Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1	2022-05-20 10:54	.wininit.exe 76b37fd531e91dde71258126c47cd3f1 Loki PWS[m] PWS Loki[b] Loki.m .NET framework DNS AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	2	9 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET DNS Query for .su TLD (Soviet Union) Often Malware Related	1	13.8	M	41	ZeroCERT

2	2022-05-19 11:40	vbc.exe 4c64cf8753a33ad06b5ffa18baaf4f7e Loki PWS[m] PWS Loki[b] Loki.m .NET framework DNS AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	2	7 Info ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Fake 404 Response	1	13.6	M	37	ZeroCERT

3	2022-05-19 11:34	kellyzx.exe ccfb1788d4a0c8d790b8453c95b936a6 PWS[m] PWS Loki[b] Loki.m .NET framework DNS AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response		14.2		37	ZeroCERT

4	2022-05-19 11:31	.winlogon.exe 4c86de3ecf018c944d5d92fa8e65a568 PWS[m] PWS .NET framework email stealer DNS Code injection KeyLogger Downloader Escalate priviledges persistence AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk VM Disk Size Check Windows DNS Cryptographic key crashed		2			10.0		24	ZeroCERT

5	2022-05-18 10:52	gregzx.exe 1400812fc47ddd7d1170aa60e4619333 PWS[m] PWS .NET framework SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	1 Keyword trend analysis	3	2		13.0		27	ZeroCERT

6	2022-05-18 10:48	zeuszx.exe 739b7f2f557506462b501564fad82fe8 PWS[m] PWS .NET framework SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	1 Keyword trend analysis	2	2		12.8		24	ZeroCERT

7	2022-05-18 10:46	vbc.exe 53805fb0e6f5fa5d70e7a41b63080c46 PWS[m] PWS .NET framework SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					9.2		30	ZeroCERT