Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1	2021-06-11 17:44	XtmkLSmftnsk6TlB.exe b4e2699346ce3d5f87374a32403e3464 AsyncRAT backdoor PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Malicious Library Antivirus AntiDebug AntiVM PE File .NET EXE OS Processor Check PE32 VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Disables Windows Security powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					11.8		39	ZeroCERT

2	2021-06-10 22:37	doc-09.exe 8252e0bd8e579259cc18ceae0c5c6d64 AsyncRAT backdoor PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Malicious Library AntiDebug AntiVM PE File .NET EXE OS Processor Check PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key crashed					8.2	M	22	ZeroCERT

3	2021-06-10 22:32	OW2VztuHH2JVcLG.exe 236283221ed6f5768bc48df90937f7e7 AsyncRAT backdoor PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE OS Processor Check PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed					10.0		40	ZeroCERT

4	2021-06-10 09:39	vbc.exe a853becef668c582b4598a48ada05331 AsyncRAT backdoor PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Malicious Library DNS Socket Sniff Audio KeyLogger Code injection AntiDebug AntiVM PE File .NET EXE OS Processor Check PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key DDNS crashed keylogger	2 Keyword trend analysis	4	3		13.8	M	12	ZeroCERT

5	2021-06-10 09:37	templex.exe f6dad3a16a8ea72bc59bc24be556a327 AsyncRAT backdoor PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Antivirus AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Checks Bios Detects VirtualBox powershell.exe wrote suspicious process WriteConsoleW VMware anti-virtualization Windows ComputerName DNS Cryptographic key Software crashed					13.6	M	31	ZeroCERT

6	2021-06-10 09:32	vbc.exe bee1b5a09da4f1bc92b3c1a283ab3157 AgentTesla AsyncRAT backdoor PWS .NET framework browser info stealer Google Chrome User Data Admin Tool (Sysinternals Devolutions inc) Malicious Library Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection Downloader AntiDebug A VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key keylogger		2			12.0		11	ZeroCERT

7	2021-06-10 09:20	svch.exe ac3ce8e8920a0b504cf0a10e204d2f3f AsyncRAT backdoor PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Malicious Library DNS Socket Sniff Audio KeyLogger Code injection AntiDebug AntiVM PE File .NET EXE OS Processor Check PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key DDNS keylogger	2 Keyword trend analysis	4	3		13.2		20	ZeroCERT

8	2021-06-09 22:06	vbc.exe f91a59d752971b133ff68b550ff847fb PWS Loki[b] Loki[m] AsyncRAT backdoor .NET framework Admin Tool (Sysinternals Devolutions inc) Malicious Library DNS Socket AntiDebug AntiVM PE File .NET EXE OS Processor Check PE32 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software		1			13.2			ZeroCERT

9	2021-06-09 21:51	svch.exe 6e32cd4a3fac5e6b0b5f1c5659182f9e loki bot PWS Loki[b] Loki[m] AsyncRAT backdoor .NET framework Admin Tool (Sysinternals Devolutions inc) Malicious Library DNS Socket AntiDebug AntiVM PE File .NET EXE OS Processor Check PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	15.0	M	19	ZeroCERT

10	2021-06-09 21:49	bin.exe b72c51bdd3489176cc6da5496d2542cb PWS Loki[b] Loki[m] AsyncRAT backdoor .NET framework Admin Tool (Sysinternals Devolutions inc) Malicious Library DNS Socket AntiDebug AntiVM PE File .NET EXE OS Processor Check PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName Trojan DNS Cryptographic key Software	1 Keyword trend analysis	2	10 Info ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET INFO DNS Query for Suspicious .ga Domain	1	13.8	M	14	ZeroCERT