Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
14911	2023-03-13 09:42	CHEAT-MENU-LINK-1.exe 43c3f3e2e28157583e7eda204b2b103f Hide_EXE Generic Malware Anti_VM Antivirus .NET EXE PE32 PE File VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process AppData folder Windows ComputerName Cryptographic key					4.4	M	54	ZeroCERT

14912	2023-03-13 09:42	New1.exe 1cc0a962c3a1ff3a4adbdcaa49809867 Malicious Library PE32 PE File VirusTotal Malware Buffer PE PDB Checks debugger buffers extracted unpack itself sandbox evasion ComputerName		1			3.6	M	21	ZeroCERT

14913	2023-03-13 09:40	vbc.exe bcae06ceab767b7cfe609336242afe02 UPX Malicious Library PE32 PE File VirusTotal Malware PDB		1			1.8	M	28	ZeroCERT

14914	2023-03-13 09:40	cc.exe e103f1c9f7750083959c6cf1bc48b308 UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware unpack itself					1.8	M	30	ZeroCERT

14915	2023-03-13 09:38	vbc.exe 2ae3f03e02368a6c5c4c91a136655643 PWS .NET framework Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger	1 Keyword trend analysis	2	1		16.4	M	46	ZeroCERT

14916	2023-03-13 09:38	photo_004.exe 0c577c96ab7fd8f9164b6b22e5fb519f UPX Malicious Library OS Processor Check PE32 PE File unpack itself					0.8	M		ZeroCERT

14917	2023-03-13 03:37	assignment2.exe 28f81fad984a66e7078ffa11a1000d0d Gen1 Gen2 Generic Malware UPX Malicious Library Malicious Packer Anti_VM OS Processor Check PE64 PE File DLL ZIP Format VirusTotal Malware Check memory Creates executable files					1.6		7	guest

14918	2023-03-13 03:25	assignment2.exe 28f81fad984a66e7078ffa11a1000d0d Gen1 Gen2 Generic Malware UPX Malicious Library Malicious Packer Anti_VM OS Processor Check PE64 PE File DLL ZIP Format VirusTotal Malware Check memory Creates executable files					1.6		7	guest

14919	2023-03-12 21:46	TtaGNlxGDP9.exe c80c4970626ec8f3f54df91063c04731 PE File								guest

14920	2023-03-12 21:40	Preview.exe 86257e16e9db1d0740183fa624805d5f UPX Malicious Library MZP Format PE File								guest

14921	2023-03-12 21:37	DpEditor.exe d0267bb4717f5d69ed7d1e30e89e301d Themida Packer Anti_VM PE File VirusTotal Malware					0.4		2	guest

14922	2023-03-12 11:12	build.exe 918b9b4d245035565fd159b7202ed708 Loki_b Loki_m Gen1 Suspicious_Script_Bin Generic Malware UPX Malicious Library Malicious Packer DGA Socket ScreenShot DNS Internet API PWS[m] Http API Code injection AntiDebug AntiVM OS Processor Check PE32 PE File DLL Browser Info Stealer Malware download FTP Client Info Stealer Dridex VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Microsoft Telegram AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs suspicious TLD sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser Email ComputerName Remote Code Execution DNS Software	6 Keyword trend analysis	11 Info t.me(149.154.167.99) - mailcious uaery.top(210.182.29.70) - malware api.2ip.ua(162.0.217.254) steamcommunity.com(104.76.78.101) - mailcious zexeq.com(37.34.248.24) - malware 149.154.167.99 - mailcious 211.119.84.112 - malware 211.59.14.90 - malware 162.0.217.254 116.202.6.47 104.76.78.101 - mailcious	17 Info ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET DNS Query to a .top domain - Likely Hostile ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed Telegram Domain (t .me in TLS SNI) ET INFO TLS Handshake Failure ET INFO Dotted Quad Host ZIP Request ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Potential Dridex.Maldoc Minimal Executable Request ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET MALWARE Win32/Vodkagats Loader Requesting Payload ET INFO HTTP Request to a .top domain ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING Possible EXE Download From Suspicious TLD ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET MALWARE Win32/Filecoder.STOP Variant Public Key Download	1	20.4	M	27	ZeroCERT

14923	2023-03-12 11:11	yt0.exe 9b47804d0627d4ffa417b7c077db791e PWS .NET framework RAT Generic Malware UPX Antivirus SMTP PWS[m] KeyLogger AntiDebug AntiVM OS Processor Check .NET EXE PE32 PE File Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	3	6 Info ET HUNTING Suspicious Terse Request for .bmp ET INFO DYNAMIC_DNS Query to a .dyndns .org Domain ET INFO DYNAMIC_DNS Query to .dyndns. Domain ET MALWARE 404/Snake/Matiex Keylogger Style External IP Check ET POLICY External IP Lookup - checkip.dyndns.org ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns .org Domain		16.2	M	37	ZeroCERT

14924	2023-03-12 11:07	vbc.exe 23e46ac3c8b6b48d9e13d62c8ec8fd8b PWS .NET framework Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed					14.0	M	38	ZeroCERT

14925	2023-03-12 11:06	kyj.exe 1be680a39218aa5f77c4bfe3c24a8107 PWS .NET framework RAT Generic Malware UPX Antivirus SMTP PWS[m] KeyLogger AntiDebug AntiVM OS Processor Check .NET EXE PE32 PE File Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	3	6 Info ET HUNTING Suspicious Terse Request for .bmp ET INFO DYNAMIC_DNS Query to a .dyndns .org Domain ET INFO DYNAMIC_DNS Query to .dyndns. Domain ET MALWARE 404/Snake/Matiex Keylogger Style External IP Check ET POLICY External IP Lookup - checkip.dyndns.org ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns .org Domain		16.2	M	36	ZeroCERT