Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
15046	2023-03-08 11:16	photo_003.exe 0e598ae27453b8349302a232a8fa3c8d UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution					2.4	M	25	ZeroCERT

15047	2023-03-08 11:14	vbc.exe 4885682f23a3e4d30f36031e374829a9 Loki Loki_b Loki_m RAT Socket DNS PWS[m] AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	14.0	M	38	ZeroCERT

15048	2023-03-08 11:13	10032b.exe 906f7577992ba49c57c8e1e4f345b9fd UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution					2.4		28	ZeroCERT

15049	2023-03-08 11:12	rhh.exe 6426a9c12a40aad907b96837a487e988 RAT UPX Malicious Library ScreenShot AntiDebug AntiVM OS Processor Check PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency Buffer PE Code Injection Check memory buffers extracted unpack itself Ransomware Browser ComputerName DNS Software	2 Keyword trend analysis	1	2		10.6	M	41	ZeroCERT

15050	2023-03-08 11:12	vbc.exe 4560193b469fba0faadbd79d31a9a499 PWS .NET framework RAT Generic Malware UPX Antivirus SMTP KeyLogger AntiDebug AntiVM OS Processor Check .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process Windows Browser Email ComputerName Cryptographic key Software crashed					13.0	M	40	ZeroCERT

15051	2023-03-08 11:09	ss25.exe 48f4f6461f03606000016cee556bab4f Gen2 Gen1 UPX Malicious Library Malicious Packer PE File PE64 VirusTotal Malware PDB Remote Code Execution					1.4	M	16	ZeroCERT

15052	2023-03-08 11:09	vbc.exe 4367a4092b69619685efc9aae101ab6c RAT SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName Cryptographic key Software crashed					12.6	M	33	ZeroCERT

15053	2023-03-08 11:09	New1.exe 0492a562ceee12e6db78b77aa191e267 UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware Buffer PE PDB Checks debugger buffers extracted unpack itself sandbox evasion ComputerName		1			4.2	M	35	ZeroCERT

15054	2023-03-08 11:07	cred64.dll d4175d9293f11ba1b93acceaccc246f6 Ave Maria WARZONE RAT UPX Malicious Library OS Processor Check DLL PE File PE64 VirusTotal Malware PDB Checks debugger installed browsers check Browser ComputerName crashed					2.4	M	48	ZeroCERT

15055	2023-03-08 11:07	photo_004.exe c043039d011fe79d35f7b0bca0e4b9ac UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution					2.4	M	28	ZeroCERT

15056	2023-03-08 11:05	11.........................11.... 46ed76d1d2f6fd37e4eb4c9f07e078ca MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash IP Check Windows Exploit DNS DDNS crashed keylogger Downloader	2 Keyword trend analysis	3	12 Info ET INFO Executable Download from dotted-quad Host ET MALWARE MSIL/GenKryptik.FQRH Download Request ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET MALWARE 404/Snake/Matiex Keylogger Style External IP Check ET POLICY External IP Lookup - checkip.dyndns.org ET INFO DYNAMIC_DNS HTTP Request to a .dyndns .org Domain ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO DYNAMIC_DNS Query to a .dyndns .org Domain ET INFO DYNAMIC_DNS Query to *.dyndns. Domain		5.4	M	33	ZeroCERT

15057	2023-03-08 11:05	vbc.exe fea070006007750c1c69082e0563f7af RAT Generic Malware Antivirus .NET EXE PE32 PE File VirusTotal Malware powershell PDB suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					5.4	M	37	ZeroCERT

15058	2023-03-08 09:51	bR2j39T8KXnqkNd.dll 4e7c0febeab7b8257bb5a9a5b41964be Malicious Library Malicious Packer DLL PE File PE64 Remote Code Execution					0.8		1	guest

15059	2023-03-08 09:48	bR2j39T8KXnqkNd.dll 4e7c0febeab7b8257bb5a9a5b41964be Malicious Library Malicious Packer DLL PE File PE64 Remote Code Execution					0.8		1	guest

15060	2023-03-08 09:43	bR2j39T8KXnqkNd.dll 4e7c0febeab7b8257bb5a9a5b41964be Malicious Library Malicious Packer DLL PE File PE64 Remote Code Execution					0.8		1	guest