Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
14206	2023-04-10 17:53	File_pass1234.7z 1773339fc39712821302e0f0b8ac9e1b PWS[m] Escalate priviledges KeyLogger AntiDebug AntiVM Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check Tofsee DNS	4 Keyword trend analysis	8	2	1	4.2	M		ZeroCERT

14207	2023-04-10 17:44	File_pass1234.7z 55ed279b9cd1e0ac7a5e593aa456fc69 PWS[m] Escalate priviledges KeyLogger AntiDebug AntiVM Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check Tofsee DNS	4 Keyword trend analysis	10	2		4.2	M		guest

14208	2023-04-10 17:40	File_pass1234.7z 55ed279b9cd1e0ac7a5e593aa456fc69 PWS[m] Escalate priviledges KeyLogger AntiDebug AntiVM suspicious privilege Check memory Checks debugger unpack itself					1.6	M		guest

14209	2023-04-10 17:38	File_pass1234.7z 55ed279b9cd1e0ac7a5e593aa456fc69 PWS[m] Escalate priviledges KeyLogger AntiDebug AntiVM suspicious privilege Check memory Checks debugger unpack itself					1.6	M		guest

14210	2023-04-10 17:36	2.exe b9bea76062a9f4365804695b6cc7772c UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself					2.0	M	38	ZeroCERT

14211	2023-04-10 16:01	homed_2023-04-09-015235_Bryans... 02055b0dfa55b8e8322b4040f5829498 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.4			BRY

14212	2023-04-10 15:50	[2023-04-08_06,01,39.716259]-A... 20d582c2d1fc560702795bc9216eba4e ScreenShot AntiDebug AntiVM Check memory unpack itself					1.0			BRY

14213	2023-04-10 10:43	sec2.exe 6eea1248a188ec88b2e7d50242da4965 NPKI PWS .NET framework RAT UPX OS Processor Check .NET EXE PE32 PE File VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself Windows Cryptographic key					2.2		27	ZeroCERT

14214	2023-04-10 10:43	build123456789.exe 2b5fc061696f29db6b1e55ffa37506c0 PWS .NET framework RAT UPX Confuser .NET OS Processor Check .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger ICMP traffic unpack itself Windows DNS Cryptographic key		1			4.4		39	ZeroCERT

14215	2023-04-10 09:52	mcb.exe 1ed1ae52785f50e3ba1bee8c0c71a8d0 PWS .NET framework RAT Generic Malware UPX Antivirus AntiDebug AntiVM OS Processor Check .NET EXE PE32 PE File FormBook Malware download VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	4	2		12.4	M	48	ZeroCERT

14216	2023-04-10 09:50	leafgrey.exe 16b67de79530a182c3e49ae82bb5f337 UPX Malicious Library Antivirus PE32 PE File MSOffice File OS Processor Check DLL icon Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications AntiVM_Disk sandbox evasion anti-virtualization VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	3 Keyword trend analysis Info http://176.113.115.25/bot/regex http://176.113.115.25/bot/online?guid=TEST22-PC\\test22&key=f91c75a2c5026af6018d7440b3cc6388f9e5424369f44512d073daee9d5318de https://176.113.115.21/V/sdkk5ywn1w/+iBH32vcXr87CL+YROcC3SO1z8sYve4b76amRKql5QDggj0I2AbinPxGpJbUpQllBVERtRx9KxUVyC8nK1a/109MZIB7ehXnhRA3u3fF/IMK5Pu2eHFKgJD6GNFhhJ8ea3akdd9FiO9eshpO8O7kUDRwSFsJBldB2jRI6xHsPmDHX7HIWLDBV7oSpPsNqfwQg==	4	1		18.4	M	53	ZeroCERT

14217	2023-04-10 09:49	fotocr17.exe 9354e489234efc07b0ad81163fd58f35 Gen1 Emotet UPX Malicious Library CAB PE32 PE File Browser Info Stealer FTP Client Info Stealer AutoRuns PDB suspicious privilege Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Disables Windows Security Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		1			10.4	M		ZeroCERT

14218	2023-04-10 09:47	ts.wsf 291c18d77096065aec86457b63eeb140 Generic Malware Antivirus AntiDebug AntiVM powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	2	3		7.6			ZeroCERT

14219	2023-04-10 09:44	Daggerhashimoto.bat 1a378a4fa84181614b51d0a0de0ebcbc NPKI Generic Malware Downloader Anti_VM Antivirus Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenShot AntiDebug AntiVM VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					5.0		1	ZeroCERT

14220	2023-04-10 09:44	s.exe e2c2cc0564de85a2ffd91ad3b66e5f4d UPX Malicious Library OS Processor Check PE32 PE File unpack itself Remote Code Execution					0.6	M		ZeroCERT