Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | April 12, 2021, 3:37 p.m. | April 12, 2021, 3:39 p.m. |
-
-
loki%20old.exe "C:\Users\test22\AppData\Local\Temp\loki%20old.exe"
7528
-
IP Address | Status | Action |
---|---|---|
104.21.24.135 | Active | Moloch |
164.124.101.2 | Active | Moloch |
169.1.24.244 | Active | Moloch |
172.217.25.14 | Active | Moloch |
184.168.131.241 | Active | Moloch |
34.102.136.180 | Active | Moloch |
45.84.204.80 | Active | Moloch |
5.254.41.1 | Active | Moloch |
52.128.23.153 | Active | Moloch |
52.15.160.167 | Active | Moloch |
54.172.82.69 | Active | Moloch |
64.22.68.40 | Active | Moloch |
70.39.125.244 | Active | Moloch |
89.31.143.1 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.skipperdaily.com/uoe8/?I6A=kSyxzBy7+NxjvltcH5qhh24HYIKUFMMxBbNkxLb26MtcWgNh+6Vz0GM3RP3eatyJABfRpbEE&nfutZl=xPJDZDjp | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.metabol.parts/uoe8/?I6A=DPa/LdvKb4x0EQHHSG4HnoBustHAKvau/XdJEIoo9jvmj6B/UiY0ng+XEe8SlKole1XP0R9B&nfutZl=xPJDZDjp | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.intersp.net/uoe8/?I6A=on49514hbo2JW48J+3/a1CaBEwSBwS4RZ72+qRP3c15gatp3EaIlW3Li0VjSgeEAJTee1r7g&nfutZl=xPJDZDjp | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.beachjunction.com/uoe8/?I6A=UaWDVduC8UFTwGehvLFCG15pALMvw+tGTmrfHTf8nBW+JGuA66stVchzjBlkkNqpWkXjqLwX&nfutZl=xPJDZDjp | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.sparkmonic.com/uoe8/?I6A=c1orGQk3ileK0l34y1jRdN2F2ZNEAoz87JDR1JcULV/NR4yFAYbLF+WSSfU/LO94q10BAp8C&nfutZl=xPJDZDjp | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.catherineandwilson.com/uoe8/?I6A=KdZiceDq2kSpg+gOAXOYCMhbIwexAutPvfm5ku1h+ZdZhJi6amIzed2Hhyoq3wJbWCyYGcfN&nfutZl=xPJDZDjp | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.swashbug.com/uoe8/?I6A=jbWl/12LOy/8QMol1vq5On9CelmHmR3hJriw/uowHAcnrTs+PcPuE1M21NVN5bXc/q7xGzNj&nfutZl=xPJDZDjp | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.unipacksexpress.com/uoe8/?I6A=MejYmmGKYE1uSbWIbuYb3LujTandHC0iEVZq/mU5CIxLMZtpZr1I1457to9XwNbgKKeK/WUp&nfutZl=xPJDZDjp | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.montcoimmigrationlawyer.com/uoe8/?I6A=DVW7OxuR/l0MgT0nDzIJzGfsiMq3vXOqW3XcgnFXnAhOJxKbpl47XJscsrRJEeE6Tdv++OFn&nfutZl=xPJDZDjp | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.liveporn.wiki/uoe8/?I6A=pk7aJzxroZ8+lfULIHT1NelU/8wtwZvYT/SETT0E40z+jFmloCWTtagjW+F1BqptGtqwExO3&nfutZl=xPJDZDjp | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.plaisterpress.com/uoe8/?I6A=ntdwrTRHgRdJ5a2Xf4NJYZb1FUQAWBN8mHNzZPufyj4i4SmxEkZcAfGryMwHg42WTLRCq5qX&nfutZl=xPJDZDjp | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.lanren.plus/uoe8/?I6A=tMPs/lCCUJyXhCtAb5b8gcWtLLVD4pee8R/Nt6qFrEMANauGy9c5Nh7d9aIxKCpuae/zz+V5&nfutZl=xPJDZDjp | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.chaitanya99.com/uoe8/?I6A=ZkDtwBVzfWeNGE7gTpqBE8SwHePO3C2IlyVk4AYlHdYLdQQSCszz4JLeYMoObzzlWefK30yZ&nfutZl=xPJDZDjp | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.gaelmobilecarwash.com/uoe8/?I6A=MOHGqkP6Ebzm+vNZgwkp8TSdnjf3KOQ5apN6aASQAzUE1fEqhZnwLAdbCeZI2pBtPLMSkxvo&nfutZl=xPJDZDjp |
request | POST http://www.skipperdaily.com/uoe8/ |
request | GET http://www.skipperdaily.com/uoe8/?I6A=kSyxzBy7+NxjvltcH5qhh24HYIKUFMMxBbNkxLb26MtcWgNh+6Vz0GM3RP3eatyJABfRpbEE&nfutZl=xPJDZDjp |
request | POST http://www.metabol.parts/uoe8/ |
request | GET http://www.metabol.parts/uoe8/?I6A=DPa/LdvKb4x0EQHHSG4HnoBustHAKvau/XdJEIoo9jvmj6B/UiY0ng+XEe8SlKole1XP0R9B&nfutZl=xPJDZDjp |
request | POST http://www.intersp.net/uoe8/ |
request | GET http://www.intersp.net/uoe8/?I6A=on49514hbo2JW48J+3/a1CaBEwSBwS4RZ72+qRP3c15gatp3EaIlW3Li0VjSgeEAJTee1r7g&nfutZl=xPJDZDjp |
