Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
1	2021-07-02 10:13	okman.exe 77bd38dbf3b64bc06f15292564185b15 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed				11.0	M	14	ZeroCERT

2	2021-07-02 10:06	palls.exe d46423f6dd4836ad292e54d3583bd4ed PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed				12.2	M	14	ZeroCERT

3	2021-07-02 10:04	father.exe 330cd800ae02945a12fa8e99e06724ef PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed				10.8	M	13	ZeroCERT

4	2021-07-02 10:03	moooor.exe 9f54a650ca6d4838ac02ac5b2c9f247f PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed				11.4	M	21	ZeroCERT

5	2021-07-02 09:58	bilions.exe 2f0d92842e695782e1e011d670ad5766 PWS .NET framework Generic Malware PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key				7.8	M	29	ZeroCERT

6	2021-07-02 09:54	jojojoj.exe 84db6d6d5b5934bb849939080ad4287a PWS .NET framework Generic Malware PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key				7.6	M	16	ZeroCERT

7	2021-07-02 09:36	oga.exe 37e21c11f2b7b0033ecac9dc3a5232f9 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed				11.8		24	ZeroCERT

8	2021-07-02 09:36	.wininit.exe 7e06d1bcadf14d1a21c3a137c133fb6f PWS .NET framework Generic Malware AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows Cryptographic key	7 Keyword trend analysis Info http://www.edimetics.com/u6bi/ http://www.htchotshot.com/u6bi/ http://www.edimetics.com/u6bi/?x48hXFZH=d3hfJGKEWI63rOsJCiBc8ornFYDvC9/7RczIGnWXKID5Nhwh5w+67HtP0IEOiuekpHZtIKVc&CR=Cr-8188 http://www.5588aiai.com/u6bi/ http://www.htchotshot.com/u6bi/?x48hXFZH=p/6tirVHgm6Xf5LbzuS+fXoDDCFNVIVt+CHyU+/NHj661G5jKsdlnfq9mZ8/6D3lLOYGJZ+W&CR=Cr-8188 http://www.unexpectedbrewing.com/u6bi/ http://www.unexpectedbrewing.com/u6bi/?x48hXFZH=jqQrih7cV1P8Fkwa2yx5xatUQVWwSyRce9oQ+27dkPfHvYAQnlO4HsejI5wTOxdSadtqjCum&CR=Cr-8188	11 Info www.unexpectedbrewing.com(198.54.117.215) www.edimetics.com(34.102.136.180) www.glomiotel.website() www.htchotshot.com(184.168.131.241) www.5588aiai.com(162.212.180.112) www.basicryptomining.com() www.gohospo.net() 198.54.117.216 - phishing 34.102.136.180 - mailcious 162.212.180.112 184.168.131.241 - mailcious	1	10.6		18	ZeroCERT

9	2021-07-02 09:34	eba.exe c9aaa8eb7d6d3112a5621a7b9cccdb9f PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed				11.4		23	ZeroCERT

10	2021-07-02 09:33	jamiiiit.exe 9e31c0a38c7763847b7af2f5b773e07f PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed				11.0		12	ZeroCERT

11	2021-07-02 09:28	jasp.exe 06fad614300b1d987c571fd83e27a783 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed				10.6		13	ZeroCERT

12	2021-07-01 13:54	vbc.exe 082f43edde28a07af52951f8e2e43628 PWS Loki[b] Loki[m] .NET framework Generic Malware DNS AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Cryptographic key Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	12.8			ZeroCERT