Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10096	2021-05-03 16:56	calc.txt 59e1199f32a8f13b0efbdd092b02b165 AgentTesla AsyncRAT backdoor PWS .NET framework email stealer browser info stealer Google Chrome User Data DNS Socket KeyLogger ScreenShot AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted RWX flags setting unpack itself Check virtual network interfaces Tofsee Windows ComputerName DNS crashed	1 Keyword trend analysis	3	1		11.0		16	ZeroCERT

10097	2021-05-03 16:52	5bXw21jauyHi85L.exe 9da5129864c291e4a906fb6c7f39c2e7 Malicious Library SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed					10.8		15	ZeroCERT

10098	2021-05-03 16:50	yMfDYTbuXFGA7nz.exe d5eacb59bb0a82c6c21951eaacceb5ee Malicious Library .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key					2.6		17	ZeroCERT

10099	2021-05-03 16:48	po.exe ece4ddb9aaa8891aad47530a0b576454 AsyncRAT backdoor PWS .NET framework Malicious Packer SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName crashed					11.4		16	ZeroCERT

10100	2021-05-03 09:10	retrieveit2.cgi c6a6b73319e0691f9c2098d004a9da5c AsyncRAT backdoor .NET EXE PE File PE32 GIF Format Malware download njRAT NetWireRC VirusTotal Malware AutoRuns suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities Windows ComputerName DNS crashed		1	1		6.6		46	ZeroCERT

10101	2021-05-02 18:05	izux.exe 9597713af0d2566f6e3186196d31e520 .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself crashed					1.6		18	ZeroCERT

10102	2021-05-01 09:55	ozflkjgfkldsad.exe b573e394640d7c1d5493e0f57c905390 PWS .NET framework Gen1 Malicious Packer AntiDebug AntiVM .NET EXE PE File PE32 JPEG Format DLL OS Processor Check Browser Info Stealer Malware download Vidar ENERGETIC BEAR VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder WriteConsoleW anti-virtualization installed browsers check OskiStealer Stealer Windows Browser Email ComputerName DNS Password	10 Keyword trend analysis Info http://malcacnba.ac.ug/vcruntime140.dll http://malcacnba.ac.ug/mozglue.dll http://malcacnba.ac.ug/softokn3.dll http://malcacnba.ac.ug/ - rule_id: 1259 http://malcacnba.ac.ug/ http://malcacnba.ac.ug/msvcp140.dll http://malcacnba.ac.ug/freebl3.dll http://malcacnba.ac.ug/nss3.dll http://malcacnba.ac.ug/sqlite3.dll http://malcacnba.ac.ug/main.php	2	4	1	16.8		23	ZeroCERT

10103	2021-05-01 09:40	azflkjgfkldsad.exe eb6c0ff23c01dd3528789c8142890547 PWS Loki .NET framework Gen1 Malicious Packer DNS Socket HTTP KeyLogger Http API Internet API ScreenShot AntiDebug AntiVM .NET EXE PE File PE32 DLL OS Processor Check ENERGETIC BEAR VirusTotal Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Check virtual network interfaces AppData folder malicious URLs Windows ComputerName DNS	8 Keyword trend analysis	3	5 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 24 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		12.8		21	ZeroCERT

10104	2021-05-01 09:38	ac.exe 6a61a028d6282029c5899a3ffcc84e60 PWS .NET framework Malicious Packer AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName		3			11.4		17	ZeroCERT

10105	2021-05-01 09:36	mena.exe d20e703cb462af7eb09f6d0010e09e71 AsyncRAT backdoor Malicious Library SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					10.2		14	ZeroCERT

10106	2021-05-01 09:34	regasm.exe 16b0a44545b16aea4333dc824ab02199 PWS Loki .NET framework Malicious Library DNS Socket AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName Trojan DNS Cryptographic key Software	1 Keyword trend analysis	2	8 Info ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.6	M	8	ZeroCERT

10107	2021-05-01 09:29	ds1.exe 5af92f78e6b00eff95b14018a5dda8fc PWS .NET framework Malicious Packer AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself DNS					8.2	M	25	ZeroCERT

10108	2021-05-01 09:29	ds2.exe 3cdb00a25552429b06fb3be209614149 PWS .NET framework Malicious Packer Antivirus AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Disables Windows Security powershell.exe wrote suspicious process Windows ComputerName Cryptographic key					10.0	M	23	ZeroCERT

10109	2021-04-30 18:14	vbc.exe 877d8424f6d09301998cf3840c42dcb9 AsyncRAT backdoor Malicious Library .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself WriteConsoleW Windows ComputerName Cryptographic key					2.4		13	ZeroCERT

10110	2021-04-30 18:06	templex.exe c37d480d603a248b0e230a1c15590266 SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed keylogger					12.0		16	ZeroCERT