Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1	2021-08-14 09:43	makenobodyzx.exe 1ea72895c4c7f412c3bd5aa4150a3a89 RAT PWS .NET framework Generic Malware UPX Admin Tool (Sysinternals etc ...) .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows Cryptographic key					5.0	M	30	ZeroCERT

2	2021-08-14 09:39	arinzezx.exe becd8371316c6ce0003a3beb62b9b471 PWS .NET framework Generic Malware UPX Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	3		12.2	M	29	ZeroCERT

3	2021-08-13 20:26	brownzx.exe 6f75f32ed9c7c697dbf8baff60b3a22f PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					9.4	M	13	ZeroCERT

4	2021-08-13 20:24	bum.exe 24fa9768014a79d9193de95aebdd6e4f PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	8 Keyword trend analysis Info http://www.shopihy.com/p2io/?Bb=Ei6RqbmvJXwd1KhoWyb/BZtLNDk4B448l51n8Zz8P/g/u3IBdZc5bHR/QCXBboISRM182550&uTg8S=yVCTVbEP - rule_id: 2198 http://www.micheldrake.com/p2io/?Bb=d2NgnqRQHDqC8zfUpSeXKrGILlrAeXd0mpzt/HUKTHCMsqjNpHqiPqxZu8ECgv8Wi9ydyjUw&uTg8S=yVCTVbEP - rule_id: 1550 http://www.trendbold.com/p2io/?Bb=YuHUVBROXCfg7aakNX6aejQt13LdGy2QNXOPqDJZQ0blgOG1Ou0e6o/Qymt+KddQAKm5B3Gq&uTg8S=yVCTVbEP - rule_id: 2197 http://www.ololmychartlogin.com/p2io/?Bb=2q6D4S4KFKmlXKAOo+dmfNOnFlWkohYFDzximTpdHsIuBKx0b3v/5p4ytrwsGJikHaDfqBb+&uTg8S=yVCTVbEP - rule_id: 1558 http://www.adultpeace.com/p2io/?Bb=4oufm6g7w9cVhgu+mDBWoA8I6Q2bNaX51teMhl/6i5f1woTl8Y4Ohfe29cQ9y7IaJQfIj0iK&uTg8S=yVCTVbEP - rule_id: 1554 http://www.thesoulrevitalist.com/p2io/?Bb=ywi4HDlC8ElSOMEyK6H+rd6B6cynTULkanOSXBUPYg06e2wPUHpv6wPun14JIO+5lIaxxIkr&uTg8S=yVCTVbEP - rule_id: 2157 http://www.malcorinmobiliaria.com/p2io/?Bb=X0EtArFEUual2LrizL+JDvaaIJih4TPXrew0ftkRNgE5xhBEnMYnqlEM9Znbjzoaa6WF3j6b&uTg8S=yVCTVbEP - rule_id: 1719 http://www.myfavbutik.com/p2io/?Bb=dKp6rERBK113SD0GvHZ5ksFEU2G9ncFkpMVxqDe1xbP28bbT8N8SqFHc7ZWN2qvn1fWpyoOF&uTg8S=yVCTVbEP - rule_id: 1552	19 Info www.malcorinmobiliaria.com(160.121.176.84) www.adultpeace.com(163.44.239.73) www.shopihy.com(160.153.137.40) www.jonathan-mandt.com() www.micheldrake.com(192.0.78.25) www.myfavbutik.com(172.67.161.4) www.pyithuhluttaw.net(103.91.67.83) www.trendbold.com(64.190.62.111) www.thesoulrevitalist.com(34.102.136.180) - mailcious www.ololmychartlogin.com(104.237.196.117) 160.121.176.84 - mailcious 163.44.239.73 - mailcious 34.102.136.180 - mailcious 64.190.62.111 - mailcious 104.21.15.16 - mailcious 192.0.78.25 - mailcious 160.153.137.40 - mailcious 5.79.68.107 - suspicious 103.91.67.83 - mailcious	2	8	8.6	M	17	ZeroCERT

5	2021-08-13 20:17	.csrss.exe 9de20bb57302eb4bd57152d375e2f826 Lokibot PWS Loki[b] Loki.m .NET framework Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName Cryptographic key Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	14.6	M	23	ZeroCERT

6	2021-08-13 20:14	refno.exe 2c886fae28caeeeb3b0ada64f64abfb9 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key					7.2	M	22	ZeroCERT

7	2021-08-13 20:04	.dllhost.exe a6ddea61a510a4df6968fcfc929150a4 Loki PWS Loki[b] Loki.m .NET framework Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Cryptographic key Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	12.6	M	21	ZeroCERT