Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
1	2021-07-23 09:34	bobbyzx.exe 7fd6bff5fc36687c58d1ac8f9f3a0c0e PWS Loki[b] Loki[m] .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Cryptographic key Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2	14.0	M	24	ZeroCERT

2	2021-07-23 07:59	vbc.exe 78534ba4abd0468144c93031db340139 PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	10 Keyword trend analysis Info http://www.cooperseyewear.com/wten/ http://www.hqs.xyz/wten/?af-8_FRh=oShqX8ozSaLnT/sPQ03i2E5y96WwwgaKxOoyntimszskFDeKs6d6ROBZziWe1pCyV7PXOHJJ&UlSp=GVgTZXS0Kvx0RZ http://www.yourchanceisnow.com/wten/?af-8_FRh=IyHE2bBJVzSV0Kd01SvdFEIzHSgJWEhDz/0nlATlZYPCnWDk0OwsF0JdwnUyAlSL5vrlAFTY&UlSp=GVgTZXS0Kvx0RZ http://www.yourchanceisnow.com/wten/ http://www.hqs.xyz/wten/ http://www.cooperseyewear.com/wten/?af-8_FRh=THr9Rz+cAlxpJ8dxH3Js0HD77G+gXFVnYY7ecCmngghuj/1dom/+vZtWxYtGb7sHHRozcbGl&UlSp=GVgTZXS0Kvx0RZ http://www.hamrharddrive.com/wten/?af-8_FRh=/15B2naq7dsCbpBMrzNELOKQnq5h4qzdwtgstjIpMcs021IKd1TFNIOMsSBp6pfik2oQtS+a&UlSp=GVgTZXS0Kvx0RZ http://www.the-level.net/wten/?af-8_FRh=IHtSwyFi9AeAZOxvqJwcTujIadv1z4e9A03dia3LkLZE+Zb468NERde70wEjVr7G2chd4ID3&UlSp=GVgTZXS0Kvx0RZ http://www.the-level.net/wten/ http://www.hamrharddrive.com/wten/	12 Info www.yourchanceisnow.com(198.54.117.211) www.hamrharddrive.com(34.102.136.180) www.arknmhsc.com() www.hqs.xyz(52.128.23.153) www.thinbluelion.com() www.cooperseyewear.com(34.102.136.180) www.the-level.net(107.180.0.207) www.kolpath.com() 52.128.23.153 - mailcious 34.102.136.180 - mailcious 107.180.0.207 198.54.117.216 - phishing	2	8.0			ZeroCERT

3	2021-07-14 09:17	aa.exe e6a9ebd149db011d65fc795e0139f10c PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows Cryptographic key crashed				5.4		29	ZeroCERT

4	2021-04-27 10:36	smartx.exe ccc1bc7b37600fb5ecb943ddccbd6670 PWS .NET framework Malicious Library AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key				7.4	M	23	guest

5	2021-04-27 09:56	smartx.exe ccc1bc7b37600fb5ecb943ddccbd6670 PWS .NET framework Malicious Library AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key				8.0	M	23	ZeroCERT

6	2021-04-27 08:05	RAUjORNtrpBMaXE.exe 7bb6c716a6119de0949bd18feabf492d PWS .NET framework Malicious Library AsyncRAT backdoor VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows DNS Cryptographic key				4.6	M	28	ZeroCERT

7	2021-04-19 16:52	xlss.exe 4f5390b92f8ff72c45f690ab986d5d96 PWS .NET framework AsyncRAT backdoor VirusTotal Malware Check memory Checks debugger unpack itself				1.8		18	ZeroCERT

8	2021-04-16 18:08	xxxx9-02.exe 4071c5e2f3e94a1276801d76c124b186 AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows DNS Cryptographic key crashed				5.8	M	17	ZeroCERT