Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
14461	2023-03-17 10:22	wp.exe e6ecbd1d1be89544050d4ed5f1c276bf PWS .NET framework RAT task schedule UPX Malicious Library AntiDebug AntiVM OS Processor Check .NET EXE PE32 PE File VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key DDNS crashed		4	3	13.6	M	31	ZeroCERT

14462	2023-03-17 10:13	vbc.exe 1f3db8af64889c15223ed7de05b86413 PWS .NET framework RAT UPX .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself ComputerName				2.4	M	39	ZeroCERT

14463	2023-03-17 10:11	MatyWon.exe e01eed093c11df9172d1a70484e8f973 RedLine stealer[m] PWS .NET framework RAT RedLine Stealer Confuser .NET SMTP PWS[m] AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		2		7.2	M	38	ZeroCERT

14464	2023-03-17 10:09	111.exe 6e5c1da79c9bdb532b062567460b4f1d Malicious Library PE32 PE File VirusTotal Malware PDB Check memory unpack itself AntiVM_Disk VM Disk Size Check Browser DNS		1	1	3.2	M	39	ZeroCERT

14465	2023-03-17 10:07	6.ocx ef4a2bb28bee4196a1996de11a3bbf8b Generic Malware UPX Malicious Library VMProtect PE32 PE File VirusTotal Malware RWX flags setting unpack itself		2		5.0	M	40	ZeroCERT

14466	2023-03-17 10:04	foto0128.exe 1a58eef2765ad5adb3ac07d0e3c1234d Gen1 Emotet UPX Malicious Library CAB PE32 PE File Browser Info Stealer FTP Client Info Stealer AutoRuns PDB suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Disables Windows Security Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		1		10.6	M		ZeroCERT

14467	2023-03-17 10:02	vbc.exe 2405e3c0602edc439e913ae0b0894fad PWS .NET framework RAT UPX .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself ComputerName				2.4	M	39	ZeroCERT

14468	2023-03-17 10:01	.win32.exe d65227a02d2c238246f6e73ba74af070 Malicious Library PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution				2.6	M	33	ZeroCERT

14469	2023-03-17 10:00	act.ocx 214aa1ab355e70aefadf701a32fecb36 Malicious Library VMProtect PE64 PE File VirusTotal Malware Checks debugger unpack itself				2.4	M	21	ZeroCERT

14470	2023-03-17 09:59	vbc.exe 30027f61c9de1e89c5314667fae3b647 PWS .NET framework RAT Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed				13.8	M	31	ZeroCERT

14471	2023-03-17 09:58	vbc.exe 9dd97b3380058856a357c1f1185459e5 PWS .NET framework RAT Generic Malware Antivirus SMTP PWS[m] KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed				11.6	M	39	ZeroCERT

14472	2023-03-17 09:57	l.exe 8d84e57656a59231cb00e35857f52f5a UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution				2.8	M	43	ZeroCERT

14473	2023-03-17 09:56	vbc.exe d48f1e07e2a3a115b8607be5d66654f6 PWS .NET framework RAT Generic Malware Antivirus AntiDebug AntiVM .NET EXE PE32 PE File FormBook Malware download VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	8 Keyword trend analysis Info http://www.sandpiper-apts.com/ehix/ http://www.dinggubd.net/ehix/?Fdu3T7=uZpwbE4nN2FTslKaVHbKae8zgt7ky0ornocOgs3KDnesGtSB9h/P9vAZ6XnbrtyGeAsuVYTjH2sIgvdhXFnX0MFN/kXYYsd1fLs/H40=&Oyh1=qgHWelcnGh26y http://www.sandpiper-apts.com/ehix/?Fdu3T7=hKOCARu+DWiPhBy2OXBeEvuIeOvdbNydRa9l0pOJHQ6sKi3bem59mbFo0sLscCkUJvlKEmppatvAN8BVStPrPz5WppUEK8vG3JM0zT8=&Oyh1=qgHWelcnGh26y http://www.lokoua.com/ehix/?Fdu3T7=J3/YmHeO7gb1hrFZ00oJyvMIE8jwh9FpyhpNHHKc/Dwl4Ow066XTIPDrbjScBfSdD+Wjc5kJZlXqKPUymTpi8Jn7Vm98ECa7tDgcZOQ=&Oyh1=qgHWelcnGh26y http://www.concuahuhong1.click/ehix/ http://www.concuahuhong1.click/ehix/?Fdu3T7=if2Sxmb1wbsgykDYswU7cz6QUuf80YrLHLWXtXfRIc3fuRnAOAgdB9sWkF8Vm7Dtou8EjpxeY5RMTtGuXYR0sZRmFMzKh58Rimf7prg=&Oyh1=qgHWelcnGh26y http://www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip http://www.dinggubd.net/ehix/	10	2	11.2	M	29	ZeroCERT

14474	2023-03-17 09:56	c.exe 4d9c620616b98cdd72968e60b3076500 UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution				2.8	M	47	ZeroCERT

14475	2023-03-17 09:55	vbc.exe 96cafe7de7304d358d586ce231fda4e1 PWS .NET framework RAT Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed				13.2	M	30	ZeroCERT