Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1	2021-11-17 07:52	vbc.exe f14fcc9ba3f2310617eb2791db59a702 PWS Loki[b] Loki.m Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		13.6		40	ZeroCERT

2	2021-11-14 18:51	vbc.exe 27d3f668c643e4fb0cb9d925ff18c1a4 Generic Malware Antivirus AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware powershell PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	7 Keyword trend analysis Info http://www.boraeresici.com/scb0/?wPX=PuUFza6JkAKwGoOaYS5KDzl4Ma1aI1cHEJ645VNa9r6R5B04mKyb4d8I8jDK1Wcj5hqzWdPA&1b=jnKtRlUpV http://www.fromtotravel.com/scb0/?wPX=GvprbHektAl4D8IvPxepuajJQ09CC7TSnX+9RfBBDVuKDXES3GsMcohbU3Fqiu3PtbIJWgse&1b=jnKtRlUpV http://www.oemlift.com/scb0/?wPX=oxdzckz1WDzVVbowfF3gXE5AD3hAcBtigHbrnVVZvjVKcpVIlg6EqFW48XjzDRc0/KM6TsbW&1b=jnKtRlUpV http://www.llaa11.xyz/scb0/?wPX=LvVOqUj382vn4xaDmPdNbROBsfmX8/xJXi3b40WP3Ow6Tel98yunW6JlZzwoyviXGhVkmuQf&1b=jnKtRlUpV - rule_id: 6170 http://www.austinsv.net/scb0/?wPX=Zl2v3Gi0i97lZMwkTe4FzSn1z6vHC52v5qw/jpDTScDL/QFSibPt4rSdvZMU8uEZxsMcWvvh&1b=jnKtRlUpV http://www.c7performance.com/scb0/?wPX=1jmKeEnKIzAf6pCXw/ofl7aJO1pMzzZmstFoRAeOWdzh0uaNmgLi+HK50LG8aU1aWwyktqDt&1b=jnKtRlUpV http://www.regalosyartesania.com/scb0/?wPX=TNRA0R/xf/ZNbUY/f0BmmO9GBKrt7jtSacniP7lmW6u3ED/dUxbIXtNKOvVcxD1/iN1fBQ2x&1b=jnKtRlUpV	16 Info www.boraeresici.com(212.102.50.51) www.spiegelverwarming.store() www.austinsv.net(70.40.216.156) www.fromtotravel.com(172.67.204.225) www.llaa11.xyz(104.21.59.243) www.c7performance.com(96.125.174.107) www.andysmittkamp.com() www.regalosyartesania.com(217.160.0.253) www.oemlift.com(154.208.173.191) 212.102.50.51 154.208.173.191 104.21.61.17 70.40.216.156 104.21.59.243 217.160.0.253 - mailcious 96.125.174.107	3	1	13.0	M	42	ZeroCERT

3	2021-11-13 13:14	jet.exe 30f4ab81bdabc5f278037984f4e44754 Loki PWS Loki[b] Loki.m Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	2 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.0		38	ZeroCERT

4	2021-11-13 13:07	scene.exe 810257cb60e0d1a1ed732106e342d2b6 Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName Cryptographic key Software crashed keylogger					11.6		39	ZeroCERT

