Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
14056	2023-04-19 09:03	foto0165.exe 8cf8c1cae5a55df0a1fe7dab8f6b1a43 Gen1 Emotet UPX Malicious Library CAB PE32 PE File Browser Info Stealer FTP Client Info Stealer AutoRuns PDB suspicious privilege Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		1		8.2			ZeroCERT

14057	2023-04-19 09:03	fotocr20.exe dc948dea49fe875c99f065ee6ac246ad Gen1 Emotet UPX Malicious Library CAB PE32 PE File Browser Info Stealer FTP Client Info Stealer AutoRuns PDB suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Disables Windows Security Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		1		10.6			ZeroCERT

14058	2023-04-19 06:36	._WiFiLQMMetrics-2023-04-17-17... a09e0c09530d357be5ea189cc870fed3 Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.2			guest

14059	2023-04-19 06:33	TransparencyTopic-2023-04-18-0... c9f7c97f79ddacf70c48747de0599deb AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				3.4			guest

14060	2023-04-19 06:33	WiFiLQMMetrics-2023-04-17-1704... 1661b9f129bfdd9c94bc68262e821622 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed				3.8			guest

14061	2023-04-19 06:33	CloudServicesTopic-2023-04-18-... 6b2ede8ffa4abf4625b9f58b6fd1cb08 Keylogger Discord AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				3.4			guest

14062	2023-04-19 06:31	._WiFiLQMMetrics-2023-04-17-17... a09e0c09530d357be5ea189cc870fed3 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed				3.8			guest

14063	2023-04-19 06:31	TransparencyTopic-2023-04-18-0... c9f7c97f79ddacf70c48747de0599deb AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				3.4			guest

14064	2023-04-19 06:31	CloudServicesTopic-2023-04-18-... 6b2ede8ffa4abf4625b9f58b6fd1cb08 Keylogger Discord AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				3.4			guest

14065	2023-04-19 06:30	WiFiLQMMetrics-2023-04-17-1704... 1661b9f129bfdd9c94bc68262e821622 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed				3.8			guest

14066	2023-04-18 19:01	newf.dotm 175722ba98f8f2715841c2c22026b7c8 VBA_macro Generic Malware Antivirus ZIP Format Word 2007 file format(docx) PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut RWX flags setting exploit crash unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows Exploit ComputerName Cryptographic key crashed Downloader	1 Keyword trend analysis	2	2	10.0	M	24	ZeroCERT

14067	2023-04-18 17:52	Togwcstgxg.exe 7225b0d133ba9c857fbfb6291eab84e3 Generic Malware Downloader task schedule UPX Malicious Library Antivirus Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenShot persistence AntiDebug An Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself suspicious process AppData folder malicious URLs installed browsers check Ransomware Windows Browser ComputerName DNS Cryptographic key	1 Keyword trend analysis	1		9.4	M	50	ZeroCERT

14068	2023-04-18 17:46	hastly.exe 4587d9fde0fc6ad5decaaf9b391ebd5b UPX OS Processor Check PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Check memory buffers extracted unpack itself Ransomware Browser DNS Software		2	1	4.4	M	50	ZeroCERT

14069	2023-04-18 17:42	vbc.exe bc22f3ae38188dd77d35e949f9558150 PWS .NET framework RAT Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	2	14.0	M		ZeroCERT

14070	2023-04-18 17:40	Installs.exe 4c9bc0e73872ba91b88fda7a45e5379a PWS .NET framework RAT Malicious Library .NET EXE PE32 PE File VirusTotal Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut unpack itself installed browsers check Browser ComputerName crashed				6.0	M	45	ZeroCERT