Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
14431	2023-03-17 20:13	trxV9376 c901c8089c5e017f8e9b4b15c8ef154f UPX Malicious Library Malicious Packer OS Processor Check DLL PE64 PE File VirusTotal Malware Checks debugger unpack itself suspicious process sandbox evasion Remote Code Execution					3.6	M	14	ZeroCERT

14432	2023-03-17 18:13	file.zip 26920d49e119bb1dc4c206aba46c0dcd ZIP Format VirusTotal Malware			1		0.4	M	9	ZeroCERT

14433	2023-03-17 18:11	4.exe 3eaca76030647d883ca5c109b43acc76 Generic Malware Antivirus .NET EXE PE32 PE File PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process Tofsee Windows Discord ComputerName DNS Cryptographic key Downloader	1 Keyword trend analysis	2	3		10.0	M	30	ZeroCERT

14434	2023-03-17 18:09	02..................02........... 984eb11b3f5de9345be40b9fdf432400 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting					2.4	M	29	ZeroCERT

14435	2023-03-17 18:08	vbc.exe 13a237b2f7042de8f7585c54d2432b6c RAT Generic Malware Antivirus AntiDebug AntiVM .NET EXE PE32 PE File FormBook Malware download VirusTotal Malware powershell PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	7 Keyword trend analysis Info http://www.sandpiper-apts.com/ehix/ http://www.dinggubd.net/ehix/?h6F=uZpwbE4nN2FTslKaVHbKae8zgt7ky0ornocOgs3KDnesGtSB9h/P9vAZ6XnbrtyGeAsuVYTjH2sIgvdhXFnX0MFN/kXYYsd1fLs/H40=&YYr=-RbSCSO-GYg_Y3Y http://www.concuahuhong1.click/ehix/?h6F=if2Sxmb1wbsgykDYswU7cz6QUuf80YrLHLWXtXfRIc3fuRnAOAgdB9sWkF8Vm7Dtou8EjpxeY5RMTtGuXYR0sZRmFMzKh58Rimf7prg=&YYr=-RbSCSO-GYg_Y3Y http://www.concuahuhong1.click/ehix/ http://www.sqlite.org/2017/sqlite-dll-win32-x86-3190000.zip http://www.lokoua.com/ehix/?h6F=J3/YmHeO7gb1hrFZ00oJyvMIE8jwh9FpyhpNHHKc/Dwl4Ow066XTIPDrbjScBfSdD+Wjc5kJZlXqKPUymTpi8Jn7Vm98ECa7tDgcZOQ=&YYr=-RbSCSO-GYg_Y3Y http://www.dinggubd.net/ehix/	10	2		11.4	M	21	ZeroCERT

14436	2023-03-17 18:07	lastdc.exe 2d0cc7c5c9953f0b7c91b26533f93cbc RAT North Korea Generic Malware UPX Antivirus ScreenShot Code injection PWS[m] AntiDebug AntiVM .NET EXE PE32 PE File GIF Format VirusTotal Malware Buffer PE AutoRuns PDB MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself human activity check Windows ComputerName DNS		1			11.8	M	31	ZeroCERT

14437	2023-03-17 18:05	ascrypt.exe 36e4122b5fdd4e5b802aa7c109c354fb RAT task schedule UPX Malicious Library Malicious Packer AntiDebug AntiVM OS Processor Check .NET EXE PE32 PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself ComputerName DNS crashed		1			10.0	M	29	ZeroCERT

14438	2023-03-17 18:04	2.exe 53e1934061876c52e6fa0c9243d32d9d Generic Malware Antivirus .NET EXE PE32 PE File PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process Tofsee Windows Discord ComputerName DNS Cryptographic key Downloader	1 Keyword trend analysis	2	3		10.0	M	45	ZeroCERT

