Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
1	2021-06-05 10:54	ds2.exe ccd95be19ccce8766611174bd6183e32 AsyncRAT backdoor Malicious Packer Antivirus KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Disables Windows Security powershell.exe wrote suspicious process Windows ComputerName Cryptographic key				10.6			ZeroCERT

2	2021-06-04 18:30	zxcvb.exe e02ae8a88df1daa8a2cf8af319a386e3 PWS Loki[b] Loki[m] AgentTesla AsyncRAT backdoor Gen1 Gen2 browser info stealer Google Chrome User Data Malicious Packer Antivirus DNS Socket HTTP KeyLogger Http API Internet API ScreenShot DGA Create Service Sniff Audio Escalate priviledges FTP Code Malware download ENERGETIC BEAR VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities Disables Windows Security Collect installed applications powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser Email ComputerName DNS Cryptographic key crashed Downloader	17 Keyword trend analysis Info http://34.88.140.135//l/f/L1VU1nkBuI_ccNKoeTXp/cc8a94f61ad1ac31ed9d2c0f0fef1ca23f6e10e5 http://veronika.ac.ug/index.php http://veronikaa.ac.ug/softokn3.dll http://veronikaa.ac.ug/sqlite3.dll http://veronikaa.ac.ug/freebl3.dll http://34.88.140.135/ http://185.215.113.77/axcxcvhgfc.exe http://185.215.113.77/ac.exe http://185.215.113.77/oxcxcvhgfc.exe http://185.215.113.77/rc.exe http://185.215.113.77/ds1.exe http://185.215.113.77/ds2.exe http://185.215.113.77/cc.exe http://34.88.140.135//l/f/L1VU1nkBuI_ccNKoeTXp/60386bf3c5b2b54595947b12ff770ab9abe3aa9a https://tttttt.me/brikitiki https://cdn.discordapp.com/attachments/720918485122940978/850158871501602823/Cdfyxciknlozqdclvjieazyvhyfqdvt https://cdn.discordapp.com/attachments/720918485122940978/850158270907678730/Xypgtvglqrlgdvgezyimsisukuqhicz	11 Info brudfascaqezd.ac.ug() - mailcious tttttt.me(95.216.186.40) - mailcious cdn.discordapp.com(162.159.129.233) - malware nothinglike.ac.ug(79.134.225.25) - mailcious veronikaa.ac.ug(185.215.113.77) - mailcious veronika.ac.ug(185.215.113.77) - malware 34.88.140.135 95.216.186.40 - mailcious 162.159.130.233 - malware 79.134.225.25 185.215.113.77 - malware	7 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DROP Spamhaus DROP Listed Traffic Inbound group 24 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	24.6	M	22	ZeroCERT

3	2021-06-04 18:26	ds1.exe 87225584b4b47362a93124a4b35f13bb AsyncRAT backdoor Malicious Packer KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 ENERGETIC BEAR VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself DNS		1	1	9.8	M	35	ZeroCERT

4	2021-06-04 18:16	ac.exe a9bd3a038170c1a41212c8e320b68d5d AsyncRAT backdoor Malicious Packer KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS		3		12.8	M	33	ZeroCERT

5	2021-06-04 18:15	axcxcvhgfc.exe 2eb4f37816d7e7b632eecee6952f473f PWS Loki[b] Loki[m] AsyncRAT backdoor Gen1 Malicious Packer KeyLogger DNS Socket HTTP Http API Internet API ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check JPEG Format Browser Info Stealer Malware download Vidar ENERGETIC BEAR VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization installed browsers check OskiStealer Stealer Windows Browser Email ComputerName DNS Password	10 Keyword trend analysis Info http://veronikaa.ac.ug/msvcp140.dll http://veronika.ac.ug/index.php http://veronikaa.ac.ug/nss3.dll http://veronikaa.ac.ug/sqlite3.dll http://veronikaa.ac.ug/main.php http://veronikaa.ac.ug/freebl3.dll http://veronikaa.ac.ug/mozglue.dll http://veronikaa.ac.ug/softokn3.dll http://veronikaa.ac.ug/vcruntime140.dll http://veronikaa.ac.ug/	3	7 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 24 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)	18.6	M	23	ZeroCERT

6	2021-06-04 18:13	oxcxcvhgfc.exe f8e766e4d22bc299950f6a4d23c824cc AsyncRAT backdoor Gen1 Malicious Packer KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check JPEG Format Browser Info Stealer Malware download Vidar ENERGETIC BEAR VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check OskiStealer Stealer Windows Browser Email ComputerName Password	9 Keyword trend analysis Info http://veronikaa.ac.ug/msvcp140.dll http://veronikaa.ac.ug/nss3.dll http://veronikaa.ac.ug/sqlite3.dll http://veronikaa.ac.ug/main.php http://veronikaa.ac.ug/freebl3.dll http://veronikaa.ac.ug/mozglue.dll http://veronikaa.ac.ug/softokn3.dll http://veronikaa.ac.ug/vcruntime140.dll http://veronikaa.ac.ug/	2	5 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 24 ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2 ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)	16.0	M	24	ZeroCERT

7	2021-06-03 21:08	nzex.exe 4a6d4f7e8a406a92228604f076758e22 AsyncRAT backdoor Malicious Packer SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger				11.8	M	21	ZeroCERT