Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
14296	2023-04-05 08:45	toolspub2.exe 30e9eeb70c21208690eafa461560b203 UPX Malicious Library AntiDebug AntiVM OS Processor Check PE32 PE File Malware Code Injection Checks debugger buffers extracted unpack itself Remote Code Execution					6.0			ZeroCERT

14297	2023-04-05 08:44	omo.exe 5288674c2d9557bd89a0aab4869f1f60 PWS .NET framework RAT Generic Malware UPX Antivirus AntiDebug AntiVM .NET EXE PE32 PE File FormBook Malware download VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process Windows ComputerName DNS Cryptographic key crashed	4 Keyword trend analysis Info http://www.five-dollar-meals.com/ar73/?4hLpNJ=xw5+2WrtgZ3I+FmDO28cYdOMSi8i8skO3LqTANOzc5+CPzKV8TCqQFujaaofBjSxJp3ZM220&nfutZl=xPJ4abP8 http://192.227.183.170/mac/Eunmqp.png http://www.2348x.com/ar73/?4hLpNJ=uLaHbssFGK+K4r2jphNy+u5CVr5fhnhOmj/btGNvTmJuFK+BK4bsWF0AbtObfMA6vm+8gwYu&nfutZl=xPJ4abP8 http://www.alphametatek.online/ar73/?4hLpNJ=8PQPyxuyNQLALfcTnwnCIS8V6sOsrVQczXAXl7lVYCMlFKgF4d3+cTIu+9fq5JPqxk7vHQfg&nfutZl=xPJ4abP8	7	1		13.4	M	30	ZeroCERT

14298	2023-04-05 08:42	fotocr14.exe 2dcb47fdf1d84aeb14d68a2c1b901ac1 Gen1 Emotet UPX Malicious Library CAB PE32 PE File Browser Info Stealer FTP Client Info Stealer AutoRuns PDB suspicious privilege Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Disables Windows Security Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		1			10.4			ZeroCERT

14299	2023-04-05 08:30	Photocopies.exe 2f5769f336565444ad1b4725b55d6dc9 UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware unpack itself crashed					2.6		49	ZeroCERT

14300	2023-04-05 07:25	UpdateGroup.exe 97acdf48c972303f1c68bffb21f7531d RAT Generic Malware UPX Antivirus .NET EXE PE32 PE File VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself AppData folder installed browsers check Windows Browser ComputerName crashed keylogger					6.4	M	46	ZeroCERT

14301	2023-04-05 06:52	buildcr.exe 33a45fcbca9c96cf4d9f456d27d87820 RAT Gen2 UPX Malicious Library Admin Tool (Sysinternals etc ...) AntiDebug AntiVM .NET EXE PE32 PE File OS Processor Check VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key					9.4	M	49	guest

14302	2023-04-04 17:28	SystemUpdate.exe 09a29f3b529c5e9ab25a47973bb0900a PWS .NET framework RAT Generic Malware Confuser .NET Antivirus UPX Malicious Library Malicious Packer .NET EXE PE32 PE File OS Processor Check PE64 VirusTotal Malware powershell Buffer PE AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Auto service powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Firmware DNS Cryptographic key	6 Keyword trend analysis Info https://bitbucket.org/rpoverka/zhopa/downloads/xmrig.exe - rule_id: 27006 https://bitbucket.org/rpoverka/zhopa/downloads/xmrig.exe https://bbuseruploads.s3.amazonaws.com/92650141-3771-4ef6-8487-a8ce5ad2e240/downloads/b3a0e12f-e350-4a5c-8239-1cb38b0ef068/xmrig.exe?response-content-disposition=attachment%3B%20filename%3D%22xmrig.exe%22&AWSAccessKeyId=ASIA6KOSE3BNLA7LD4BL&Signature=g4wJ2r5h59KSahB1y4%2F8HZRLC04%3D&x-amz-security-token=FwoGZXIvYXdzECIaDBCNQm7tYWerDBrTpyK%2BAaQp%2BdNp0ydv0AG2E4AzCKx2u%2FycIejgNxF%2FuFdAIsQHNFVyhHJ4I53ZPUtoxrTWfBbx0FoMNIEAID8XfJeZjrLs%2F1M%2FT9JGTqmtNyHXC6fIXR09xBIIdB3cPxiT7EG6GW3JgLotvx%2BYGLX6CFJhPtpimlM%2F0phB45lz3WckErYh643krmXem4wwpWSzO%2FrkIzT6SJMTQojsT7g0uGUR3FAhsVewpsXzyUQsz%2BzXCv2%2F572gwwPwAnK6rE7AIgUov7evoQYyLYHe7Tu%2FESyH%2FhbUkoPA%2B7rrGq9zuCsGanjOllD7mJgQnDWKxqZ3OhiGO8W3zQ%3D%3D&Expires=1680597703 https://bitbucket.org/rpoverka/zhopa/downloads/Task24Watch.exe - rule_id: 27005 https://bitbucket.org/rpoverka/zhopa/downloads/Task24Watch.exe https://bbuseruploads.s3.amazonaws.com/92650141-3771-4ef6-8487-a8ce5ad2e240/downloads/03f126aa-6017-4520-92a2-c8112a6addd7/Task24Watch.exe?response-content-disposition=attachment%3B%20filename%3D%22Task24Watch.exe%22&AWSAccessKeyId=ASIA6KOSE3BNP45LSYXJ&Signature=bf%2BxxfvszXPMP7jtjGo74tezGNE%3D&x-amz-security-token=FwoGZXIvYXdzECIaDJgrOS6fkzSPFivs3CK%2BAcHuj52wVNnm4rSADUNCVc5KNhqiufxNy0GncP553pr2hq7mOa8QzZLZfX7%2FNjBaQFglHP7ckxSnsLkrvLRTHFl1dVlHEcN7smhQI0KxwMpNADfae%2FaN%2FXh8bG0DnFsMySkIKQY64NOruebcwBIi83SllxN5d%2Bg6Gbm8AuLRXYcLy4Anflnyt7EzTrcJuG0a5CVCYynwqm82oyPhzx%2B0EdIebw8NtM9EOGQJOS8sWpEz5hgOXWMX9%2BpnTNnbThsosLevoQYyLbYMIdEs21wl%2BhVx%2BL5t0%2B2dBfxZ6FsudMgM3WnALV9R44nUr4Ir348oXZuTrg%3D%3D&Expires=1680597688	7	2	2	12.0	M	52	ZeroCERT

