Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
14161	2023-04-12 13:38	xI-Febuary.12(69).wsf 964c85c835fe3ee30b9cc70d484fad43 Generic Malware Antivirus AntiDebug AntiVM suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key	6 Keyword trend analysis				5.6			ZeroCERT

14162	2023-04-12 13:38	xu-November.21(7354).wsf b87327f3d6171c25482b5e4e6387ffc6 Generic Malware Antivirus AntiDebug AntiVM powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key	10 Keyword trend analysis Info https://diabeflix.club/Q6py/bb2yV https://bsdtreeinc.com/5DY/yY0Kv1fADF1 https://medicaintl.com/CmyH/TIYYBtdMUV https://nomadlove.com.br/VR8f/EG1edeReGmd https://cientificagroup.com/ARvDiE/DJ1aPtT https://iluminareodonto.com.br/8K3IA/3birWLtz9 https://institutoekballo.org/DuZjN/vHwZNakm https://ianjesuscr.org/3nSn/AljncR https://conectabrazilnewbank.com/vyxB/iP9G6kk https://alkanaria-uae.com/3iv/9AePbUKU				5.6			ZeroCERT

14163	2023-04-12 13:31	rem.exe cb43cfa544d997cbbf5ca1d3e437fb92 AgentTesla NPKI PWS .NET framework RAT browser info stealer Generic Malware Google Chrome User Data Downloader UPX Antivirus Create Service Socket DNS PWS[m] Sniff Audio Internet API Escalate priviledges KeyLogger AntiDebug AntiVM OS Processor Check .NET VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut ICMP traffic unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key keylogger		5			13.0	M	43	ZeroCERT

14164	2023-04-12 13:30	File_pass1234.7z 9f886ca42bfa5a7511f23525b03776f2 PWS[m] Escalate priviledges KeyLogger AntiDebug AntiVM VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check Tofsee DNS	4 Keyword trend analysis	8	2	1	4.6	M	7	ZeroCERT

14165	2023-04-12 13:29	cpp_self_SC.bat 7b99fd1109a4f8307320a92fbb237bfb NPKI Generic Malware Downloader Antivirus Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenShot AntiDebug AntiVM powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key					4.0			ZeroCERT

14166	2023-04-12 13:15	31A1C087-CB71-4F3D-8B97-898F09... d41d8cd98f00b204e9800998ecf8427e AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Windows Browser Email ComputerName keylogger					4.0			BRY

14167	2023-04-12 11:37	jRuiQlItEQ.JS 6c5a8e4d9ba2f4ccb0ae3444473b3353 WriteConsoleW Windows	1 Keyword trend analysis	2			4.0			ZeroCERT

14168	2023-04-12 09:27	eU6ZAb44 2756a79655d41f63a0af6ff715a68637 PE64 PE File VirusTotal Malware crashed					1.2	M	6	ZeroCERT

14169	2023-04-12 09:25	LfhxrETRRGxerZerexgfCtex.exe 637e3496384188cc88c9de07f82dacce RAT Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName crashed					10.4	M	44	ZeroCERT

14170	2023-04-12 09:25	tmpF82D.tmp.exe 4f0402bf30445ece92c85cd3ee8240ac PWS .NET framework RAT .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself ComputerName					2.2	M	46	ZeroCERT

14171	2023-04-12 09:23	RegSvcs.exe f0e40af095d6cb50bd42713da5c21e4a .NET DLL DLL PE32 PE File PDB					0.2	M		ZeroCERT

14172	2023-04-12 09:23	clip64.dll ee69aeae2f96208fc3b11dfb70e07161 UPX Malicious Library Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE32 PE File VirusTotal Malware PDB Checks debugger unpack itself					2.0	M	54	ZeroCERT

14173	2023-04-12 09:23	bb2f2e6013f909a8d768138668cef6... ff8cf4e39cf12b67fdb346ec56af1666 RAT task schedule UPX Confuser .NET AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself DNS		1			7.6	M	47	ZeroCERT

14174	2023-04-12 09:21	lega.exe f6da6da3867f998ae4d9fdc3e92554d0 Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE32 PE File OS Processor Check DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Tofsee Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed Downloader	6 Keyword trend analysis Info http://80.66.79.86/joomla/index.php http://179.43.155.247/cc.exe - rule_id: 27942 http://80.66.79.86/joomla/Plugins/cred64.dll http://80.66.79.86/joomla/Plugins/clip64.dll https://transfer.sh/get/VI2XNN/t40qOrtfDw5JAOa.exe https://bitbucket.org/dushanbepromo/kingsoft/downloads/OriginalBuild.exe	8	13 Info ET MALWARE Amadey CnC Check-In ET INFO TLS Handshake Failure ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Observed DNS Query to File Transfer Service Domain (transfer .sh) ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in DNS Lookup) ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	1	15.8	M		ZeroCERT

14175	2023-04-12 09:20	Ruzvelt.exe cafc8351bc21c41083793db0f57b6aa8 UPX Malicious Library OS Processor Check PE32 PE File PDB unpack itself					1.0	M		ZeroCERT