Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	VT	Player
15271	2021-11-12 09:43	invoice.docx 936cad45145d0745ffde338ed6492615 Word 2007 file format(docx) VirusTotal Malware Microsoft MachineGuid Check memory RWX flags setting unpack itself GameoverP2P Zeus ComputerName Trojan Banking	2 Keyword trend analysis	2	1	5.4	30	guest

15272	2021-11-12 10:25	vbc.exe 6bf8602a568d0be97816ab878e1259a1 Generic Malware Malicious Library UPX PE File PE32 VirusTotal Malware RWX flags setting unpack itself Windows Remote Code Execution crashed				2.8	39	ZeroCERT

15273	2021-11-12 10:27	randyzx.exe c197f0089f58e99b1bfccf2a7cc35c2a Malicious Library UPX Admin Tool (Sysinternals etc ...) PE File PE32 OS Processor Check DLL FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder	12 Keyword trend analysis Info http://www.anngonsaigon.net/bcwg/?K2JxbH=wqgILUcZyHa+Z7UtvI0acoklRL2AhWVGWbIreuIdQt/S5jZTqUAJlUqP8Jn8EpWYP6HQfk8g&DVEh=_6Ll7hO0kB_lC6NP http://www.golfyouth.com/bcwg/?K2JxbH=gzbrkMMotKIa9vgK81aFxhEtS3UImgZxKG0vXI7g/9E5XFoxbTI47wSWmloWf4m2yFzT3vxc&DVEh=_6Ll7hO0kB_lC6NP http://www.lapshtop.com/bcwg/?K2JxbH=wUySEiascsr9D8c2BIQ18sSRA5rslpjxBOFBZGfrUsjOddX4oEbTVz81rK/Zkvrysl2nGz8m&DVEh=_6Ll7hO0kB_lC6NP http://www.warungbangtejo.com/bcwg/?K2JxbH=SgvZNObATFMTlqVuCwYU/mNJmciBV7FQPJy+pG8Ix3bN0Yr9DC0NgmdXt3uIaJgFzQeuYxGC&DVEh=_6Ll7hO0kB_lC6NP http://www.teamsportsco.com/bcwg/?K2JxbH=LUVgUL479bIqqk3ORCf1QMU/lNnxalrcAvjpZtsa3xReq2/7WljjEd19Ni9t2KdUDciH5z5N&DVEh=_6Ll7hO0kB_lC6NP http://www.beysconstruction.com/bcwg/?K2JxbH=/N+etiaYgh4y1AIV/pT1PLv0vE6mOqiJtCGwJr/v9fjPIVjAjiHvqmf2IgKMCPUynu/mdIX8&DVEh=_6Ll7hO0kB_lC6NP http://www.jyyhhx.com/bcwg/?K2JxbH=JdyfCUB7JR9AgohLYV0K4ZmjilZp8V/GSpHmCvhTfp8k2jVCFDVbT9JcHb7zJEZW9ZQYmuhg&9r=2dRd_npH http://www.feistybubblegum.com/bcwg/?K2JxbH=hdQFJ8Ir8v5fkgcFd8CzLLrVz37vJgj+NyOD7+70Q0xeWkZLjYckecGpejCZ4HwphARpxocr&DVEh=_6Ll7hO0kB_lC6NP http://www.crispzen.com/bcwg/?K2JxbH=+/ZIvyxX6kL8jbADP+b36d4ErYI+YhkPQzrXTA1gLmOg2CKdA32GVpkkuHqugibVYpZRA2Vj&DVEh=_6Ll7hO0kB_lC6NP http://www.islands.sbs/bcwg/?K2JxbH=+v6Ju1bbPEr27rAl6h9Vh6DwdAseF61Q8FTmj5Zf1lbcWVY/FoEI26XDdpmzYlxJa/b1zb2x&DVEh=_6Ll7hO0kB_lC6NP http://www.xn--2e0br59a7ucquav02b.com/bcwg/?K2JxbH=pQQL7b8PQjIakczZVfg4mf3gCPRS6D9ZOKyzG2tlTN3KO1Rxn8+tZtRSzcCnozU4yNknuL2g&DVEh=_6Ll7hO0kB_lC6NP http://www.bestmodsforminecraft.com/bcwg/?K2JxbH=u3D9O57RwCU+dLWrlGpeDGeo2M9sMCfwIOXzMY2sfMqkuovEuCTIG9e2+hzC4vBST8+hHSxP&DVEh=_6Ll7hO0kB_lC6NP	28 Info www.feistybubblegum.com(67.20.76.187) www.jyyhhx.com(165.3.38.204) www.tipseasystarsfavourite.rest() www.warungbangtejo.com(139.162.22.174) www.beysconstruction.com(174.136.53.234) www.melbun.xyz() www.islands.sbs(198.54.117.215) www.xn--2qu54i3xs9oc.group() www.xn--2e0br59a7ucquav02b.com(183.110.224.48) www.7lolsaot.com() www.bestmodsforminecraft.com(198.143.141.58) www.teamsportsco.com(199.59.242.153) www.crispzen.com(52.20.84.62) www.anngonsaigon.net(112.213.89.167) www.lapshtop.com(182.50.132.242) www.golfyouth.com(198.54.117.215) 67.20.76.187 183.110.224.48 198.143.141.58 52.20.84.62 - mailcious 165.3.38.204 198.54.117.215 - mailcious 198.54.117.216 - phishing 199.59.242.153 - mailcious 182.50.132.242 - mailcious 112.213.89.167 - mailcious 139.162.22.174 174.136.53.234	2	6.0	38	ZeroCERT

