Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
14566	2023-03-16 09:46	vbc.exe 0d9b2efac64b4245292e7c3112ec8771 RAT UPX PWS[m] AntiDebug AntiVM .NET EXE PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	1 Keyword trend analysis	4	1	8.2	M	30	ZeroCERT

14567	2023-03-16 09:46	extracted_at_0x1f8d7.rtf eb8d3dcc65e815b8bea8baa4004bacd8 MS_RTF_Obfuscation_Objects RWX flags setting				0.8			guest

14568	2023-03-16 09:45	extracted_at_0x1f6d1.rtf 1f3d9820a1957a724c30b14ba1e31669 MS_RTF_Obfuscation_Objects exploit crash Exploit crashed				1.0			guest

14569	2023-03-16 09:44	oloriolori.exe ac9303872d21893ff80fab77f557f94a NPKI SMTP KeyLogger AntiDebug AntiVM PE64 PE File VirusTotal Malware Buffer PE PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key crashed				6.8	M	24	ZeroCERT

14570	2023-03-16 09:44	extracted_at_0x1f2b2.rtf 827eb08a8f63b385eb5726a886fbcc9b MS_RTF_Obfuscation_Objects RWX flags setting				0.8			guest

14571	2023-03-16 09:42	extracted_at_0x1ef92.rtf 129dcf11efc910dc4f30070accde518b MS_RTF_Obfuscation_Objects exploit crash Exploit crashed				1.0			guest

14572	2023-03-16 09:41	extracted_at_0x1eec6.rtf 8c202d84a416fe279e0e2c95e29ee52c MS_RTF_Obfuscation_Objects RWX flags setting				0.8			guest

14573	2023-03-16 09:41	extracted_at_0x1ec6b.rtf 84c76c12bbecf62148b46d3ff66fa386 MS_RTF_Obfuscation_Objects unpack itself				0.8			guest

14574	2023-03-16 09:40	extracted_at_0x1e851.rtf df3bc0a68c18412de9a8540ce3c1897f MS_RTF_Obfuscation_Objects exploit crash Exploit crashed				1.0			guest

14575	2023-03-16 09:39	extracted_at_0x1e728.rtf 08db3ffdebccb71d4b851892ef82cfa1 MS_RTF_Obfuscation_Objects RWX flags setting				0.8			guest

14576	2023-03-16 09:39	extracted_at_0x1e452.rtf c6caed7668560b25357b306de461f622 MS_RTF_Obfuscation_Objects unpack itself				0.8			guest

14577	2023-03-16 09:38	extracted_at_0x1e350.rtf 8e2bab606df21b8f017663557938e7e9 MS_RTF_Obfuscation_Objects exploit crash Exploit crashed				1.0			guest

14578	2023-03-16 09:37	extracted_at_0x1e237.rtf 066f1f76bb3247a3b35b3c6eb7caf04d MS_RTF_Obfuscation_Objects RWX flags setting				0.8			guest

14579	2023-03-16 09:37	extracted_at_0x1e52a.rtf 0e8779e8865319c70fca8ecd2f259721 MS_RTF_Obfuscation_Objects unpack itself DNS		1		1.4			guest

14580	2023-03-16 09:36	NMA.exe 2fc9552b8ba5dd08a67bfce7c35fbcc9 PWS .NET framework RAT Generic Malware Antivirus AntiDebug AntiVM .NET EXE PE32 PE File FormBook Malware download VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process suspicious TLD WriteConsoleW Windows ComputerName DNS Cryptographic key	12 Keyword trend analysis Info http://www.elaynegullis.com/pz6u/?gfuoJ=RLN7TRGvjwHq7PUV878gaeLXTOoLSh2gVAY4HztmGBYlfrA0o1jLcKhByS7l3UvVa8DWXe8maGDlvA7o1isB3qskVRFdaINY+8OOoek=&Ib=JpVVn8kuJmjvnz http://www.ghyvmze5s.com/pz6u/?gfuoJ=uytR2Tiz1twpM2dhblQC1B7BthyLXXG5FY7Kn1WRtAiI0duJ2fbunveoTy7fDIn07wry7tOJS3Y6hqcaHiueaqrp/c4n5kqaEVxvo8M=&Ib=JpVVn8kuJmjvnz http://www.aviator238.cyou/pz6u/ http://www.tiflovector.ru/pz6u/?gfuoJ=0G6+4PQ3ff1VVX3bDlZY7prfmcsmSisC64ofEkjldKjfJt8rvq/jB6ECdFdI4gZQYQqDLzr6mpjEiqs3GX+9BiMAwHwt4KekEuDtmGU=&Ib=JpVVn8kuJmjvnz http://www.aviator238.cyou/pz6u/?gfuoJ=UyrgSxFtu3lXz+BcpDcql/UhilAww6e/QPXCtiRRfbVUoJ6/YhP9B1EmFWXTHuUT6TvndHSDvnTdkZIXPbpDZFJbIQW9nmMntHv5nFk=&Ib=JpVVn8kuJmjvnz http://www.glenwoodstudiocrafts.com/pz6u/?gfuoJ=AdMEqTYsvTG/AjKkKRLLui12hmt7noCWJPmXTDPlMsv+HXciE9QtIkdJXTqGLnrKTXLO19vQM3NQPwEWsx9FOo1L3PbWSzYh6xsrb6I=&Ib=JpVVn8kuJmjvnz http://www.tonica.life/pz6u/ http://www.glenwoodstudiocrafts.com/pz6u/ http://www.tonica.life/pz6u/?gfuoJ=H3cqQrnleOtYl7hnGPubiIS0labqzqigzX8IXx/talSmztzMUlwIfpk89Fh5WaVP3Lmv67mvQzkZfbTpOci4WeTcTAhchhNQbkNGdls=&Ib=JpVVn8kuJmjvnz http://www.tiflovector.ru/pz6u/ http://www.ghyvmze5s.com/pz6u/ http://www.sqlite.org/2016/sqlite-dll-win32-x86-3100000.zip	15 Info www.makulatura-sbor.site() www.glenwoodstudiocrafts.com(162.241.217.45) - mailcious www.ghyvmze5s.com(43.250.124.88) www.elaynegullis.com(34.117.168.233) www.tiflovector.ru(195.24.68.5) www.tonica.life(3.19.131.128) www.sqlite.org(45.33.6.223) www.aviator238.cyou(172.67.174.131) 172.67.174.131 34.117.168.233 - mailcious 195.24.68.5 3.14.161.55 43.250.124.88 45.33.6.223 162.241.217.45 - mailcious	3	11.8	M	34	ZeroCERT