Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
15121	2023-03-05 14:41	handdiy_3.exe f48570526e4923521a63c718ea4a15d3 Gen2 Trojan_PWS_Stealer Credential User Data Generic Malware Malicious Packer SQLite Cookie UPX Malicious Library Anti_VM OS Processor Check PE32 PE File PNG Format Browser Info Stealer VirusTotal Malware suspicious privilege MachineGuid Code Injection Checks debugger WMI Creates executable files ICMP traffic exploit crash Windows utilities suspicious process WriteConsoleW installed browsers check Tofsee Windows Exploit Browser ComputerName Remote Code Execution DNS crashed	1 Keyword trend analysis	5	5		10.8	M	56	ZeroCERT

15122	2023-03-05 14:38	cred64.dll 2cf7028f2e221b5c48ce27381282d7ae Ave Maria WARZONE RAT UPX Malicious Library OS Processor Check DLL PE File PE64 VirusTotal Malware PDB Checks debugger installed browsers check Browser ComputerName crashed					2.0	M	25	ZeroCERT

15123	2023-03-05 14:36	gib.exe e3602917ee3758b7f6bd1e098d82a9e1 UPX Malicious Library PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1		9.0	M	46	ZeroCERT

15124	2023-03-05 14:36	Ysgypfursd.exe 2b053b525219cd96566a58a7d4ff575f RAT NPKI PE File PE64 VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key					2.0	M	38	ZeroCERT

15125	2023-03-05 14:34	cc............................... 0abfe119e17fbffb3bd81577d97de405 RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed Downloader	1 Keyword trend analysis	2	2		4.4	M	26	ZeroCERT

15126	2023-03-05 14:34	2210.exe 6205d4c638c5c3434491477ca9eac840 Gen2 Gen1 Malicious Packer UPX Malicious Library PE File PE64 VirusTotal Malware PDB Remote Code Execution					1.4	M	33	ZeroCERT

15127	2023-03-05 14:33	.win32.exe d16d32f55d2a83dafe140a6a58d784ef UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution					2.0	M	45	ZeroCERT

15128	2023-03-05 14:33	starka.exe 43878e01fb46c6cae4af1004e405cd9c Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) CAB PE32 PE File OS Processor Check DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Malware AutoRuns PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	6 Keyword trend analysis	5	7 Info ET MALWARE Amadey CnC Check-In ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)		17.0	M	35	ZeroCERT

15129	2023-03-05 14:32	1.exe c1e0847bb381373f3206d346cbe36048 Generic Malware Malicious Packer UPX Malicious Library Antivirus OS Processor Check PE File PE64 Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process Ransomware Windows Browser Email ComputerName DNS Cryptographic key crashed		1			8.0	M	43	ZeroCERT

15130	2023-03-05 14:30	gib.exe e3602917ee3758b7f6bd1e098d82a9e1 UPX Malicious Library PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1		9.0	M	46	ZeroCERT

15131	2023-03-05 14:29	clip64.dll 29b9780bb2992d018ae312ed4180a663 UPX Admin Tool (Sysinternals etc ...) Malicious Library OS Processor Check DLL PE32 PE File VirusTotal Malware PDB Checks debugger unpack itself					1.8	M	30	ZeroCERT

15132	2023-03-05 14:27	ColorMC.exe 3ace227a334fa18636c42ab18638abf2 UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware Check memory crashed					1.0	M	14	ZeroCERT

15133	2023-03-05 14:27	vbc.exe e8b4bf0bfe9d51f22728a1676f5d1701 Loki PWS[m] Loki_b Loki_m PWS .NET framework Socket DNS AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.8	M	39	ZeroCERT

15134	2023-03-05 14:26	uaavp.exe d2339201712fb74270ef917f09cc5e51 PWS[m] PWS .NET framework RAT Generic Malware UPX Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	3	5		16.4	M	40	ZeroCERT

15135	2023-03-05 14:25	vbc.exe e2026d3dd0eee3534d1a513e8ee851e7 PWS[m] Loki_b Loki_m PWS .NET framework RAT DNS AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software		1			14.2	M	52	ZeroCERT