Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	VT	Player
14941	2021-11-05 04:14	sortedlist.bytes 6f4f6c70d48fb54a555cd1d4c08cdc4b AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2	3.8		guest

14942	2021-11-05 04:15	vectorutilsinc.bytes 95890787f17ada65920a5c0840579f4c Create Service DGA Socket Steal credential DNS Internet API Hijack Network Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot Http API P2P persistence AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.2		guest

14943	2021-11-05 04:16	tickinc.bytes 0c0af1e1c0ae30be5de51d9f1c8cf1a6 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2	3.8		guest

14944	2021-11-05 04:17	sortedlistinc.bytes d4c4e9495d1390bdbf987073199f03da Create Service DGA Socket Steal credential DNS Internet API Hijack Network Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot Http API P2P persistence AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.8		guest

14945	2021-11-05 04:17	tick.bytes 8e06d9903f0551fb522b69ebd80f892e Create Service DGA Socket Steal credential DNS Internet API Hijack Network Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot Http API P2P persistence AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	5.2		guest

14946	2021-11-05 04:17	timeparser.bytes 08fcf4109a0eda8ee3797387ad217805 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2	3.8		guest

14947	2021-11-05 04:19	vectorutils.bytes a96a75f2c4ab62cc4e5716cfef3a31f0 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2	3.8		guest

14948	2021-11-05 04:19	timeparserinc.bytes 1ad57666107bea50822d74afc74b03fb Create Service DGA Socket Steal credential DNS Internet API Hijack Network Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot Http API P2P persistence AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.8		guest

14949	2021-11-05 04:20	vectorutilsinc.bytes 95890787f17ada65920a5c0840579f4c Create Service DGA Socket Steal credential DNS Internet API Hijack Network Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot Http API P2P persistence AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.2		guest

14950	2021-11-05 07:32	.csrss.exe a4536e9957a36c621a8f494f5c7c674a PWS Loki[b] Loki.m RAT .NET framework Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software		1		13.4	8	ZeroCERT

14951	2021-11-05 09:08	23ce6573d0b61d1c6b7a3a8c1cdf07... ad0b9bd8cdaba862d346e9cd551f381f Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware Check memory Check virtual network interfaces Tofsee	1 Keyword trend analysis	4	1	2.0	39	ZeroCERT

14952	2021-11-05 09:10	ShareFolder.exe 8491639b7ee679dc16690f6fdd2c058a Generic Malware UPX PE File PE32 .NET EXE VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself				2.6	43	ZeroCERT

14953	2021-11-05 09:11	Kaspersky-2-Years-License-Setu... f3dc4b8f6ba049c3121558d38f93adad Ave Maria WARZONE RAT Generic Malware Malicious Library UPX Antivirus AntiDebug AntiVM PE File OS Processor Check PE32 PE64 VirusTotal Malware AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Remote Code Execution DNS Cryptographic key		15		10.6	40	ZeroCERT

14954	2021-11-05 09:12	chungzx.exe c93b774f6faa80532d2df3f201e1feb0 AgentTesla PWS .NET framework browser info stealer Generic Malware Google Chrome User Data Create Service DGA Socket Steal credential DNS Internet API Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot Http API P2P pe VirusTotal Malware Buffer PE AutoRuns Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Disables Windows Security WriteConsoleW Windows DNS DDNS keylogger		2	1	13.0	41	ZeroCERT

14955	2021-11-05 09:14	serverzx.exe c11accc6b91c118a30fc9ea60b72258b RAT PWS .NET framework Gen1 Generic Malware UPX Malicious Library Malicious Packer AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check DLL JPEG Format Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Phishing Cryptocurrency wallets Cryptocurrency PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check OskiStealer Stealer Windows Chrome Browser Email ComputerName DNS Password	9 Keyword trend analysis Info http://secureconnection.xyz/7.jpg http://secureconnection.xyz/5.jpg http://secureconnection.xyz/3.jpg http://secureconnection.xyz/1.jpg http://secureconnection.xyz/ http://secureconnection.xyz/main.php http://secureconnection.xyz/6.jpg http://secureconnection.xyz/4.jpg http://secureconnection.xyz/2.jpg	3	6 Info ET POLICY Data POST to an image file (jpg) ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) ET HUNTING Suspicious Zipped Filename in Outbound POST Request (Chrome_Default.txt) ET HUNTING HTTP POST to XYZ TLD Containing Pass - Possible Phishing	16.8	20	ZeroCERT