15274	2021-11-12 10:27	kolopp.exe c8fa153722d6621a1b3765305cc3949b RAT Generic Malware UPX PE File PE32 .NET EXE Malware Telegram PDB Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces WriteConsoleW IP Check Tofsee ComputerName DNS	1 Keyword trend analysis	4	5	3.0		ZeroCERT

15275	2021-11-12 10:27	basque.exe a35732db1ce01e708084598f4dcdc1e4 Gen1 Gen2 Themida Packer Generic Malware Malicious Library UPX Malicious Packer PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself Checks Bios Detects VMWare AppData folder VMware anti-virtualization Windows Firmware crashed				7.4	32	ZeroCERT

15276	2021-11-12 10:29	....-.......................-.... c4d7770f7d9230c9b9167a4327ae32c7 RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	1	6 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.4	26	ZeroCERT

15277	2021-11-12 10:29	bk.exe 37c946e015b62829b4c65d73ab5a3225 PWS Loki[b] Loki.m Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	13.2	24	ZeroCERT

15278	2021-11-12 10:31	serverzx.exe 1dadf13b8e0441e370eacb0b774c64e9 RAT PWS .NET framework Generic Malware PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself				5.0	24	ZeroCERT

15279	2021-11-12 10:31	9431_1636644172_2842.exe 9be7ba9afcb345e57ed908bb4947ea01 Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself				2.4	39	ZeroCERT

15280	2021-11-12 10:34	mann.exe ca85468ce80c097f6b55c9038990c860 RAT Generic Malware UPX PE File PE32 .NET EXE VirusTotal Malware Telegram PDB Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces WriteConsoleW IP Check Tofsee ComputerName DNS	1 Keyword trend analysis	4	5	3.8	26	ZeroCERT

15281	2021-11-12 10:34	arinzezx.exe 098bdb5132fe39c863a5bbfb5681204a PWS Loki[b] Loki.m Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	12.4	19	ZeroCERT

15282	2021-11-12 10:36	hussanzx.exe ab00b875e9d7ec4065d7dbbda08d474a RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key crashed				8.0	43	ZeroCERT

15283	2021-11-12 10:38	sirmyzx.exe 5ce9bc025711280fa8e91f12fa39e5ec PWS Loki[b] Loki.m Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	12.4	14	ZeroCERT

15284	2021-11-12 10:38	man.exe 9405cc577b6643f6de285118154fea28 Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	2 Keyword trend analysis	5	1	8.2	30	ZeroCERT

15285	2021-11-12 10:39	237.exe c8753945c41821a7e3d9f5da2091cfb9 Gen1 RAT Gen2 Generic Malware Malicious Library UPX Malicious Packer ASPack PE File PE32 DLL OS Processor Check PE64 Malware download Raccoon VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency RecordBreaker MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder installed browsers check Tofsee Stealer Windows Browser Email ComputerName DNS	5 Keyword trend analysis Info http://91.219.236.143//l/f/tqPHEX0B3dP17SpzrvfV/910802d68dc1ffb9b9bd625890844113aa936e4f http://185.163.47.176/nabiuspelen http://91.219.236.143//l/f/tqPHEX0B3dP17SpzrvfV/11132c416b2ed16b26d0c1da5c29f230fc246678 http://91.219.236.143/ https://cdn.discordapp.com/attachments/904860177872855122/904872245145505802/Gainsaying.exe	5	6 Info ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt	9.8	24	ZeroCERT