request | POST http://www.beachjunction.com/uoe8/ |
request | GET http://www.beachjunction.com/uoe8/?I6A=UaWDVduC8UFTwGehvLFCG15pALMvw+tGTmrfHTf8nBW+JGuA66stVchzjBlkkNqpWkXjqLwX&nfutZl=xPJDZDjp |
request | POST http://www.sparkmonic.com/uoe8/ |
request | GET http://www.sparkmonic.com/uoe8/?I6A=c1orGQk3ileK0l34y1jRdN2F2ZNEAoz87JDR1JcULV/NR4yFAYbLF+WSSfU/LO94q10BAp8C&nfutZl=xPJDZDjp |
request | POST http://www.catherineandwilson.com/uoe8/ |
request | GET http://www.catherineandwilson.com/uoe8/?I6A=KdZiceDq2kSpg+gOAXOYCMhbIwexAutPvfm5ku1h+ZdZhJi6amIzed2Hhyoq3wJbWCyYGcfN&nfutZl=xPJDZDjp |
request | POST http://www.swashbug.com/uoe8/ |
request | GET http://www.swashbug.com/uoe8/?I6A=jbWl/12LOy/8QMol1vq5On9CelmHmR3hJriw/uowHAcnrTs+PcPuE1M21NVN5bXc/q7xGzNj&nfutZl=xPJDZDjp |
request | POST http://www.unipacksexpress.com/uoe8/ |
request | GET http://www.unipacksexpress.com/uoe8/?I6A=MejYmmGKYE1uSbWIbuYb3LujTandHC0iEVZq/mU5CIxLMZtpZr1I1457to9XwNbgKKeK/WUp&nfutZl=xPJDZDjp |
request | POST http://www.montcoimmigrationlawyer.com/uoe8/ |
request | GET http://www.montcoimmigrationlawyer.com/uoe8/?I6A=DVW7OxuR/l0MgT0nDzIJzGfsiMq3vXOqW3XcgnFXnAhOJxKbpl47XJscsrRJEeE6Tdv++OFn&nfutZl=xPJDZDjp |
request | POST http://www.liveporn.wiki/uoe8/ |
request | GET http://www.liveporn.wiki/uoe8/?I6A=pk7aJzxroZ8+lfULIHT1NelU/8wtwZvYT/SETT0E40z+jFmloCWTtagjW+F1BqptGtqwExO3&nfutZl=xPJDZDjp |
request | POST http://www.plaisterpress.com/uoe8/ |
request | GET http://www.plaisterpress.com/uoe8/?I6A=ntdwrTRHgRdJ5a2Xf4NJYZb1FUQAWBN8mHNzZPufyj4i4SmxEkZcAfGryMwHg42WTLRCq5qX&nfutZl=xPJDZDjp |
request | POST http://www.lanren.plus/uoe8/ |
request | GET http://www.lanren.plus/uoe8/?I6A=tMPs/lCCUJyXhCtAb5b8gcWtLLVD4pee8R/Nt6qFrEMANauGy9c5Nh7d9aIxKCpuae/zz+V5&nfutZl=xPJDZDjp |
request | POST http://www.chaitanya99.com/uoe8/ |
request | GET http://www.chaitanya99.com/uoe8/?I6A=ZkDtwBVzfWeNGE7gTpqBE8SwHePO3C2IlyVk4AYlHdYLdQQSCszz4JLeYMoObzzlWefK30yZ&nfutZl=xPJDZDjp |
request | POST http://www.gaelmobilecarwash.com/uoe8/ |
request | GET http://www.gaelmobilecarwash.com/uoe8/?I6A=MOHGqkP6Ebzm+vNZgwkp8TSdnjf3KOQ5apN6aASQAzUE1fEqhZnwLAdbCeZI2pBtPLMSkxvo&nfutZl=xPJDZDjp |
request | POST http://www.skipperdaily.com/uoe8/ |
request | POST http://www.metabol.parts/uoe8/ |
request | POST http://www.intersp.net/uoe8/ |
request | POST http://www.beachjunction.com/uoe8/ |
request | POST http://www.sparkmonic.com/uoe8/ |
request | POST http://www.catherineandwilson.com/uoe8/ |
request | POST http://www.swashbug.com/uoe8/ |
request | POST http://www.unipacksexpress.com/uoe8/ |
request | POST http://www.montcoimmigrationlawyer.com/uoe8/ |
request | POST http://www.liveporn.wiki/uoe8/ |
request | POST http://www.plaisterpress.com/uoe8/ |
request | POST http://www.lanren.plus/uoe8/ |
request | POST http://www.chaitanya99.com/uoe8/ |
request | POST http://www.gaelmobilecarwash.com/uoe8/ |
file | C:\Users\test22\AppData\Local\Temp\nsj14.tmp\6oxdti6l9qd.dll |
file | C:\Users\test22\AppData\Local\Temp\nsj14.tmp\6oxdti6l9qd.dll |
host | 172.217.25.14 |
McAfee | Artemis!3FEF6985AF0D |
Sangfor | Trojan.Win32.Save.a |
Cyren | W32/Injector.AGZ.gen!Eldorado |
ESET-NOD32 | a variant of Win32/Injector.EPCD |
APEX | Malicious |
Kaspersky | HEUR:Trojan.Win32.Zenpak.gen |
Rising | Trojan.Injector!8.C4 (CLOUD) |
McAfee-GW-Edition | BehavesLike.Win32.Dropper.dc |
FireEye | Generic.mg.3fef6985af0d52ab |
Sophos | Generic ML PUA (PUA) |
Microsoft | Trojan:Win32/Wacatac.B!ml |
AhnLab-V3 | Trojan/Win.Generic.R415229 |
Fortinet | W32/Injector.EPAI!tr |
Qihoo-360 | QVM42.0.Malware.Gen |