No | Date | Request | Urls | Hosts | IDS | Rule | Score | Zero | VT | Player | Etc | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | 2024-01-13 19:27 |
twoo.exe 013dd34c1d52ad6a86419657437e247aClient SW User Data Stealer LokiBot ftp Client info stealer Admin Tool (Sysinternals etc ...) .NET framework(MSIL) Malicious Library UPX Http API PWS Code injection AntiDebug AntiVM PE32 PE File MSOffice File .NET EXE DLL OS Processor Check Malware Telegram Buffer PE PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder malicious URLs Tofsee Windows ComputerName DNS Cryptographic key crashed |
2
|
5 | 3 | 11.6 | M | ZeroCERT | ||||||||||||||||
|