5	2021-11-13 11:01	skyzx.exe add49d5c2fd2a4cd8e535828536a22b5 Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	9 Keyword trend analysis Info http://www.sunbear.net/zaip/?uTuD=y04h6IED/I3mKbq7VkQCaDZQx3OYE73f7cdQrf7w5vmdRJKBQIo53fk9e6aQFW8ouhBalcrK&Kj6ly=ATY8dPG0edH0BnWP http://www.padel-ledverlichting.com/zaip/?uTuD=VMl0kTGiLv6+9uC4kXZCOUac89eA793hkqRSWyRZiMWUSZoW8TnTCIGiJeNvK0ayTM7I4uZw&Kj6ly=ATY8dPG0edH0BnWP http://www.weixiaotuo.com/zaip/?uTuD=H2kDIyzMk/WxTtoutr62v+/lCcF+T9KTCb4SMmgzStINz+8mAXNjUbsFrkIz4ubeT0NVwsXw&Kj6ly=ATY8dPG0edH0BnWP http://www.khayacoffee.com/zaip/?uTuD=RgFPC/N76xEP4cygV2rz92vrzfKqnea0FH+LfdrseTZQpWGnTtVLJbWHq7+bFyGknH+2gV4S&Kj6ly=ATY8dPG0edH0BnWP http://www.kayonstore.com/zaip/?uTuD=5EPdImnDAMek2UUWF1u6JfCuMROmH1Xnu1QVO3Xfd7nHIyDzp0uSOBKFny1Z6mjpjk329I5C&Kj6ly=ATY8dPG0edH0BnWP http://www.simpaticostrategies.com/zaip/?uTuD=ZrnC8DRRO5VzILrcPaZmhJfisqVdH5EsYsF19dOhgn2eQEbGgn/ibeudCINXh/r08gey/e+m&Kj6ly=ATY8dPG0edH0BnWP http://www.quetaylor.com/zaip/?uTuD=HAqh6cOZnLOnS3SHH16MZHaJ4csidjMHsZ2CzJlUzLX8i4OfANm4LxD8egK5fR/yBMd3iy5T&Kj6ly=ATY8dPG0edH0BnWP http://www.atapoll.com/zaip/?uTuD=+GMt1v8bkkG9+5aoi5PPGpy93ojDZ0zt+0CiRAmjO7mrCda/qH2ab/5qYwAO8Tmkdsyhivnc&Kj6ly=ATY8dPG0edH0BnWP http://www.madlyrics.net/zaip/?uTuD=/kPr8Bya4HNZ++AxanM8HdhCEAGPGizPi2szuB+EyVsbFmEbPsOwyJWDVDczq0Zg9NoqGrIa&Kj6ly=ATY8dPG0edH0BnWP	20 Info www.sunbear.net(3.64.163.50) www.padel-ledverlichting.com(91.184.0.100) www.arairazur.xyz() www.kayonstore.com(162.241.253.45) www.khayacoffee.com(52.37.245.235) www.quetaylor.com(3.64.163.50) www.gsjbd41.club() www.madlyrics.net(198.54.117.216) www.simpaticostrategies.com(198.54.116.202) www.y-promotion.com() www.atapoll.com(199.59.242.153) www.weixiaotuo.com(108.186.180.138) 162.241.253.45 44.238.240.115 198.54.116.202 91.184.0.100 - mailcious 198.54.117.215 - mailcious 199.59.242.153 - mailcious 3.64.163.50 - mailcious 108.186.180.138	1		8.0		20	ZeroCERT

