Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	VT	Player
15286	2021-11-12 10:40	sold.exe 5c16f7fdeb2a95b5bdbecd54a8b6d4e0 Generic Malware PE64 PE File VirusTotal Malware				1.6	48	ZeroCERT

15287	2021-11-12 10:40	seminude.exe b526f0a2b32de1e6685fd3bade38f257 RAT PWS .NET framework Generic Malware UPX PE File PE32 .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key				2.8	31	ZeroCERT

15288	2021-11-12 10:42	alltud.exe b380ac326f09bcbd2f78db3d4850d0de Malicious Library PE File PE32 VirusTotal Malware unpack itself crashed				2.2	22	ZeroCERT

15289	2021-11-12 10:42	vvs.exe 0ca64cd14f0f39eb403c451025e37ae7 PWS Loki[b] Loki.m Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	13.0	23	ZeroCERT

15290	2021-11-12 10:45	obinnazx.exe 5951b00de1dbba519c0bbef33494ced3 Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	3 Keyword trend analysis Info http://www.xxtjzmzzahg.com/ad6n/?5jUh=23Z2wFDgg6sCIHfc5XotNYOEpQGPtTRL3ouFqY3HDbJJRkAwKbwLBMp1Xtqmt5aYA+1GJlFq&llxh=fTRld0QHk6980Xw http://www.hxmgzczqdjs.com/ad6n/?5jUh=fERXM8BJAu/IsM9mOMSiABCKY4GsMiltugzIMIAPwKVu+54ym+ZIFqEd+CwLvF9uLqup/TTt&llxh=fTRld0QHk6980Xw http://www.beniciabounce.com/ad6n/?5jUh=kzNXO8h1YN8AnvLHP5I8oYX1yHVe/anvSlt/z5s+jU3gUMQMHOhWJ++fuKIVbMy+UledLqNp&llxh=fTRld0QHk6980Xw	6	2	8.0	17	ZeroCERT

15291	2021-11-12 10:46	ugopoundzx.exe 3526f3f6ea7b8bb9a4e607d0abb2fb5e Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	9 Keyword trend analysis Info http://www.destinanon.travel/xgmi/?OXe4g=WJCH8rZobgfZZBedqDM1V/CyvcyT/LbvqdXkTvtB2bZ6B+tveXgXqNnEffSmryypZvoEqA/J&Txl=O0Gln2IHOrxPrh http://www.lesenegalais.info/xgmi/?OXe4g=LvdOefFjwtmO+f+Ti0HKFKJ8gfMd/pcNtZNW8XtSgU22S0wVCPV81EolE8mtO3b/ekY2fSEO&Txl=O0Gln2IHOrxPrh http://www.flexifilling.com/xgmi/?OXe4g=lL/9eA3HBrqmoR15BGbw4pH6cJ/KkPAyfc826+qyTXsQJW+Ftwcv1UPpgG0Xmz6Lwl0TGMQu&Txl=O0Gln2IHOrxPrh http://www.isinterbnk.com/xgmi/?OXe4g=63DG1c9uDvxVGWX2VGMiDJMDfEzuZg0UjXdLrwOzmyIFiqD9D9cbGT2Si376D1EfEpv/U23j&Txl=O0Gln2IHOrxPrh http://www.kloeyscloset.com/xgmi/?OXe4g=iOdaJorWOeNpTxT4eno4q+1JZfcEKNfWWvR31me4o15jRVW8Waj5C6wvlu6aJwRpMSkAMzOI&Txl=O0Gln2IHOrxPrh http://www.cochildprotect.com/xgmi/?OXe4g=12698dOe2uQou79t8ur7ndQkaFSo1yFPtIwyKMXW8AZTYUT1EcMvPPdJ2TxWGfkyCkSeRy/N&Txl=O0Gln2IHOrxPrh http://www.indiaone.online/xgmi/?OXe4g=ZdbFOf67w2IRZIy0ySbgNrOUAVZVGuGTkSs5ggm/nsVcwF7zCFOWcH8Jqa3kqxErS0hwKcRK&Txl=O0Gln2IHOrxPrh http://www.scbcommunity.partners/xgmi/?OXe4g=ibySZgQQBV8V0yOyqM2nT1qHIBOXZbGjkiFJeyfn7m3mGDX/1pdPolDRzIbsAa1sYp1j/LY+&Txl=O0Gln2IHOrxPrh http://www.tradableassettokens.com/xgmi/?OXe4g=Yf9KdltO9pLPnLMHky12TLV4aQQ3rL+wWS962ifTuG60RQkW9uJOE3GX80OcUAsEuX6foirx&Txl=O0Gln2IHOrxPrh	19 Info www.isinterbnk.com(104.21.79.42) www.scbcommunity.partners(209.17.116.163) www.lesenegalais.info(94.23.134.247) www.cochildprotect.com(34.102.136.180) www.mxnorge.com() www.indiaone.online(162.215.226.7) www.flexifilling.com(172.67.169.231) www.tradableassettokens.com(3.33.152.147) www.destinanon.travel(35.208.215.84) www.kloeyscloset.com(66.96.160.151) 209.17.116.163 - mailcious 3.33.152.147 35.208.215.84 34.102.136.180 - mailcious 104.21.79.42 66.96.160.151 162.215.226.7 94.23.134.247 104.21.87.147	1	7.8	16	ZeroCERT

15292	2021-11-12 10:46	Win_32activator_kl_self_st.exe ba24725267a669ed25f5aab1d98aaf0c Malicious Library UPX PE File PE32 DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger Creates executable files unpack itself AppData folder Windows Browser Email ComputerName Cryptographic key Software crashed keylogger				9.2	22	ZeroCERT

15293	2021-11-12 10:47	rep-1051031759.xls 91bf161ba415880db9f4bdc5eea1500b Downloader MSOffice File VirusTotal Malware RWX flags setting unpack itself suspicious process Tofsee	2 Keyword trend analysis	4	2	4.2	10	guest

15294	2021-11-12 10:49	.csrss.exe a4f9c0b9ec3ad64198a50fe22228fe39 PWS Loki[b] Loki.m .NET framework Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName DNS Software		1		13.6	44	ZeroCERT

15295	2021-11-12 10:49	allied.exe 2de71e1b40afd4d2e3a77e44ca337258 Malicious Library UPX PE File PE32 DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger Creates executable files unpack itself AppData folder Windows Browser Email ComputerName Cryptographic key Software crashed keylogger				9.4	30	ZeroCERT

15296	2021-11-12 10:58	kdotzx.exe b9021f2617c123e21a074ad25956a63f PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed				9.0	39	ZeroCERT

15297	2021-11-12 10:58	vbc.exe cab077fad804e27baf9256754bd848b3 Generic Malware Malicious Packer Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware RWX flags setting crashed				1.4	29	ZeroCERT

15298	2021-11-12 10:58	~PY56789845678-87655678.exe b38d84ee978cb72c7ef1bfc9db5b6668 Generic Malware Antivirus DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key DDNS crashed		2	1	16.4	21	ZeroCERT

15299	2021-11-12 11:00	Remittance_order _093.exe 55d99b0c0a92bcaf87efb395ba5285de PWS .NET framework Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed				12.6	22	ZeroCERT

15300	2021-11-12 11:00	Gainsaying.exe 0bb908dbba6ed2b22b9f164adec88283 RAT Generic Malware PE64 PE File VirusTotal Malware Check memory Checks debugger unpack itself				2.0	12	ZeroCERT