro2.exe ab1746f989702ee9fb400f7c4a5d0acc PWS .NET framework RAT UPX Confuser .NET OS Processor Check .NET EXE PE32 PE File Browser Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself installed browsers check Windows Browser ComputerName DNS Cryptographic key crashed		1			4.2	M	59	ZeroCERT

13721	2023-04-21 18:04	vbc.exe f5deff8b2ecfc9a609c8e03c86c45e09 PWS .NET framework RAT .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself ComputerName					2.2	M	54	ZeroCERT

13722	2023-04-21 18:02	buildz.exe 2649cbcef1838339d91cd7ff59ef3208 Loki_b Loki_m Gen1 Suspicious_Script_Bin Generic Malware Malicious Library UPX Malicious Packer DGA Socket DNS PWS[m] Http API Internet API ScreenShot Code injection AntiDebug AntiVM PE32 PE File OS Processor Check DLL Browser Info Stealer Malware download FTP Client Info Stealer Dridex VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Microsoft Telegram AutoRuns PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications AppData folder malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser Email ComputerName Remote Code Execution DNS Software crashed	6 Keyword trend analysis	10	12 Info ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET INFO TLS Handshake Failure ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed Telegram Domain (t .me in TLS SNI) ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET MALWARE Win32/Filecoder.STOP Variant Public Key Download ET MALWARE Potential Dridex.Maldoc Minimal Executable Request ET MALWARE Win32/Vodkagats Loader Requesting Payload ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Dotted Quad Host ZIP Request	1	19.2	M	35	ZeroCERT

13723	2023-04-21 18:02	build2.exe d0eb40fe08f409805aed3f5312bfb5b8 Loki_b Loki_m UPX Malicious Library Code injection AntiDebug AntiVM OS Processor Check PE32 PE File VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Checks debugger buffers extracted Creates executable files unpack itself malicious URLs Tofsee ComputerName Remote Code Execution DNS crashed	4 Keyword trend analysis	5	4		10.2	M	54	ZeroCERT

13724	2023-04-21 18:02	vbc.exe 96068a9ee89ae50fd19e2c9914166db0 PWS .NET framework RAT Hide_EXE Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed					12.4	M	45	ZeroCERT

13725	2023-04-21 14:13	locacem2.1.exe 241b78d02640dea21e13c5bb27f3070c NSIS UPX Malicious Library PE32 PE File VirusTotal Malware suspicious privilege Check memory Creates executable files unpack itself					3.4	M	55	r0d