6	2021-11-12 10:46	ugopoundzx.exe 3526f3f6ea7b8bb9a4e607d0abb2fb5e Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	9 Keyword trend analysis Info http://www.destinanon.travel/xgmi/?OXe4g=WJCH8rZobgfZZBedqDM1V/CyvcyT/LbvqdXkTvtB2bZ6B+tveXgXqNnEffSmryypZvoEqA/J&Txl=O0Gln2IHOrxPrh http://www.lesenegalais.info/xgmi/?OXe4g=LvdOefFjwtmO+f+Ti0HKFKJ8gfMd/pcNtZNW8XtSgU22S0wVCPV81EolE8mtO3b/ekY2fSEO&Txl=O0Gln2IHOrxPrh http://www.flexifilling.com/xgmi/?OXe4g=lL/9eA3HBrqmoR15BGbw4pH6cJ/KkPAyfc826+qyTXsQJW+Ftwcv1UPpgG0Xmz6Lwl0TGMQu&Txl=O0Gln2IHOrxPrh http://www.isinterbnk.com/xgmi/?OXe4g=63DG1c9uDvxVGWX2VGMiDJMDfEzuZg0UjXdLrwOzmyIFiqD9D9cbGT2Si376D1EfEpv/U23j&Txl=O0Gln2IHOrxPrh http://www.kloeyscloset.com/xgmi/?OXe4g=iOdaJorWOeNpTxT4eno4q+1JZfcEKNfWWvR31me4o15jRVW8Waj5C6wvlu6aJwRpMSkAMzOI&Txl=O0Gln2IHOrxPrh http://www.cochildprotect.com/xgmi/?OXe4g=12698dOe2uQou79t8ur7ndQkaFSo1yFPtIwyKMXW8AZTYUT1EcMvPPdJ2TxWGfkyCkSeRy/N&Txl=O0Gln2IHOrxPrh http://www.indiaone.online/xgmi/?OXe4g=ZdbFOf67w2IRZIy0ySbgNrOUAVZVGuGTkSs5ggm/nsVcwF7zCFOWcH8Jqa3kqxErS0hwKcRK&Txl=O0Gln2IHOrxPrh http://www.scbcommunity.partners/xgmi/?OXe4g=ibySZgQQBV8V0yOyqM2nT1qHIBOXZbGjkiFJeyfn7m3mGDX/1pdPolDRzIbsAa1sYp1j/LY+&Txl=O0Gln2IHOrxPrh http://www.tradableassettokens.com/xgmi/?OXe4g=Yf9KdltO9pLPnLMHky12TLV4aQQ3rL+wWS962ifTuG60RQkW9uJOE3GX80OcUAsEuX6foirx&Txl=O0Gln2IHOrxPrh	19 Info www.isinterbnk.com(104.21.79.42) www.scbcommunity.partners(209.17.116.163) www.lesenegalais.info(94.23.134.247) www.cochildprotect.com(34.102.136.180) www.mxnorge.com() www.indiaone.online(162.215.226.7) www.flexifilling.com(172.67.169.231) www.tradableassettokens.com(3.33.152.147) www.destinanon.travel(35.208.215.84) www.kloeyscloset.com(66.96.160.151) 209.17.116.163 - mailcious 3.33.152.147 35.208.215.84 34.102.136.180 - mailcious 104.21.79.42 66.96.160.151 162.215.226.7 94.23.134.247 104.21.87.147	1		7.8		16	ZeroCERT

7	2021-11-12 10:45	obinnazx.exe 5951b00de1dbba519c0bbef33494ced3 Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	3 Keyword trend analysis Info http://www.xxtjzmzzahg.com/ad6n/?5jUh=23Z2wFDgg6sCIHfc5XotNYOEpQGPtTRL3ouFqY3HDbJJRkAwKbwLBMp1Xtqmt5aYA+1GJlFq&llxh=fTRld0QHk6980Xw http://www.hxmgzczqdjs.com/ad6n/?5jUh=fERXM8BJAu/IsM9mOMSiABCKY4GsMiltugzIMIAPwKVu+54ym+ZIFqEd+CwLvF9uLqup/TTt&llxh=fTRld0QHk6980Xw http://www.beniciabounce.com/ad6n/?5jUh=kzNXO8h1YN8AnvLHP5I8oYX1yHVe/anvSlt/z5s+jU3gUMQMHOhWJ++fuKIVbMy+UledLqNp&llxh=fTRld0QHk6980Xw	6	2		8.0		17	ZeroCERT

8	2021-11-12 10:42	vvs.exe 0ca64cd14f0f39eb403c451025e37ae7 PWS Loki[b] Loki.m Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response		13.0		23	ZeroCERT

9	2021-11-12 10:38	man.exe 9405cc577b6643f6de285118154fea28 Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	2 Keyword trend analysis	5	1		8.2		30	ZeroCERT

10	2021-11-12 10:38	sirmyzx.exe 5ce9bc025711280fa8e91f12fa39e5ec PWS Loki[b] Loki.m Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response		12.4		14	ZeroCERT

11	2021-11-12 10:34	arinzezx.exe 098bdb5132fe39c863a5bbfb5681204a PWS Loki[b] Loki.m Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response		12.4		19	ZeroCERT

12	2021-11-12 10:29	bk.exe 37c946e015b62829b4c65d73ab5a3225 PWS Loki[b] Loki.m Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response		13.2		24	ZeroCERT