14439	2023-03-17 18:02	3.exe 9549168790bc8b01d0c889fccb01bd73 Generic Malware Antivirus .NET EXE PE32 PE File PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process Tofsee Windows Discord ComputerName DNS Cryptographic key Downloader	1 Keyword trend analysis	2	3		10.0	M	30	ZeroCERT

14440	2023-03-17 18:02	68..................68........... 86fc671549dae9122a212b2d0866518d MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	2	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE MSIL/GenKryptik.FQRH Download Request ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		4.4	M	25	ZeroCERT

14441	2023-03-17 18:00	EBSMEDIA_protected.exe 97bf48e51ff002f6d9f5e778e52d8319 RAT Generic Malware task schedule Malicious Packer Antivirus AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS Cryptographic key		1			14.8	M	51	ZeroCERT

14442	2023-03-17 18:00	1.exe e04c47828b28e33be2b5ebc75172901b Generic Malware Antivirus .NET EXE PE32 PE File PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process Tofsee Windows Discord ComputerName DNS Cryptographic key Downloader	1 Keyword trend analysis	2	3		10.0	M	27	ZeroCERT

14443	2023-03-17 17:58	6.exe 210e93b80b868f6aebf712e0da9edf5b Generic Malware Antivirus .NET EXE PE32 PE File PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process Tofsee Windows Discord ComputerName DNS Cryptographic key Downloader	1 Keyword trend analysis	2	3		10.0	M	31	ZeroCERT

14444	2023-03-17 17:58	HDU3.exe 04694e5e78d0a3dcab0bfea22aa90cfe Malicious Packer PE64 PE File VirusTotal Malware Tofsee crashed DoTNet		2	3		2.0	M	31	ZeroCERT

