Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
14551	2023-03-16 09:57	vbc.exe 6a0d9778f0c3c7b539e35e53985cdcdb RAT UPX SMTP PWS[m] KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName Cryptographic key Software crashed				12.4	M	30	ZeroCERT

14552	2023-03-16 09:57	extracted_at_0x20a9f.rtf 1abb3c92c13e9e48f0231aaba25fed96 MS_RTF_Obfuscation_Objects RWX flags setting				0.8			guest

14553	2023-03-16 09:56	extracted_at_0x1ffd0.rtf 053c2af8ceb22f54180f95cf84d39150 MS_RTF_Obfuscation_Objects exploit crash Exploit crashed				1.0			guest

14554	2023-03-16 09:55	86.exe 5343b3beaadd15a14319e4b21dc68077 NPKI UPX Admin Tool (Sysinternals etc ...) Create Service Socket ScreenShot DNS PWS[m] KeyLogger Escalate priviledges persistence BitCoin AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency PDB MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut unpack itself Windows utilities suspicious process malicious URLs Ransomware Windows Browser ComputerName DNS Cryptographic key crashed		1		13.6	M	43	ZeroCERT

14555	2023-03-16 09:55	extracted_at_0x1fefb.rtf 04d073434805a5b1c8a414b67120ebc0 MS_RTF_Obfuscation_Objects RWX flags setting				0.8			guest

14556	2023-03-16 09:54	extracted_at_0x1fe28.rtf 732f8a490e170d3eb7d3cc51828146a5 MS_RTF_Obfuscation_Objects exploit crash Exploit crashed				1.0			guest

14557	2023-03-16 09:52	extracted_at_0x1fcfe.rtf a2e65ee8b8053a33bb6f72dd96da0cb1 MS_RTF_Obfuscation_Objects RWX flags setting				0.8			guest

14558	2023-03-16 09:52	vbc.exe 78bfa5db909ad9e080b957dd9acd4f6b UPX Malicious Library Malicious Packer PE32 PE File VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Windows keylogger		2		5.6	M	37	ZeroCERT

14559	2023-03-16 09:51	extracted_at_0x1f508.rtf f6fb6d0f1d993497016533befd6f8453 MS_RTF_Obfuscation_Objects exploit crash Exploit crashed				1.0			guest

14560	2023-03-16 09:50	999..........................9... 0f08eb0a48abbd926b1028b4371c15df MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	3	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE MSIL/GenKryptik.FQRH Download Request ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5.6	M	30	ZeroCERT

14561	2023-03-16 09:50	extracted_at_0x1f399.rtf c23384980dbea19471162bd2671e1b3c MS_RTF_Obfuscation_Objects RWX flags setting				0.8			guest

14562	2023-03-16 09:49	extracted_at_0x1f93b.rtf abf293a7ffa9b6368b2d06163cd6a552 MS_RTF_Obfuscation_Objects exploit crash Exploit crashed				1.0			guest

14563	2023-03-16 09:48	vbc.exe 8464e5ded61cc6085adeb10e81fc6483 RAT Generic Malware UPX Antivirus .NET EXE PE32 PE File VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key				8.0	M	31	ZeroCERT

14564	2023-03-16 09:48	extracted_at_0x1f45a.rtf 6820ff0c972ed601cd5a2a2f53460149 MS_RTF_Obfuscation_Objects RWX flags setting				0.8			guest

14565	2023-03-16 09:47	extracted_at_0x1f9d5.rtf 2fbba6115a9c80f024c480ed48a0e6c6 MS_RTF_Obfuscation_Objects exploit crash Exploit crashed				1.0			guest