Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
14011	2023-04-20 11:38	gGEVTqnUyq.vbs 21bdef1fee01151e1cebefa3316a20b9 Generic Malware Antivirus PowerShell powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis	1			4.8			ZeroCERT

14012	2023-04-20 11:29	20230418_1735061.html 65c643adac6706ce4962cf3b4ad8c586 Generic Malware Browser Info Stealer MachineGuid Code Injection Checks debugger exploit crash unpack itself installed browsers check Exploit Browser crashed					3.6			ZeroCERT

14013	2023-04-20 11:27	Bqkz.hta 8c6959b88a7a4b5e90abc355cc0af014 Generic Malware Antivirus AntiDebug AntiVM PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process Windows ComputerName Cryptographic key	8 Keyword trend analysis Info https://hotellosmirtos.com/sjn/x9TKiyLLkT https://zainco.net/OdOU/D0YU3GE https://citytech-solutions.com/6Mh1k/JDoJb https://nayadofoundation.org/wXaKm/F5MnHFq https://carladvogadatributaria.com/tvnq9/eGbRBey8o7Mk https://mrcrizquna.com/L7ccN/kUAFglmgW https://gsscorporationltd.com/okSfj/QBoaDPRP5hF https://erg-eg.com/ocmb/V4PjenCL				4.8			ZeroCERT

14014	2023-04-20 11:25	Njguoo.hta 6d3e7575bc3016353e43b00a21c2d3eb Generic Malware Admin Tool (Sysinternals etc ...) Antivirus AntiDebug AntiVM PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process Windows ComputerName Cryptographic key	8 Keyword trend analysis Info https://citytech-solutions.com/6Mh1k/B7EHsbUXqkf https://erg-eg.com/ocmb/tvbjS https://carladvogadatributaria.com/tvnq9/THWkL https://mrcrizquna.com/L7ccN/PifjJ75h3 https://hotellosmirtos.com/sjn/7yDzZW https://nayadofoundation.org/wXaKm/EDtmGrL https://gsscorporationltd.com/okSfj/gdOqVcscfx https://zainco.net/OdOU/9S6oZW8				4.8			ZeroCERT

14015	2023-04-20 11:22	Complaint_Copy_798708.wsf c91431eb09675290e644c2e8a07213cd VBScript wscript.exe payload download DNS Dropper	1 Keyword trend analysis	1			10.0			ZeroCERT

14016	2023-04-20 11:22	invoice-1882938472_pdf.vbs ec28a8ac995eba2a726d68817ccec30b unpack itself crashed					0.6			ZeroCERT

14017	2023-04-20 11:21	clip64.dll f577e9f9bb3716a1405af573fbf2afb4 UPX Admin Tool (Sysinternals etc ...) Malicious Library OS Processor Check DLL PE32 PE File VirusTotal Malware PDB Checks debugger unpack itself					2.0	M	52	ZeroCERT

14018	2023-04-20 11:19	Sbiqfcpir.hta 3e225779f6f92a4f8e31b8a5aadb79ea Generic Malware Antivirus AntiDebug AntiVM PowerShell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself suspicious process Windows ComputerName Cryptographic key	8 Keyword trend analysis Info https://hotellosmirtos.com/sjn/PQiyNfrmUm https://mrcrizquna.com/L7ccN/5xyIta4J https://citytech-solutions.com/6Mh1k/bLddoC5w https://zainco.net/OdOU/iwjvWWQK1LXG https://carladvogadatributaria.com/tvnq9/fumBE4hlm9 https://erg-eg.com/ocmb/T8XeUTra https://nayadofoundation.org/wXaKm/9vYtmZ https://gsscorporationltd.com/okSfj/08jXB4X9BF				4.2			ZeroCERT

14019	2023-04-20 11:18	Complaint_Copy_838511.wsf 0038e8cfc6deaa5e8b9ba11affaeea2d Malware VBScript Malicious Traffic Check memory heapspray wscript.exe payload download DNS crashed Dropper	1 Keyword trend analysis	1			10.0			ZeroCERT

14020	2023-04-20 11:18	Funds_166311.wsf c8cdbe9de89761dd6364ac64c6fdf0cf VBScript wscript.exe payload download unpack itself Tofsee crashed Dropper	2 Keyword trend analysis	2	1	2	10.0	M		ZeroCERT

14021	2023-04-20 09:48	4556qXbHiTtYxMXnMwXziAARUlvy.e... a3b8de651df55988ae8f38dbbc734b0c Generic Malware UPX WinRAR Antivirus Malicious Library OS Processor Check PE32 PE File VirusTotal Malware powershell PDB suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Remote Code Execution Cryptographic key					5.8	M	7	ZeroCERT

14022	2023-04-20 09:46	vbc.exe f26ce3fc95a5cc436d4e15338a7ded6b PWS .NET framework Hide_EXE .NET EXE PE32 PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.2	M	22	ZeroCERT

14023	2023-04-20 09:44	s.exe f066332ccc81b918c04cdcab3b828c27 UPX Malicious Library OS Processor Check PE32 PE File PDB unpack itself Remote Code Execution DNS		1			1.8	M		ZeroCERT

14024	2023-04-20 09:42	Uomwqqq.exe 287b678f74eae9dacfc22cf4928227cc Loki_b Loki_m PWS .NET framework RAT Generic Malware task schedule UPX Antivirus DNS PWS[m] KeyLogger ScreenShot AntiDebug AntiVM OS Processor Check .NET EXE PE32 PE File Malware download NetWireRC VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process IP Check Windows RAT ComputerName DNS Cryptographic key	1 Keyword trend analysis	3	2		11.8	M	37	ZeroCERT

14025	2023-04-20 09:42	vbc.exe fd4d349554b93a53a3d5540a92f251c0 UPX Malicious Library PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer AutoRuns Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed		2	1		7.0	M		ZeroCERT