Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1	2023-06-08 17:47	bld_4.exe 296fd972f13fe3f371d16ff2430a3e81 RAT .NET EXE PE File PE32 VirusTotal Malware Buffer PE MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key					3.8	M	49	ZeroCERT

2	2023-05-14 10:15	testing.exe 0bde80954b5c14814f29064c6424d374 RAT Emotet PWS .NET framework Loki_b UPX .NET EXE PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Windows ComputerName DNS Cryptographic key	16 Keyword trend analysis Info http://94.142.138.111/concerts/2.php - rule_id: 32678 http://94.142.138.111/concerts/13.php - rule_id: 32689 http://94.142.138.111/concerts/10.php - rule_id: 32686 http://94.142.138.111/software/Build_2s.exe - rule_id: 32694 http://ip-api.com/json/ http://94.142.138.111/concerts/9.php - rule_id: 32685 http://94.142.138.111/concerts/11.php - rule_id: 32687 http://94.142.138.111/concerts/8.php - rule_id: 32684 http://94.142.138.111/concerts/6.php - rule_id: 32682 http://94.142.138.111/concerts/4.php - rule_id: 32680 http://94.142.138.111/concerts/1.php - rule_id: 32677 http://94.142.138.111/concerts/12.php - rule_id: 32688 http://94.142.138.111/concerts/7.php - rule_id: 32683 http://94.142.138.111/concerts/5.php - rule_id: 32681 http://ipwhois.app/xml/ http://94.142.138.111/concerts/3.php - rule_id: 32679	5	5 Info ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET POLICY External IP Lookup ip-api.com	14 Info http://94.142.138.111/concerts/2.php http://94.142.138.111/concerts/13.php http://94.142.138.111/concerts/10.php http://94.142.138.111/software/Build_2s.exe http://94.142.138.111/concerts/9.php http://94.142.138.111/concerts/11.php http://94.142.138.111/concerts/8.php http://94.142.138.111/concerts/6.php http://94.142.138.111/concerts/4.php http://94.142.138.111/concerts/1.php http://94.142.138.111/concerts/12.php http://94.142.138.111/concerts/7.php http://94.142.138.111/concerts/5.php http://94.142.138.111/concerts/3.php	6.8	M	53	guest

3	2023-05-12 18:07	Build_2s.exe 1c2b15ed1c8897bb466ec6f1a0f3e815 Emotet PWS .NET framework Loki_b RAT UPX OS Processor Check .NET EXE PE File PE32 VirusTotal Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Windows ComputerName DNS Cryptographic key	15 Keyword trend analysis Info http://94.142.138.111/concerts/2.php - rule_id: 32678 http://94.142.138.111/concerts/13.php - rule_id: 32689 http://94.142.138.111/concerts/10.php - rule_id: 32686 http://ip-api.com/json/ http://94.142.138.111/concerts/9.php - rule_id: 32685 http://94.142.138.111/concerts/11.php - rule_id: 32687 http://94.142.138.111/concerts/8.php - rule_id: 32684 http://94.142.138.111/concerts/6.php - rule_id: 32682 http://94.142.138.111/concerts/4.php - rule_id: 32680 http://94.142.138.111/concerts/1.php - rule_id: 32677 http://94.142.138.111/concerts/12.php - rule_id: 32688 http://94.142.138.111/concerts/7.php - rule_id: 32683 http://94.142.138.111/concerts/5.php - rule_id: 32681 http://ipwhois.app/xml/ http://94.142.138.111/concerts/3.php - rule_id: 32679	5	1	13 Info http://94.142.138.111/concerts/2.php http://94.142.138.111/concerts/13.php http://94.142.138.111/concerts/10.php http://94.142.138.111/concerts/9.php http://94.142.138.111/concerts/11.php http://94.142.138.111/concerts/8.php http://94.142.138.111/concerts/6.php http://94.142.138.111/concerts/4.php http://94.142.138.111/concerts/1.php http://94.142.138.111/concerts/12.php http://94.142.138.111/concerts/7.php http://94.142.138.111/concerts/5.php http://94.142.138.111/concerts/3.php	5.6	M	40	ZeroCERT

