Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	Zero	VT	Player
1	2021-07-14 09:06	frS8UmNq9MyY5Ap.exe c641eb251b4384f78fc114c13913f38e PWS Loki[b] Loki[m] .NET framework Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	1	1	15.0	M	40	ZeroCERT

2	2021-07-13 18:06	DNBAeYMT2WEKoZK.exe 8499ede977c860b8c6c07776081a3dea PWS Loki[b] Loki[m] .NET framework Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	1	1	13.8	M	37	ZeroCERT

3	2021-07-13 09:39	new.exe 809b579e0a86214540493a3dff98d148 Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS		3		14.6		37	ZeroCERT

4	2021-07-12 18:07	.wininit.exe b650c785537ad966290b270adfe56611 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	22 Keyword trend analysis Info http://www.kitchenchampsclub.com/u6bi/?tTrt=5ZNAqNMchTUtCj0WvgahB/Z3fs1EjHNti2Q5ao5aMi6L7i+lYTuSpkwByrAqOc3ys9mnWqbU&1bYxY=mTft4vx http://www.shopnjteamstersfc.com/u6bi/?tTrt=LKFyxH6c4sap+Xl/8VixBTOSCuttXzJo2gMR4EQPDCoBXSC8r5VIV45VWKEtM6oxySUBdt9N&1bYxY=mTft4vx http://www.shopnjteamstersfc.com/u6bi/ http://www.uluuclub.com/u6bi/ http://www.sidingzhou.com/u6bi/?tTrt=aVXymTii6ijc8DnH/8Ar+0aTxSdtTewvHKReP4Zdcep7TuE0CmY/F4sOIbp5s5JaaWphmVZP&1bYxY=mTft4vx http://www.sint-ecommerce.com/u6bi/?tTrt=w2s295loKfJMVFbGUdfcYliRI2chPZn4DGCH61iVg+VnO5bLmd7xwLXDYjltKqBsEq3wHVjr&1bYxY=mTft4vx - rule_id: 2626 http://www.sint-ecommerce.com/u6bi/?tTrt=w2s295loKfJMVFbGUdfcYliRI2chPZn4DGCH61iVg+VnO5bLmd7xwLXDYjltKqBsEq3wHVjr&1bYxY=mTft4vx http://www.accademiadelfuturo.net/u6bi/?tTrt=jNpQWPYOCEE/InbZC5O904ZPR+NUh1f8M62/9LGPpy5PMUVLqn3vNtLL5GSv5SmS/a58mCYm&1bYxY=mTft4vx http://www.2021cacondo.com/u6bi/?tTrt=OCatVl/HxP9LSoxl3pI1zJ3If3DnqK1+RysL2U+jvU6gCDAnxqUdLaoRZ60A7ltEpEYQWsLq&1bYxY=mTft4vx - rule_id: 2630 http://www.2021cacondo.com/u6bi/?tTrt=OCatVl/HxP9LSoxl3pI1zJ3If3DnqK1+RysL2U+jvU6gCDAnxqUdLaoRZ60A7ltEpEYQWsLq&1bYxY=mTft4vx http://www.kslife.net/u6bi/?tTrt=iNvyT4CqLMChP3e6Ge76qlbtGatm/FOjD6+EIrw4iNXlKmgdt1I05b7hDy3w2CW6vTCJ8tUN&1bYxY=mTft4vx - rule_id: 2629 http://www.kslife.net/u6bi/?tTrt=iNvyT4CqLMChP3e6Ge76qlbtGatm/FOjD6+EIrw4iNXlKmgdt1I05b7hDy3w2CW6vTCJ8tUN&1bYxY=mTft4vx http://www.sidingzhou.com/u6bi/ http://www.sint-ecommerce.com/u6bi/ - rule_id: 2626 http://www.sint-ecommerce.com/u6bi/ http://www.kslife.net/u6bi/ - rule_id: 2629 http://www.kslife.net/u6bi/ http://www.kitchenchampsclub.com/u6bi/ http://www.uluuclub.com/u6bi/?tTrt=14o2Zx8XrTHtbcw01fk3Ww5UUYjDZfSZMoRVLzjNmU7sqVPBG/wL8GxkrU1vvFuY/Bg1FPed&1bYxY=mTft4vx http://www.2021cacondo.com/u6bi/ - rule_id: 2630 http://www.2021cacondo.com/u6bi/ http://www.accademiadelfuturo.net/u6bi/	16 Info www.sidingzhou.com(47.56.121.218) www.uluuclub.com(34.102.136.180) www.kslife.net(154.214.113.130) www.kitchenchampsclub.com(154.201.188.49) www.2021cacondo.com(34.102.136.180) www.sint-ecommerce.com(217.160.0.209) www.tjbc-bearing.com() www.accademiadelfuturo.net(217.61.43.22) www.shopnjteamstersfc.com(23.227.38.74) 217.160.0.209 - malware 154.201.188.49 217.61.43.22 34.102.136.180 - mailcious 154.214.113.130 47.56.121.218 23.227.38.74 - mailcious	6	9.4		18	ZeroCERT

5	2021-07-12 18:04	bobs.exe 1cf7ff77cf4ee7c4f4f6fb3d9bf088f7 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed				11.0		23	ZeroCERT

6	2021-07-12 18:02	wininit.exe a954aade1438f60c08c42beb485199a9 PWS Loki[b] Loki[m] .NET framework Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	1	1	14.6	M	22	ZeroCERT