Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1	2023-07-03 11:29	herozx.exe 1740c5dae86b5948e6dd0fc2e99534a8 AgentTesla Generic Malware .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger		2	2		13.6	M	52	r0d

2	2023-06-29 17:56	herozx.exe 1740c5dae86b5948e6dd0fc2e99534a8 Generic Malware .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger		2	2		14.6	M	48	ZeroCERT

3	2023-06-29 17:38	davincizx.exe dacf04bf96751944ade96bbf9a746429 LokiBot Generic Malware .NET framework(MSIL) Antivirus Socket PWS DNS AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process malicious URLs WriteConsoleW installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software		1			15.4	M	51	ZeroCERT

4	2023-06-29 07:45	defounderzx.exe 25a6280b20b14dc747c700a1a91cb51b Generic Malware .NET framework(MSIL) Antivirus .NET EXE PE32 PE File VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					7.8	M	50	ZeroCERT

5	2023-06-28 16:42	thirdagodzx.exe 03edaee7120cbf2752ae82e5eed3f5ba .NET framework(MSIL) .NET EXE PE32 PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.6	M	42	ZeroCERT

6	2023-06-28 16:36	pmexzx.exe 702afdca8f01b2e8cca517d70c86afb4 Generic Malware .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW IP Check Windows Browser Email ComputerName Cryptographic key Software crashed keylogger		2			14.0	M	41	ZeroCERT

7	2023-06-28 16:33	chamberszx.exe f2707d788cc86c8707eee04679ddf651 .NET framework(MSIL) .NET EXE PE32 PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.6	M	43	ZeroCERT

8	2023-06-27 19:59	hussanzx.exe bbd76370ac91e9e7ee832b127afc4d2e LokiBot Generic Malware Antivirus Socket PWS DNS AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process malicious URLs WriteConsoleW installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software		1			15.4	M	42	ZeroCERT

9	2023-06-27 19:57	ansazx.exe 1d132b7a35d336fc7b2aba2c52346f3f Formbook Generic Malware Antivirus PWS AntiDebug AntiVM .NET EXE PE32 PE File FormBook Malware download VirusTotal Malware powershell PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1		11.0	M	40	ZeroCERT

10	2023-06-27 19:57	pablozx.exe 40df500e4caa9265ef6bea269c34140d Formbook Generic Malware .NET framework(MSIL) Antivirus PWS AntiDebug AntiVM .NET EXE PE32 PE File FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	3 Keyword trend analysis Info http://www.rgmtrucking.com/xchu/?tZi0=1mhodZhB1qnRk72cRiGQGKQ1EZjghQeDkSst0P3G6zwDiNhHcJxkkyyd0Mijq4HX1ruBVoGm&Unt4E=GTd0sn0XuJCLsTR http://www.ideeintemporelle.com/xchu/?tZi0=t3j26SmWIpincnwYCr1048OEQratwNj3NaIAmhSNt4vAPvcvbjHh9YV3JIDfjMXs/Qq5pWG1&Unt4E=GTd0sn0XuJCLsTR - rule_id: 34173 http://www.wxbaonayue.com/xchu/?tZi0=mY4hZ5B3IXrgLaYN7PrEmvKDAdXbcF63a4JsFYnvPUndT2n4tykPAHMAGz6A4KCHVMxjaycB&Unt4E=GTd0sn0XuJCLsTR	6	1	1	11.4	M	48	ZeroCERT

11	2023-06-22 17:43	chamberszx.exe 64928914be4ab456e1121004c886e8ba PWS .NET framework(MSIL) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger		2	2		11.8	M	27	ZeroCERT