14303	2023-04-04 17:27	blez.exe ba6e7557d1090cc6d6091cafb984e4b5 PWS .NET framework RAT Generic Malware UPX Antivirus AntiDebug AntiVM .NET EXE PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	4	1		11.2	M	11	ZeroCERT

14304	2023-04-04 17:24	buildcr.exe 33a45fcbca9c96cf4d9f456d27d87820 RAT Gen2 UPX Malicious Library Admin Tool (Sysinternals etc ...) AntiDebug AntiVM .NET EXE PE32 PE File OS Processor Check VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key					9.8	M	31	ZeroCERT

14305	2023-04-04 17:22	vbc.exe 867334824fc516494ef38ac031998877 PWS .NET framework RAT Generic Malware UPX Antivirus AntiDebug AntiVM .NET EXE PE32 PE File FormBook Malware download VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	4	2		12.2	M	33	ZeroCERT

14306	2023-04-04 17:22	ytsd6v.exe cc6caf2c7b27fe45d8a148e1e9af9aae RedLine stealer[m] UPX Malicious Library AntiDebug AntiVM OS Processor Check PE32 PE File VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key crashed		1			9.0	M	54	ZeroCERT

14307	2023-04-04 17:20	vbc.exe 8b817b79a103307dcd00a353e6bc13ac RAT UPX AntiDebug AntiVM PE64 PE File FormBook Malware download VirusTotal Malware Buffer PE PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself suspicious TLD Windows DNS Cryptographic key	10 Keyword trend analysis Info http://www.zservers.xyz/hjdr/ http://www.xn--pdotrychler-l8a.ch/hjdr/ http://www.zservers.xyz/hjdr/?4DfzboWa=a/jwoO6Li4WGoMKhZK2qV7tdnllQ6mdQYsYFdFr7RisYjJd1Hm0f46xorIJmHDnVHKTR/o/1BaU+86MBDvdqY5CeL0wg/BcTjfumQVU=&P-nwqe=rBAJq-X http://www.sqlite.org/2022/sqlite-dll-win32-x86-3380000.zip http://www.howtrue.info/hjdr/?4DfzboWa=kJhn0XnRZRgnPBFsTC3RrkdNU3jL2gKJb5tjL3sD/5M7+ZJLcewBYYG+QRdPVJXXplIlf5qgAFj8zlCmH3brR5caIrNXSuF9PhWnmJU=&P-nwqe=rBAJq-X http://www.tugrow.top/hjdr/?4DfzboWa=2Lz3cRNcgovZAvoxkyTJJkVbnS/f0a6Q88r0UIjg2Los90+Pf0cBdPH279Q+Q6Q5Wf8ziDEK77rXCjEWctJre0mQm9v094R3uDXqBk4=&P-nwqe=rBAJq-X http://www.xn--pdotrychler-l8a.ch/hjdr/?4DfzboWa=viX6L1AgcIzkNKvffNzJJ+Yd0/U+wEe4YYZ25bQBQN6YyRvPjBEvK6hqMFdbfSlnHMzHqKUOr90SHQpYKy1ow0mwR1Rp7LB2XNGkbPc=&P-nwqe=rBAJq-X http://www.amateurshow.online/hjdr/?4DfzboWa=xX5SVKkWhoDut3GzBaDmppnEHsg/q+4WKSSlO6xSWbIBYORImKJaBpt9iPBmVz2FT2wLfcB9Y2Q6assiK3BzS8oN8k0Uh6RuPdoxrUM=&P-nwqe=rBAJq-X http://www.howtrue.info/hjdr/ http://www.tugrow.top/hjdr/	12 Info www.amateurshow.online(198.37.115.75) www.xn--pdotrychler-l8a.ch(95.130.17.35) www.zservers.xyz(103.42.108.46) www.tugrow.top(66.29.131.66) www.howtrue.info(184.168.113.29) 95.130.17.35 - suspicious 103.42.108.46 - mailcious 184.168.113.29 192.253.237.20 - mailcious 66.29.131.66 198.37.115.75 45.33.6.223	6		9.0	M	36	ZeroCERT

14308	2023-04-04 17:20	rocketscamjesus.exe 065b5810275d9f18cb2724096f96a160 PWS .NET framework RAT UPX OS Processor Check .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1			7.6	M	54	ZeroCERT

14309	2023-04-04 17:19	ContinentGroufs.exe 7b789842cbf26efdbe8a0c4d33a1745d UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware unpack itself Remote Code Execution					2.2	M	59	ZeroCERT

14310	2023-04-04 17:18	sBJ42BUkUv.exe af16c9b8a8ca0b632d9ca91a8411ec57 RedLine stealer[m] Generic Malware Downloader Malicious Library Antivirus Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenShot AntiDebug AntiVM PE64 P Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Detects VirtualBox suspicious process WriteConsoleW VMware anti-virtualization installed browsers check Windows Browser Advertising ComputerName DNS Cryptographic key Software crashed		1			21.2	M	34	ZeroCERT