Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
13981	2023-04-21 18:06	toba22bbc.exe 13348cb1966e434e5cb63b82e42291b7 RAT SMTP PWS[m] AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs Windows ComputerName Cryptographic key					9.8	M	47	ZeroCERT

13982	2023-04-21 18:04	pro2.exe ab1746f989702ee9fb400f7c4a5d0acc PWS .NET framework RAT UPX Confuser .NET OS Processor Check .NET EXE PE32 PE File Browser Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself installed browsers check Windows Browser ComputerName DNS Cryptographic key crashed		1			4.2	M	59	ZeroCERT

13983	2023-04-21 18:04	vbc.exe f5deff8b2ecfc9a609c8e03c86c45e09 PWS .NET framework RAT .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself ComputerName					2.2	M	54	ZeroCERT

13984	2023-04-21 18:02	buildz.exe 2649cbcef1838339d91cd7ff59ef3208 Loki_b Loki_m Gen1 Suspicious_Script_Bin Generic Malware Malicious Library UPX Malicious Packer DGA Socket DNS PWS[m] Http API Internet API ScreenShot Code injection AntiDebug AntiVM PE32 PE File OS Processor Check DLL Browser Info Stealer Malware download FTP Client Info Stealer Dridex VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Microsoft Telegram AutoRuns PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications AppData folder malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser Email ComputerName Remote Code Execution DNS Software crashed	6 Keyword trend analysis	10	12 Info ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET INFO TLS Handshake Failure ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed Telegram Domain (t .me in TLS SNI) ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET MALWARE Win32/Filecoder.STOP Variant Public Key Download ET MALWARE Potential Dridex.Maldoc Minimal Executable Request ET MALWARE Win32/Vodkagats Loader Requesting Payload ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Dotted Quad Host ZIP Request	1	19.2	M	35	ZeroCERT

13985	2023-04-21 18:02	build2.exe d0eb40fe08f409805aed3f5312bfb5b8 Loki_b Loki_m UPX Malicious Library Code injection AntiDebug AntiVM OS Processor Check PE32 PE File VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Checks debugger buffers extracted Creates executable files unpack itself malicious URLs Tofsee ComputerName Remote Code Execution DNS crashed	4 Keyword trend analysis	5	4		10.2	M	54	ZeroCERT

13986	2023-04-21 18:02	vbc.exe 96068a9ee89ae50fd19e2c9914166db0 PWS .NET framework RAT Hide_EXE Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed					12.4	M	45	ZeroCERT

13987	2023-04-21 14:13	locacem2.1.exe 241b78d02640dea21e13c5bb27f3070c NSIS UPX Malicious Library PE32 PE File VirusTotal Malware suspicious privilege Check memory Creates executable files unpack itself					3.4	M	55	r0d

13988	2023-04-21 09:01	SSR LIST QINQDAO PORT.vbs d33e8ab673db0b0e84cc39d0be377bc8 VirusTotal Malware crashed					0.6		3	ZeroCERT

13989	2023-04-21 09:01	invoice-73928_pdf.vbs 1aa6621465a6e13c232d8dcd2a01d363 unpack itself crashed					0.6			ZeroCERT

13990	2023-04-21 08:58	Complaint_Copy_195040.wsf 9ebb0b07e289a4882ba12b0e7549d064 VBScript wscript.exe payload download DNS Dropper	1 Keyword trend analysis	1			10.0			ZeroCERT

13991	2023-04-21 08:58	Payment_260127.wsf ad5e7053e14384edd2d8af5164d9f7bf VBScript wscript.exe payload download ICMP traffic DNS Dropper	1 Keyword trend analysis	1			10.0			ZeroCERT

13992	2023-04-21 08:54	Lyla131.exe 17e36437bd558374106622b7327a2aca RAT NSIS Generic Malware UPX Malicious Library AntiDebug AntiVM PE32 PE File MSOffice File PNG Format .NET EXE OS Processor Check DLL JPEG Format .NET DLL VirusTotal Malware AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security Check virtual network interfaces AppData folder Tofsee Interception Windows Exploit Browser Google DNS Cryptographic key crashed	3 Keyword trend analysis	6	3		12.4	M	21	ZeroCERT

13993	2023-04-21 00:15	chat.db-shm 87152bb0f7d1d6bdaf6f98e1dc85e487 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.4			BRY

13994	2023-04-21 00:10	nickNameKeyStore.db 8f9ca4973e39e548b0236366b99c81de								BRY

13995	2023-04-20 23:34	1beb05868ce93bcc8fafc46adccdda... 9b63e0fb3785ffa49686dd75e303d177 AntiDebug AntiVM MSOffice File Code Injection buffers extracted RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed					4.2			BRY