Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
14191	2023-03-29 09:50	GIB.exe e47210accd809054f50bb4f1c765004e RAT Malicious Library PE64 PE File VirusTotal Malware Buffer PE Check memory Checks debugger buffers extracted unpack itself				3.2	M	34	ZeroCERT

14192	2023-03-29 09:46	atom.xml bb3afc961cd9b132922db723407508e7 Hide_EXE PowerShell Script MZ AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis		2	4.2		2	ZeroCERT

14193	2023-03-29 07:44	qz.exe 01b694e73ae67576d5960eef85a9ad2f NPKI PWS .NET framework RAT UPX Malicious Library OS Processor Check .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself				2.0		51	ZeroCERT

14194	2023-03-29 07:43	sync.exe 3b7f9dcb3b83acf40f32d5f7c500fefb PWS .NET framework RAT Downloader task schedule UPX Malicious Library Malicious Packer Create Service DGA Socket ScreenShot DNS Internet API Code injection PWS[m] Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges FTP Http API AntiDebug VirusTotal Malware AutoRuns Code Injection Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName				4.8	M	55	ZeroCERT

14195	2023-03-28 13:47	nerino.exe 4e9932a21816959b576ac87a41855cce UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution				2.0	M	22	guest

14196	2023-03-28 13:45	nerino.exe 4e9932a21816959b576ac87a41855cce UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution				2.0	M	22	guest

14197	2023-03-28 12:46	vbc.exe de3409f5d14c9b23a29ad18de6e35446 PWS .NET framework RAT .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself ComputerName				2.0	M	33	guest

14198	2023-03-28 08:37	vbc.exe de3409f5d14c9b23a29ad18de6e35446 PWS .NET framework RAT .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself ComputerName DNS		1		2.6	M	33	ZeroCERT

14199	2023-03-28 08:35	2023.exe.exe 027a60b4337dd0847d0414aa8719ffec UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File VirusTotal Malware Check memory Checks debugger WMI Creates shortcut unpack itself Windows utilities suspicious process Windows ComputerName DNS crashed		1		6.4		46	ZeroCERT

14200	2023-03-28 08:35	111.exe 6512741ded1505a7b3dc528d8a337ee5 Malicious Library PE32 PE File VirusTotal Malware PDB Check memory unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check Browser DNS		1	1	3.8		50	ZeroCERT

14201	2023-03-28 08:25	unknown.exe 87366b4da9f888d5abf85274074d4156 RAT UPX Malicious Library OS Processor Check .NET EXE PE32 PE File suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName keylogger				3.2			ZeroCERT

14202	2023-03-28 08:22	dk.exe 4ef3bfe67588ffebb595fce72889a5ad RAT UPX AntiDebug AntiVM .NET EXE PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself DNS	14 Keyword trend analysis Info http://www.organiclifestyle.biz/u62a/?q--kx9Ef=VvqZGz3PHJbSx1QTtGtZ27JbTMCS5Ic5/4p6o7fkYDsqsQXV00C4Mjy3HEa1fsrCkNg75FGvKvR0eCFVX6t17fJz0m/poFYbzV0qA3k=&El=z7Vjn http://www.coba.dev/u62a/ http://www.starauctioneerspro.com/u62a/ http://www.marex.promo/u62a/?q--kx9Ef=HTOKBE+ideXsbClCFIZFlPYDAjUuWFn3t4knnx885+0EkjdUagvAPmmh9nOXJS6XsZrvZ1YpL3hurMR7Bu4FKovUyILBMkHn6uQL+64=&El=z7Vjn http://www.marex.promo/u62a/ http://www.sqlite.org/2020/sqlite-dll-win32-x86-3320000.zip http://www.coba.dev/u62a/?q--kx9Ef=o8SCP/YnJ49qk75I5z3GzELHmg2Up2LUiNCn13SbmA4goaf+g+1fYa13Odsfun9rvkIDAdpJippA+Y6N0xwu8NBanTjMGd5U2PfRiS4=&El=z7Vjn http://www.kunimi.org/u62a/ http://www.kunimi.org/u62a/?q--kx9Ef=Do2YNZmdCCnGDS2WdMJQZ6ZCKAd/GRXgo7DNSK9yFY09r/FIwMWpAWGLeKjsO9QXj5EgxT/2XN8JUIdJtTBe0orCvwywWdiUJLw1V4E=&El=z7Vjn http://www.lowcome.life/u62a/ http://www.meandclementina.com/u62a/?q--kx9Ef=sEdvL1ZGkULv2A8bNXBRaRmdYx+eWL4gYtShFj4pbN8o5eHSa3QtYRl1ZjlPIya8jQvOFXB8wZUlu2C2FpqSzuYXIQNHQFur3PZxkFI=&El=z7Vjn http://www.meandclementina.com/u62a/ http://www.starauctioneerspro.com/u62a/?q--kx9Ef=xxICz6/4R5ldvKit9pQiZZ+jTsTJ1UXO3+kkY3b4PoRSc/9CGhnte6tVjQSTVfHBpnO/T6bLIQt5I4s4artxGH6TeZHS/DCwG7N4VUA=&El=z7Vjn http://www.lowcome.life/u62a/?q--kx9Ef=SpYuczb0I67O/JB79loYgv0QPNy9tmAedxSPiGXP/gajLTktWHzWDdz7w0u65687mA4BdpaJEcNqadlvkC0xWpASIIM+xKCPpUlgMWA=&El=z7Vjn	15 Info www.starauctioneerspro.com(94.23.162.163) www.lowcome.life(198.177.124.57) www.kunimi.org(219.94.129.181) www.coba.dev(46.17.173.192) www.marex.promo(91.189.114.25) www.meandclementina.com(195.110.124.133) www.organiclifestyle.biz(34.117.168.233) 46.17.173.192 34.117.168.233 - mailcious 91.189.114.25 - malware 219.94.129.181 195.110.124.133 - mailcious 54.38.220.85 - mailcious 198.177.124.57 45.33.6.223	4	8.8	M	42	ZeroCERT

14203	2023-03-28 08:21	wwa.exe 53622e61772d39cd6868b89aaabb8249 RAT Gen1 email stealer Downloader UPX Malicious Packer Malicious Library Socket ScreenShot DNS Code injection PWS[m] Sniff Audio KeyLogger Escalate priviledges persistence AntiDebug AntiVM .NET EXE PE32 PE File OS Processor Check DLL Browser Info Stealer Malware download AveMaria NetWireRC VirusTotal Email Client Info Stealer Malware AutoRuns MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser RAT Email ComputerName DNS		3	2	13.0		47	ZeroCERT

14204	2023-03-28 08:20	script.ps1 ab5fc61f3bff95a184793280a69fb709 Generic Malware Antivirus powershell AutoRuns Check memory unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	3	1	6.6	M		ZeroCERT

14205	2023-03-28 08:19	vbc.exe e90d3ec392d44522f55a0cf054c211a9 PWS .NET framework SMTP PWS[m] KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	1 Keyword trend analysis	2	5	13.4		34	ZeroCERT