Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
15016	2021-11-05 18:10	vbc.exe 5a4cf1e0df9979d5b9073a5f9e4fb9cd Loki PWS Loki[b] Loki.m RAT .NET framework Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	2 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	12.4		17	ZeroCERT

15017	2021-11-05 18:12	vbc.exe dd7010e77d3bdb9394d168a999624d24 PWS Loki[b] Loki.m RAT .NET framework Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW installed browsers check Windows Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	9 Info ET DNS Query to a .tk domain - Likely Hostile ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET POLICY HTTP Request to a *.tk domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		14.0		20	ZeroCERT

15018	2021-11-05 18:12	soon.pif 714866d9b23d4eb4cef3bb94c4689a9c RAT PWS .NET framework NPKI email stealer Generic Malware ASPack Malicious Packer Malicious Library UPX Antivirus DNS Code injection KeyLogger Escalate priviledges Downloader persistence AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files ICMP traffic unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key crashed		7			16.8		25	ZeroCERT

15019	2021-11-05 18:14	mi2_mqdybi.exe f56829a7ed06371517a5ee85fce3f33f Malicious Library PE64 PE File VirusTotal Malware Checks debugger crashed					1.8		24	ZeroCERT

15020	2021-11-05 18:14	4261_1636038990_7096.exe 261c464d2b2d0e06718433bb53bc6be9 Lazarus Family Generic Malware Themida Packer Malicious Library UPX PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare VMware anti-virtualization installed browsers check Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed		2			9.0		19	ZeroCERT

15021	2021-11-05 18:16	197.exe 7b0c07fc5f1c6653b727e312f92b1fa4 Themida Packer UPX AntiDebug AntiVM PE File PE32 VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself Checks Bios Detects VirtualBox Detects VMWare VMware anti-virtualization Windows Firmware DNS Cryptographic key crashed		1			12.2		34	ZeroCERT

15022	2021-11-05 18:16	index-1981876654.xls d32d0ccb0a0cf4637e1355ab7b46ef3d Downloader KeyLogger ScreenShot AntiDebug AntiVM MSOffice File Code Injection unpack itself					2.0			guest

15023	2021-11-05 18:26	CHEVIOTTETS.exe 90a26541a81d20d10c82ed61f40942b1 Generic Malware Malicious Library UPX PE File PE32 Check memory RWX flags setting unpack itself Windows Remote Code Execution crashed					2.0			ZeroCERT

15024	2021-11-05 18:28	mi1_yjdzfg.exe d8cf58004f66339acefc2b6f1c6ecdc8 Malicious Library PE64 PE File VirusTotal Malware Checks debugger crashed					1.6		16	ZeroCERT

15025	2021-11-05 18:29	vbc.exe 78546ce6c6ef3a3a1cc2ff413bba8bb1 Generic Malware Malicious Library UPX PE File PE32 VirusTotal Malware RWX flags setting unpack itself anti-virtualization Windows Remote Code Execution crashed					3.2		20	ZeroCERT

15026	2021-11-05 18:31	index-1981876654.xls d32d0ccb0a0cf4637e1355ab7b46ef3d Downloader MSOffice File RWX flags setting unpack itself suspicious process Tofsee	3 Keyword trend analysis	6	4		3.6			ZeroCERT

15027	2021-11-06 05:37	inCFxdZ2eOW7KAW.exe 709e4bfe015ece74ba2f90752f1c1164 RAT PWS .NET framework Generic Malware task schedule Malicious Packer AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS Cryptographic key		1			13.2	M	54	guest

15028	2021-11-06 05:37	inCFxdZ2eOW7KAW.exe 709e4bfe015ece74ba2f90752f1c1164 RAT PWS .NET framework Generic Malware task schedule Malicious Packer AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS Cryptographic key		1			13.4	M	54	guest

15029	2021-11-06 05:37	inCFxdZ2eOW7KAW.exe 709e4bfe015ece74ba2f90752f1c1164 RAT PWS .NET framework Generic Malware task schedule Malicious Packer AntiDebug AntiVM PE File PE32 .NET EXE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS Cryptographic key		1			12.2	M		guest

15030	2021-11-07 06:53	bthpan.sys 5a8951d195afef979c4ab02a129ebc37 PE64 PE File PDB Remote Code Execution					0.6			guest