Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	VT	Player
15061	2021-11-07 10:21	6350_1636097557_9790.exe cea3b997030e3b8853f0ce8ffe0d2c61 Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					2.2	26	ZeroCERT

15062	2021-11-07 10:23	dzbg.exe 5805aec9385d2facbda94ba33ee504d2 Themida Packer UPX PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Checks Bios Detects VirtualBox Detects VMWare suspicious process WriteConsoleW VMware anti-virtualization Windows ComputerName Firmware crashed					7.2	25	ZeroCERT

15063	2021-11-07 10:25	esratubu.png 8f32a608150550bcf8da2f58d2fef069 Malicious Library UPX PE File OS Processor Check PE32 Dridex TrickBot Malware Report PDB suspicious privilege MachineGuid Malicious Traffic buffers extracted ICMP traffic unpack itself Check virtual network interfaces suspicious process Kovter ComputerName DNS crashed	1 Keyword trend analysis	6	5		7.4		ZeroCERT

15064	2021-11-07 10:25	vbc.exe 95df65718a5589f3f1427191bfbb2039 Loki PWS Loki[b] Loki.m RAT .NET framework Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	2 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.0	47	ZeroCERT

15065	2021-11-07 10:27	eflairpany.png 39c19b40099fc77f06afe98ddebace2d Malicious Library UPX PE File OS Processor Check PE32 Dridex TrickBot Malware Report PDB suspicious privilege MachineGuid Malicious Traffic buffers extracted unpack itself Check virtual network interfaces suspicious process Kovter ComputerName DNS crashed	1 Keyword trend analysis	6	7 Info ET CNC Feodo Tracker Reported CnC Server group 15 ET CNC Feodo Tracker Reported CnC Server group 2 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex SURICATA Applayer Mismatch protocol both directions ET POLICY Signed TLS Certificate with md5WithRSAEncryption ET CNC Feodo Tracker Reported CnC Server group 1 ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)		6.0		ZeroCERT

15066	2021-11-07 10:27	9075_1636092915_9777.exe 12cfaad5459882b5532d62afc9b2a60b Generic Malware Themida Packer Admin Tool (Sysinternals etc ...) UPX AntiDebug AntiVM PE File PE32 VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself Checks Bios Detects VirtualBox Detects VMWare VMware anti-virtualization Windows Firmware DNS Cryptographic key crashed		1			12.0	28	ZeroCERT

15067	2021-11-07 10:27	arioriginlogger.exe ddeba5a107cb7130f514ae0c1e8626a4 AgentTesla(IN) Generic Malware Malicious Packer Malicious Library UPX PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself					2.4	45	ZeroCERT

15068	2021-11-07 10:31	vbc.exe e2ccf8d1e98bd35aaaaf8a69808766a4 RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder human activity check Tofsee Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	6	1		15.6	26	ZeroCERT

15069	2021-11-07 10:31	sufile.exe d68ea9d5b1d16b39aa4e8ec619b7927b Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself DNS		1			3.0	31	ZeroCERT

15070	2021-11-07 10:34	9212_1636097441_5476.exe 0b31b956a499a5409d5a0c91e2c21365 Generic Malware Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					2.6	45	ZeroCERT

15071	2021-11-07 10:37	5662_1636108501_375.dll 218d08982a5265df0cbc15074f75ff77 Malicious Library UPX PE64 PE File OS Processor Check DLL VirusTotal Malware					0.8	16	ZeroCERT

15072	2021-11-07 10:39	3688_1636106995_4191.exe 36a3976a7678715fffe2300f0ae8a21a Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					2.6	48	ZeroCERT

15073	2021-11-07 10:41	toolspab2.exe b9e5185e5dc7a5403ac864d41ca32e73 Malicious Library UPX AntiDebug AntiVM PE File OS Processor Check PE32 VirusTotal Malware PDB Code Injection Checks debugger buffers extracted unpack itself					7.4	32	ZeroCERT

15074	2021-11-07 10:42	Paurometabola.exe a6c7f2864cd240335939ec3aa33810c8 RAT Generic Malware Malicious Library UPX PE File OS Processor Check PE32 PE64 VirusTotal Malware PDB Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Windows utilities Check virtual network interfaces suspicious process Windows	1 Keyword trend analysis	2			7.4	33	ZeroCERT

15075	2021-11-07 10:43	^.exe 70ffb4ac447b5135651ec3d7437760d7 North Korea RAT PWS .NET framework Generic Malware ILProtector Packer Antivirus UPX PE File PE32 .NET EXE VirusTotal Malware unpack itself crashed					1.8	28	ZeroCERT