14445	2023-03-17 17:57	vbc.exe f35d8958edaab270d6c621bb96e395fc Malicious Library AntiDebug AntiVM PE64 PE File FormBook Malware download VirusTotal Malware Buffer PE PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	18 Keyword trend analysis Info http://www.thedivinerudraksha.com/u2kb/?zKkmw=im5SXjRwbJIZeY2yetpTdO7N29MJtck2UhYi2fNZ2Kf/X7lq2SPRiB6LR8y/FeM3y7tdA/WTtliq4uHTfapDkaA0PJ0fXInXaKlPglI=&toZ=xM6qAGrIAGRvmv - rule_id: 28009 http://www.gritslab.com/u2kb/ - rule_id: 28002 http://www.thewildphotographer.co.uk/u2kb/?zKkmw=pn+zaWXo7szcfRSxp4kAcR5iap+7ulP+x3705F5u21IqvN9WG9kcDL2FxdXl2W/5MjovaUotkmG6JgF/Eyaa9PeBR2yUVivPQ+uGbEI=&toZ=xM6qAGrIAGRvmv - rule_id: 28007 http://www.shapshit.xyz/u2kb/ - rule_id: 28008 http://www.gritslab.com/u2kb/?zKkmw=ydCzFiH7iMWnz6xHMKiyYVGDKfWH5+fYQUsmgPEoYCSsyD6HgT3yOGCjssC2N8mKn+GjINYvhr7iKNezbHZCh47jo+mhlV2uXG5eH60=&toZ=xM6qAGrIAGRvmv - rule_id: 28002 http://www.energyservicestation.com/u2kb/ - rule_id: 28005 http://www.thewildphotographer.co.uk/u2kb/ - rule_id: 28007 http://www.younrock.com/u2kb/?zKkmw=05tPwqSdqXO2xf32BmsnsHpgCfZIa2c80hhB3sQ3FFDNPs5AZDU6TyUQmX911UO6Ssjq2b6k9nBD4uDOZrqd7XHQTF+IIpbM/DoOhU4=&toZ=xM6qAGrIAGRvmv - rule_id: 28006 http://www.sqlite.org/2020/sqlite-dll-win32-x86-3330000.zip http://www.222ambking.org/u2kb/?zKkmw=IEUpLmGg2fqLmrhwD8IHX/zhiiNjbOQDFcodV2ACJcW4bHSQscR3Nc4uRx31p3m0gGv03uToPch8hDrce1eNAdUBSmpSNalx6DQXGQo=&toZ=xM6qAGrIAGRvmv - rule_id: 28004 http://www.thedivinerudraksha.com/u2kb/ - rule_id: 28009 http://www.bitservicesltd.com/u2kb/ - rule_id: 28003 http://www.white-hat.uk/u2kb/?zKkmw=PXfMycAZpTAipct8YN0l/5TWhYE4yPgF2k7967nf/qU1A0mUqq9Jlnm9rK8XSf3D04yKTuePtKPnTCgwye3M0h5ZtqacmtcmNe/sHow=&toZ=xM6qAGrIAGRvmv - rule_id: 28001 http://www.bitservicesltd.com/u2kb/?zKkmw=rr+sOBvEXsBdGevUk44F/k+BAr88zC1YNHmXivr92FQhRIIYsedR2a+6GoV1WAKeGdj+MTdX512lJXz4UaWEmNABCelIWOCZ3yhH4Z4=&toZ=xM6qAGrIAGRvmv - rule_id: 28003 http://www.energyservicestation.com/u2kb/?zKkmw=IK59b/MdFRha+CUVM3V2TqbXgrTjD6F66TLC1fPPNwLnZq29gpb1hRWNlrDr258EhEsSnFmalKQEmudxTrusBmUmj2xyJgahFTdaUmU=&toZ=xM6qAGrIAGRvmv - rule_id: 28005 http://www.shapshit.xyz/u2kb/?zKkmw=Yd5Rzn4EVOpL1Cl/eY8jjeGdoEKZlYBpl8BtE0ZhlgLGbR5cH1Fn7sihS3XP3GCDon1xi4vL0lQ4XtydV6BMyXIOMzObAfzgUMU2ykM=&toZ=xM6qAGrIAGRvmv - rule_id: 28008 http://www.222ambking.org/u2kb/ - rule_id: 28004 http://www.younrock.com/u2kb/ - rule_id: 28006	19 Info www.thewildphotographer.co.uk(45.33.18.44) - mailcious www.gritslab.com(78.141.192.145) - mailcious www.shapshit.xyz(199.192.30.147) - mailcious www.energyservicestation.com(213.145.228.111) - mailcious www.222ambking.org(91.195.240.94) - mailcious www.bitservicesltd.com(161.97.163.8) - mailcious www.thedivinerudraksha.com(85.187.128.34) - mailcious www.white-hat.uk(94.176.104.86) - mailcious www.younrock.com(63.141.242.45) - mailcious 91.195.240.94 - phishing 85.187.128.34 - mailcious 78.141.192.145 - mailcious 199.192.30.147 - mailcious 45.79.19.196 - mailcious 213.145.228.111 - mailcious 94.176.104.86 - mailcious 161.97.163.8 - mailcious 45.33.6.223 81.17.18.195 - mailcious	2	17 Info http://www.thedivinerudraksha.com/u2kb/ http://www.gritslab.com/u2kb/ http://www.thewildphotographer.co.uk/u2kb/ http://www.shapshit.xyz/u2kb/ http://www.gritslab.com/u2kb/ http://www.energyservicestation.com/u2kb/ http://www.thewildphotographer.co.uk/u2kb/ http://www.younrock.com/u2kb/ http://www.222ambking.org/u2kb/ http://www.thedivinerudraksha.com/u2kb/ http://www.bitservicesltd.com/u2kb/ http://www.white-hat.uk/u2kb/ http://www.bitservicesltd.com/u2kb/ http://www.energyservicestation.com/u2kb/ http://www.shapshit.xyz/u2kb/ http://www.222ambking.org/u2kb/ http://www.younrock.com/u2kb/	8.2	M	25	ZeroCERT