Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
14686	2023-03-11 21:16	Lovey Butt Nickols.vcf 0f18c900864e76aab925ea75c8d817c8 email stealer DGA ScreenShot Internet API PWS[m] HTTP KeyLogger Escalate priviledges Http API AntiDebug AntiVM Email Client Info Stealer MachineGuid unpack itself malicious URLs installed browsers check Browser Email					2.6			BRY

14687	2023-03-11 16:39	prewarm.db-shm 6aceb5827268b99af3d7f6d6a38f7cfb AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.4			BRY

14688	2023-03-11 10:47	p-Qfdyajl.exe d9e77c8ca14edd3fabf09c01f61c566a PWS .NET framework RAT Generic Malware Downloader UPX Antivirus Socket SMTP Internet API PWS[m] AntiDebug AntiVM OS Processor Check .NET EXE PE32 PE File VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1			12.0	M	20	ZeroCERT

14689	2023-03-11 10:45	1221.exe 655f6edee75a4cc49a8fa34567037da9 UPX Malicious Packer .NET EXE PE32 PE File VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger WMI unpack itself anti-virtualization ComputerName DNS		3			6.6	M	45	ZeroCERT

14690	2023-03-11 10:43	Aztec.exe 679f7bb9c60003a65a6a98d474f3fb0e Malicious Library PE64 PE File VirusTotal Cryptocurrency Miner Malware DNS CoinMiner		4	2		1.2	M	20	ZeroCERT

14691	2023-03-11 10:41	payload.exe f9848320841dff02edb5938d0854c4be RAT UPX Malicious Library OS Processor Check .NET EXE PE32 PE File PE64 VirusTotal Cryptocurrency Miner Malware PDB Check memory Checks debugger Creates executable files unpack itself DNS CoinMiner		5	2		4.2	M	43	ZeroCERT

14692	2023-03-11 10:38	lalipopxxx.exe 3d826d3a6d6408843c13eae90e84cfb2 UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution DNS		1			4.4	M	40	ZeroCERT

14693	2023-03-11 10:37	2701.exe 97201c944dcd7e82672458514a67a7b5 RAT Emotet Gen2 Gen1 Generic Malware UPX Malicious Library Malicious Packer .NET EXE PE32 PE File OS Processor Check PE64 DLL VirusTotal Malware Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder Tofsee ComputerName crashed	2 Keyword trend analysis	2	1		6.0	M	39	ZeroCERT

14694	2023-03-11 10:36	faintxakers-76060706313.exe 628e9b3aa525960223fd93bae86b5e7d PWS .NET framework RAT Gen2 UPX Malicious Library .NET EXE PE32 PE File GIF Format PNG Format OS Processor Check DLL .NET DLL PE64 ZIP Format Browser Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency AutoRuns PDB Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Check virtual network interfaces AppData folder suspicious TLD Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key crashed	15 Keyword trend analysis Info https://anaida.evisyn.lol/getwallet.php?id=365&wallet=dash https://anaida.evisyn.lol/getwallet.php?id=3651&wallet=nec https://anaida.evisyn.lol/dlls/System.Data.SQLite.dll https://anaida.evisyn.lol/dlls/System.Data.SQLite.Linq.dll https://anaida.evisyn.lol/dlls/x64/SQLite.Interop.dll https://anaida.evisyn.lol/dlls/Ionic.Zip.dll https://anaida.evisyn.lol//list.php?id=365 https://anaida.evisyn.lol/dlls/System.Data.SQLite.EF6.dll https://tryno.ru/robots https://anaida.evisyn.lol/c1n.php?ownerid=365&buildid=pisospro&countp=0&countc=0&username=test22&country=KR&ipaddr=175.208.134.152&BSSID=&countw=0 https://anaida.evisyn.lol/dlls/x86/SQLite.Interop.dll https://anaida.evisyn.lol/dlls/EntityFramework.SqlServer.dll https://anaida.evisyn.lol/dlls/EntityFramework.dll https://anaida.evisyn.lol/online.php?country=XX&ipaddr=0.0.0.0&HWID=&processorid=&ownerid=365 https://ipwho.is/?output=xml	6	2		12.0	M	43	ZeroCERT

14695	2023-03-11 10:35	a-Yfgvvxyduvu.exe 4f351910b30c279944615955228db869 PWS .NET framework RAT Generic Malware UPX Antivirus Socket SMTP Internet API PWS[m] HTTP Escalate priviledges Http API AntiDebug AntiVM OS Processor Check .NET EXE PE32 PE File Browser Info Stealer VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut ICMP traffic unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW Ransom Message Turn off Windows Error Recovery notification window IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser Tor ComputerName Trojan Banking DNS Cryptographic key	3 Keyword trend analysis	5	2	1	21.4	M	20	ZeroCERT

14696	2023-03-11 10:30	faintxakers.exe e5714adf276ab96cff90d3778ba51b7e Malicious Library PE64 PE File VirusTotal Cryptocurrency Miner Malware DNS CoinMiner		5	2		1.4	M	37	ZeroCERT

14697	2023-03-11 10:30	ss27.exe ebe51104a56d305aac2419e97e58f975 Gen2 Gen1 Generic Malware UPX Malicious Library Malicious Packer PE64 PE File VirusTotal Malware PDB Remote Code Execution DNS		1			1.4	M	9	ZeroCERT

14698	2023-03-11 10:29	photo_004.exe 4d7cc5e90bf5b2b606215eae39503b9c UPX Malicious Library OS Processor Check PE32 PE File unpack itself Remote Code Execution					1.2	M		ZeroCERT

14699	2023-03-10 18:09	11.html 4535be9cfea1617ede162091edd6fac1 Antivirus unpack itself crashed	1 Keyword trend analysis				0.6	M		ZeroCERT

14700	2023-03-10 18:09	1.html 32445d05dd1348bce9b6a395b2f8fbd8 Antivirus AntiDebug AntiVM MSOffice File Code Injection exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis		2		3.4	M		ZeroCERT