4	2023-05-12 18:00	testing.exe 0bde80954b5c14814f29064c6424d374 RAT Emotet PWS .NET framework Loki_b UPX .NET EXE PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Windows ComputerName DNS Cryptographic key	16 Keyword trend analysis Info http://94.142.138.111/concerts/2.php - rule_id: 32678 http://94.142.138.111/concerts/13.php - rule_id: 32689 http://94.142.138.111/concerts/10.php - rule_id: 32686 http://ip-api.com/json/ http://94.142.138.111/concerts/9.php - rule_id: 32685 http://94.142.138.111/concerts/11.php - rule_id: 32687 http://94.142.138.111/concerts/8.php - rule_id: 32684 http://94.142.138.111/concerts/6.php - rule_id: 32682 http://94.142.138.111/concerts/4.php - rule_id: 32680 http://94.142.138.111/concerts/1.php - rule_id: 32677 http://94.142.138.111/concerts/12.php - rule_id: 32688 http://94.142.138.111/concerts/7.php - rule_id: 32683 http://94.142.138.111/concerts/5.php - rule_id: 32681 http://ipwhois.app/xml/ http://94.142.138.111/concerts/3.php - rule_id: 32679 http://94.142.138.111/software/Build_2s.exe	5	5 Info ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET POLICY External IP Lookup ip-api.com	13 Info http://94.142.138.111/concerts/2.php http://94.142.138.111/concerts/13.php http://94.142.138.111/concerts/10.php http://94.142.138.111/concerts/9.php http://94.142.138.111/concerts/11.php http://94.142.138.111/concerts/8.php http://94.142.138.111/concerts/6.php http://94.142.138.111/concerts/4.php http://94.142.138.111/concerts/1.php http://94.142.138.111/concerts/12.php http://94.142.138.111/concerts/7.php http://94.142.138.111/concerts/5.php http://94.142.138.111/concerts/3.php	6.8	M	40	ZeroCERT

5	2023-05-11 18:42	Build1.exe bfaa027a645e567824a10a26fb8dbefd RAT Emotet PWS .NET framework Loki_b UPX .NET EXE PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Windows ComputerName DNS Cryptographic key	15 Keyword trend analysis Info http://94.142.138.111/concerts/2.php http://94.142.138.111/concerts/13.php http://94.142.138.111/concerts/10.php http://ip-api.com/json/ http://94.142.138.111/concerts/9.php http://94.142.138.111/concerts/11.php http://94.142.138.111/concerts/8.php http://94.142.138.111/concerts/6.php http://94.142.138.111/concerts/4.php http://94.142.138.111/concerts/1.php http://94.142.138.111/concerts/12.php http://94.142.138.111/concerts/7.php http://94.142.138.111/concerts/5.php http://ipwhois.app/xml/ http://94.142.138.111/concerts/3.php	5	5 Info ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET POLICY External IP Lookup ip-api.com		6.6	M	35	ZeroCERT

6	2023-05-11 18:42	Build-1S.exe e695b8888af3b57f1a56961bd289463c Emotet PWS .NET framework Loki_b RAT UPX OS Processor Check .NET EXE PE File PE32 VirusTotal Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Windows ComputerName DNS Cryptographic key	15 Keyword trend analysis Info http://94.142.138.111/concerts/2.php http://94.142.138.111/concerts/13.php http://94.142.138.111/concerts/10.php http://ip-api.com/json/ http://94.142.138.111/concerts/9.php http://94.142.138.111/concerts/11.php http://94.142.138.111/concerts/8.php http://94.142.138.111/concerts/6.php http://94.142.138.111/concerts/4.php http://94.142.138.111/concerts/1.php http://94.142.138.111/concerts/12.php http://94.142.138.111/concerts/7.php http://94.142.138.111/concerts/5.php http://ipwhois.app/xml/ http://94.142.138.111/concerts/3.php	5	1		5.6	M	54	ZeroCERT