Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
14056	2023-04-04 07:14	main.exe 07c9d25aeb2b712910258043749c7023 Gen1 Gen2 Generic Malware Suspicious_Script_Bin UPX Malicious Library Downloader Malicious Packer Anti_VM OS Processor Check PE32 PE File PNG Format DLL icon PE64 VirusTotal Malware PDB Creates executable files AppData folder sandbox evasion anti-virtualization Remote Code Execution		2		4.0	M	2	ZeroCERT

14057	2023-04-04 07:14	RegSvcs.exe aab8a0f6b79b294bc551f015851624ee PWS .NET framework RAT UPX Malicious Packer OS Processor Check .NET EXE PE32 PE File Malware download AsyncRAT NetWireRC Malware DNS		1	2	0.6			ZeroCERT

14058	2023-04-04 07:10	vbc.exe 1d2e530be1bc9a98c41429524a89c79e RAT Malicious Packer Admin Tool (Sysinternals etc ...) SMTP PWS[m] KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed				14.6	M	40	ZeroCERT

14059	2023-04-04 07:08	laowu.exe 7b97ca6f925df64756ec0bd8ab3c1590 UPX Malicious Library PE64 PE File VirusTotal Malware PDB Check memory Checks debugger RWX flags setting unpack itself DNS		1	2	4.2		35	ZeroCERT

14060	2023-04-04 07:08	akinssss.exe 3573cfa28e62b14b3a8189063065c8bc RAT Malicious Packer Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1	13.0		37	ZeroCERT

14061	2023-04-04 07:06	g8c.exe 42eff0c99f1958d55601dd9a74cd8d74 PWS .NET framework RAT Generic Malware UPX Antivirus AntiDebug AntiVM .NET EXE PE32 PE File FormBook Malware download VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process Windows ComputerName DNS Cryptographic key crashed	3 Keyword trend analysis Info http://www.higano-fe2.com/my28/?Ez=mcTUPOx97ZGy3B1+Y10xg/YclV7skAllQt7bmTx94Z4J9v14rMahHZ489fA1cRLy0Vm9O80A&lhuL=Sxo4ZRA http://192.227.183.170/mac/Ynbhsuy.dll http://www.49astleystreet.com/my28/?Ez=+VAUe4t+xmaF92noBAsndN56+z0GlyZ4xiIxgvDciribSLdsxv7/Rp1zqOY349oGooJSGIY2&lhuL=Sxo4ZRA	6	2	12.2		24	ZeroCERT

14062	2023-04-04 07:06	x......xx.......doc 8a16ed1c07b77b743749e470b82bc2c7 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	1	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE MSIL/GenKryptik.FQRH Download Request ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5.0		35	ZeroCERT

14063	2023-04-04 07:03	libcurl.dll 1c812c7057527a6d163c54cc4ecc4830 UPX Malicious Library OS Processor Check DLL PE32 PE File VirusTotal Malware PDB unpack itself				1.4		20	ZeroCERT

14064	2023-04-03 18:32	Order_list.exe c9b73b9cb9d53c2fd94a163ed584e553 Generic Malware Suspicious_Script_Bin Downloader task schedule WebCam UPX Malicious Library Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP Buffer PE AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs AntiVM_Disk VM Disk Size Check Windows ComputerName Remote Code Execution Cryptographic key				12.0			ZeroCERT

14065	2023-04-03 17:59	Order_list.exe c9b73b9cb9d53c2fd94a163ed584e553 Generic Malware Suspicious_Script_Bin task schedule Downloader WebCam UPX Malicious Library Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP Buffer PE AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs AntiVM_Disk VM Disk Size Check Windows ComputerName Remote Code Execution Cryptographic key				12.0			guest

14066	2023-04-03 16:52	ChromeFIX_errorMEM.exe e7c31cd054f469c689a28cdaf1f3c50e RedLine stealer[m] UPX Malicious Library AntiDebug AntiVM OS Processor Check PE32 PE File Browser Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key crashed		1		10.2	M	49	ZeroCERT

14067	2023-04-03 16:49	DefendUpdate.exe b13535dbbd04e5c0b14ec6929daf338a PE64 PE File VirusTotal Malware crashed				2.2	M	45	ZeroCERT

14068	2023-04-03 16:49	KibbledActionably.exe b639bd399837f1e0c1424313f0f1a18e UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself				2.2	M	48	ZeroCERT

14069	2023-04-03 16:47	Rhymers.exe 2ac0ff27c872b8b784d31027f05d44cd RedLine stealer[m] PWS .NET framework RAT RedLine Stealer Confuser .NET SMTP PWS[m] AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1		9.4	M	48	ZeroCERT

14070	2023-04-03 16:47	Cuttoes.exe 868398533736a48ccf3008a8eb4ddc49 PWS .NET framework RAT RedLine Stealer Confuser .NET SMTP PWS[m] Escalate priviledges ScreenShot AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself				6.0	M	49	ZeroCERT