Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
14026	2023-04-05 09:01	unknown.exe 53ddc793d3319b06ffe33975ee7e34ee RAT UPX Malicious Library OS Processor Check .NET EXE PE32 PE File suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName DNS keylogger		1			3.8			ZeroCERT

14027	2023-04-05 08:59	RegSvcs.exe a75accacdd53a79c96b99261ebe0affe PWS .NET framework RAT UPX Malicious Library Malicious Packer OS Processor Check .NET EXE PE32 PE File		2						ZeroCERT

14028	2023-04-05 08:57	obinna.exe 29267b485d5838d7fde94e68ad0cf51b PWS .NET framework UPX Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1		12.2	M	38	ZeroCERT

14029	2023-04-05 08:57	lifting.exe b674dc63057d15e26d5ca8842f4c0605 UPX Malicious Library PE32 PE File OS Processor Check VirusTotal Malware Check memory Creates executable files unpack itself AppData folder crashed					4.0	M	45	ZeroCERT

14030	2023-04-05 08:51	foto0145.exe c70824476e0f90af3097eaf9467c0924 Gen1 Emotet UPX Malicious Library CAB PE32 PE File Browser Info Stealer FTP Client Info Stealer AutoRuns PDB suspicious privilege Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		1			8.2	M		ZeroCERT

14031	2023-04-05 08:50	f8v.exe 5cbe3c33135407c9910469b6db11db61 PWS .NET framework RAT Generic Malware UPX Antivirus AntiDebug AntiVM OS Processor Check .NET EXE PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process Windows ComputerName DNS Cryptographic key	4 Keyword trend analysis Info http://www.hairbeaut.com/my28/?tTrt=Z/Z6Arx1VCI9n74vNfgOCtq1Nvi5iqCc3v4eVZsSpctSG3WfskTR2Rhn3Jm7D6abzFYjLyvf&1bYxY=mTft4pW http://www.higano-fe2.com/my28/?tTrt=mcTUPOx97ZGy3B1+Y10xg/YclV7skAllQt7bmTx94Z4J9v14rMahHZ489fA1cRLy0Vm9O80A&1bYxY=mTft4pW - rule_id: 28340 http://192.227.183.170/mac/Vjnlyrbubz.bmp http://www.dublinsroofer.com/my28/?tTrt=51zqh11ZnE0J95jzs/wGDEJtELzJg9P8LLhHidBFbDs0I39E36di5y94pzpzHyK8vzrJeU0w&1bYxY=mTft4pW	7	2	1	11.0	M	6	ZeroCERT

14032	2023-04-05 08:47	vbc.exe 07267fb4371d348b4acecd5ebfab5d48 UPX Malicious Library PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself	3 Keyword trend analysis Info http://www.tulipbaddie.com/sa79/?4hLpNJ=Pi7Ey0iMJyKZwqp6iXhMyyYPxOpav9bJQmREjn+3V5ZaE+2+83fVcjQjlyYtQNMfHCjMn2RE&nfutZl=xPJ4abP8 http://www.cloud-spartan.co.uk/sa79/?4hLpNJ=jkxHAd9GAbQei4M5qdOAezShFl0g6rfkBT3I54TzQtwvhmYtcfZekS4RyxImys3XUoylJySQ&nfutZl=xPJ4abP8 - rule_id: 28222 http://www.xuanliuchushaqi.com/sa79/?4hLpNJ=hJPMgNc3YBeDgy1LAyMKDmqQClBR6GCiPVe6h48AlyqECVJTXctJUujDBwCm/5McqNpOK+X6&nfutZl=xPJ4abP8	9	1	1	5.0	M	38	ZeroCERT

14033	2023-04-05 08:47	clip64.dll d7042ab15d410a1b17bea69064e84699 UPX Malicious Library Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE32 PE File VirusTotal Malware PDB Checks debugger unpack itself					2.0	M	54	ZeroCERT

14034	2023-04-05 08:45	telvm.exe bfc8bbf94ebb09d76e5db9c13f7ad223 Themida Packer PE32 PE File VirusTotal Malware					1.6	M	37	ZeroCERT

14035	2023-04-05 08:45	toolspub2.exe 30e9eeb70c21208690eafa461560b203 UPX Malicious Library AntiDebug AntiVM OS Processor Check PE32 PE File Malware Code Injection Checks debugger buffers extracted unpack itself Remote Code Execution					6.0			ZeroCERT

14036	2023-04-05 08:44	omo.exe 5288674c2d9557bd89a0aab4869f1f60 PWS .NET framework RAT Generic Malware UPX Antivirus AntiDebug AntiVM .NET EXE PE32 PE File FormBook Malware download VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process Windows ComputerName DNS Cryptographic key crashed	4 Keyword trend analysis Info http://www.five-dollar-meals.com/ar73/?4hLpNJ=xw5+2WrtgZ3I+FmDO28cYdOMSi8i8skO3LqTANOzc5+CPzKV8TCqQFujaaofBjSxJp3ZM220&nfutZl=xPJ4abP8 http://192.227.183.170/mac/Eunmqp.png http://www.2348x.com/ar73/?4hLpNJ=uLaHbssFGK+K4r2jphNy+u5CVr5fhnhOmj/btGNvTmJuFK+BK4bsWF0AbtObfMA6vm+8gwYu&nfutZl=xPJ4abP8 http://www.alphametatek.online/ar73/?4hLpNJ=8PQPyxuyNQLALfcTnwnCIS8V6sOsrVQczXAXl7lVYCMlFKgF4d3+cTIu+9fq5JPqxk7vHQfg&nfutZl=xPJ4abP8	7	1		13.4	M	30	ZeroCERT

14037	2023-04-05 08:42	fotocr14.exe 2dcb47fdf1d84aeb14d68a2c1b901ac1 Gen1 Emotet UPX Malicious Library CAB PE32 PE File Browser Info Stealer FTP Client Info Stealer AutoRuns PDB suspicious privilege Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Disables Windows Security Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		1			10.4			ZeroCERT

14038	2023-04-05 08:30	Photocopies.exe 2f5769f336565444ad1b4725b55d6dc9 UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware unpack itself crashed					2.6		49	ZeroCERT

14039	2023-04-05 07:25	UpdateGroup.exe 97acdf48c972303f1c68bffb21f7531d RAT Generic Malware UPX Antivirus .NET EXE PE32 PE File VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself AppData folder installed browsers check Windows Browser ComputerName crashed keylogger					6.4	M	46	ZeroCERT

14040	2023-04-05 06:52	buildcr.exe 33a45fcbca9c96cf4d9f456d27d87820 RAT Gen2 UPX Malicious Library Admin Tool (Sysinternals etc ...) AntiDebug AntiVM .NET EXE PE32 PE File OS Processor Check VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key					9.4	M	49	guest