Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1	2022-10-01 13:00	jag.exe 0bcea97bbf8109cb95c4483a60bcf3f8 PWS[m] RAT PWS .NET framework SMTP KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check ComputerName DNS DDNS	1 Keyword trend analysis	2	2		9.4	M	37	ZeroCERT

2	2022-04-04 21:24	AsusFontMode.exe fddfb395afa39d5678a56b0f247bad49 RAT PWS .NET framework AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		1			8.0	M	20	ZeroCERT

3	2021-12-08 10:59	m2-09.exe f670d4f35079acdbb5e7c5b58286ad1d RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	8 Keyword trend analysis Info http://www.mylori.net/ef6c/?EDK8EDC=dYV4FvE4untOqhJUUHmMS4MiaT9y7jEiob7/fgenPq9yvClivGcNDxr/HcpFKVtE0DHzORm4&BZ=E2M4oFPpVJy - rule_id: 6624 http://www.uzmdrmustafaalperaykanat.com/ef6c/?EDK8EDC=ja7SoM3OFQT8Gg6cQsrMgEr4X7AAHRd2HQn2dp6ngt1+3x8/3G/noJ63mRQfE8+wCQKkMG6+&BZ=E2M4oFPpVJy - rule_id: 5821 http://www.levanttradegroup.com/ef6c/?EDK8EDC=9g8sfBGzWY6JJ+yJLDpPQys/8ShNqhTPTp4cpY8RvCwAQwKx0UrfmPEzoi+Z1D/DgpYog5qv&BZ=E2M4oFPpVJy - rule_id: 5859 http://www.44mpt.xyz/ef6c/?EDK8EDC=jKy9H8VqZwiUle4gjb+CLEX9fpBCwuv2o754Pr7fJKTzkjLdsKrrwvS2m3F+8CxbXLoYiDn1&BZ=E2M4oFPpVJy - rule_id: 5869 http://www.kinglot2499.com/ef6c/?EDK8EDC=qvbt8KP2xJHnSv2agWrG6RDVV6/Qaw5OSzzUHxaBtBqMEVf61rcn+NRYzRRlOu08cWsbP+g5&BZ=E2M4oFPpVJy - rule_id: 5829 http://www.xn--9m1bq8wgkag3rjvb.com/ef6c/?EDK8EDC=W0zrjLjT8XBGRo9sU3Dn88XRkC7FXpf2/JIGBr0tRLYlauEco6w7O/7mFeuMH7lv+B4uIItN&BZ=E2M4oFPpVJy - rule_id: 6470 http://www.fis.photos/ef6c/?EDK8EDC=iVGcxgJZg7dDdqnpGvHyDNlE3XmNDIFvU6VDaZ8nDL6WJmv+1asF/xEbeuA1UUYS6lydoag+&BZ=E2M4oFPpVJy - rule_id: 5835 http://www.discovercotswoldcottages.com/ef6c/?EDK8EDC=BIDo9GBbq26+tRTULeHAa20kRn4DZ7/ZgIW2IC+7vRIIeELykZIx4inPOl/SIZLSvHjtcUe3&BZ=E2M4oFPpVJy - rule_id: 6105	18 Info www.xn--9m1bq8wgkag3rjvb.com(221.139.49.11) www.44mpt.xyz(104.233.177.157) www.levanttradegroup.com(34.102.136.180) www.test-testjisdnsec.store() www.discovercotswoldcottages.com(91.136.8.131) www.instatechnovelz.com() - mailcious www.charlottewright.online() www.mylori.net(103.8.25.68) www.fis.photos(192.0.78.24) www.kinglot2499.com(34.102.136.180) www.uzmdrmustafaalperaykanat.com(18.158.39.175) 3.122.27.22 34.102.136.180 - mailcious 221.139.49.11 - mailcious 91.136.8.131 - mailcious 192.0.78.24 - mailcious 103.8.25.68 - mailcious 104.233.177.157 - mailcious	2	8 Info http://www.mylori.net/ef6c/ http://www.uzmdrmustafaalperaykanat.com/ef6c/ http://www.levanttradegroup.com/ef6c/ http://www.44mpt.xyz/ef6c/ http://www.kinglot2499.com/ef6c/ http://www.xn--9m1bq8wgkag3rjvb.com/ef6c/ http://www.fis.photos/ef6c/ http://www.discovercotswoldcottages.com/ef6c/	8.0	M	13	ZeroCERT

4	2021-08-21 09:10	TF7vGJml6S1lQxR.exe f108b8fcf5fa07d914b587c85b19b38b RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows Cryptographic key					3.0	M	26	ZeroCERT

5	2021-05-24 18:17	rYMtUTp556Z02qL.exe 76c61f35c06b4d510bc59d3f8aa42fea AsyncRAT backdoor PWS .NET framework Malicious Library .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows Cryptographic key					2.0		8	ZeroCERT

6	2021-05-11 09:15	bdell.exe 7278d1fc666d4c3dd033cbf2e39a60ff AsyncRAT backdoor PWS .NET framework Malicious Library SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed					11.0	M	23	ZeroCERT

7	2021-04-26 18:04	winlog.exe b49746e926f5e9398910a1c72f5c8aa6 PWS .NET framework Loki Malicious Library AsyncRAT backdoor Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs suspicious TLD installed browsers check Windows Browser Email ComputerName Cryptographic key Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		13.0		15	ZeroCERT