Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
14551	2021-11-04 15:33	zxcv.EXE 1d4043e95026d07137c5ea2205fcb854 PWS Loki[b] Loki.m Raccoon Stealer Generic Malware UPX Steal credential ScreenShot Http API Socket DNS Internet API HTTP KeyLogger AntiDebug AntiVM PE File PE32 OS Processor Check DLL Malware download Azorult VirusTotal Malware Buffer PE MachineGuid Code Injection Malicious Traffic Check memory buffers extracted Creates executable files RWX flags setting unpack itself AppData folder malicious URLs Tofsee Windows ComputerName DNS crashed	3 Keyword trend analysis	9	6 Info ET DNS Query to a *.top domain - Likely Hostile ET DROP Spamhaus DROP Listed Traffic Inbound group 25 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE AZORult v3.3 Server Response M3 ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		12.2		46	ZeroCERT

14552	2021-11-04 15:34	cynias.exe 5fb060208eadc15d337de65293423747 Themida Packer PE64 PE File VirusTotal Malware Windows crashed					2.6		44	ZeroCERT

14553	2021-11-04 15:41	askinstall59.exe 392168060416882bb9cbe06ba18892de AgentTesla Gen2 Trojan_PWS_Stealer BitCoin browser info stealer Credential User Data Generic Malware Google Chrome Malicious Packer Malicious Library SQLite Cookie UPX Create Service DGA Socket Steal credential DNS Internet API Code injection S Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Checks debugger WMI Creates executable files exploit crash unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW installed browsers check Tofsee Windows Exploit Browser ComputerName Remote Code Execution crashed	2 Keyword trend analysis	4	1	1	10.2	M	39	ZeroCERT

14554	2021-11-04 17:37	- 7e8faec2e175c8b45b6d380a6a4c9503 Gen2 Gen1 Malicious Packer Malicious Library UPX PE64 PE File PDB Remote Code Execution					0.6			ZeroCERT

14555	2021-11-04 17:38	invoicepayment.vbs 581d55c731a4f3fccde704467a9d4a42 Malicious Library OS Processor Check PE File PE32 DLL VirusTotal Malware buffers extracted WMI Creates executable files unpack itself suspicious process AppData folder ComputerName crashed					6.8		20	ZeroCERT

14556	2021-11-04 23:49	common.bytes bf5460d3d9c1bb2d6b8aa12f3db8b092 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed					3.8			guest

14557	2021-11-04 23:51	gacconfig.bytes f8a68ae046ae3bf4d09074131f49d9de Create Service DGA Socket Steal credential DNS Internet API Hijack Network Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot Http API P2P persistence AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2		4.2			guest

14558	2021-11-04 23:51	commonclientdefs.bytes eb901f00be8d5dac1a9f7902aa3936b0 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		3.8			guest

14559	2021-11-04 23:51	classscript.bytes 52636e2354ea0e4f6848633556235257 AntiDebug AntiVM Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed					3.8			guest

14560	2021-11-04 23:53	copyclassfunction.bytes 22c510bcd8c165d4fa0cd64490516c85 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		3.8			guest

14561	2021-11-04 23:53	commoninc.bytes f48a588b2d239cb5c8ea9ffcfdd8a30b Create Service DGA Socket Steal credential DNS Internet API Hijack Network Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot Http API P2P persistence AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2		4.2			guest

14562	2021-11-04 23:54	luaprofiler.bytes 32452897194b25b15f27893bf8cd0e99 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		3.8			guest

14563	2021-11-04 23:54	debuggermgr.bytes d514dd539951031831c21e3cb400849b Create Service DGA Socket Steal credential DNS Internet API Hijack Network Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot Http API P2P persistence AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2		4.8			guest

14564	2021-11-04 23:55	debuggermgrinc.bytes d99b84ec646e545c6c3bea4d03cb7d7f Create Service DGA Socket Steal credential DNS Internet API Hijack Network Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot Http API P2P persistence AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2		4.2			guest

14565	2021-11-04 23:56	memorydump.bytes a62c187a2f9e9586b13fd22553a6bd63 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		3.8			guest