Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	VT	Player
15511	2021-11-18 07:50	king.jpg b1d0db56e01ed76af9cd5a540061b440 RAT PWS .NET framework Generic Malware UPX SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					10.6	45	ZeroCERT

15512	2021-11-18 07:52	vbc.exe b71718615475c728b530e5b966f1c176 Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName DNS Software		1			10.4	20	ZeroCERT

15513	2021-11-18 07:52	.csrss.exe 9adb6ecb507d5f2d85a4bd09ceee4e7c RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows utilities AppData folder Windows	4 Keyword trend analysis Info http://www.tabacariaamsterdam.com/h6eg/?UbGl=tJNXNGsnDkG/pvQtIMsCvWtUq8id8WSL+UVIHKLMfBRJWHSo2JoKg0SEy5c4a/aXFUTiB513&zZ0tZJ=0V0hlT http://www.99000777.com/h6eg/?UbGl=JYobam77rDlOQKPpfHPbtEwg8lon5QmNO+VHoncOOfV/VHWoj7snn26aYoNMXfdt4GkV4TzH&zZ0tZJ=0V0hlT - rule_id: 7976 http://www.99000777.com/h6eg/?UbGl=JYobam77rDlOQKPpfHPbtEwg8lon5QmNO+VHoncOOfV/VHWoj7snn26aYoNMXfdt4GkV4TzH&zZ0tZJ=0V0hlT http://www.hardlinelogistic.com/h6eg/?UbGl=1UB5Mb92NEOHfk0dUoluXrRC7C7J+he0mVISiyzpD2LuSrs8bD2tzJ+nP5gNXlHiwjFP++1V&zZ0tZJ=0V0hlT	12 Info www.hardlinelogistic.com(34.102.136.180) www.growth-ui.com() www.tabacariaamsterdam.com(34.102.136.180) www.altmarvacanze.com(108.186.3.108) www.wofcheer.com() www.99000777.com(104.21.92.51) www.familafarm.com() www.cover-jp.com() www.hospitaldelpc.net() 104.21.92.51 108.186.3.108 34.102.136.180 - mailcious	1	1	12.0	27	ZeroCERT

15514	2021-11-18 07:54	4066_1636944841_1544.exe b5d17ffc9e3fbd135a09dea9b844f61e Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.2	43	ZeroCERT

15515	2021-11-18 07:54	yale.exe 9a0348ea86a8f394c5d243795d12d1d8 RAT PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed					10.0	36	ZeroCERT

15516	2021-11-18 07:56	noni.exe 2cd70940c087ead96a1904a307caf008 PWS Loki[b] Loki.m RAT .NET framework Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software		1			14.0	25	ZeroCERT

15517	2021-11-18 07:56	csrss.exe ea75ce5193786cccbd312e3a86da2ccf Loki PWS Loki[b] Loki.m RAT .NET framework Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	2 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	14.0	38	ZeroCERT

15518	2021-11-18 07:58	stan.jpg 36a3565a279b5e9a93d057c91a233e8a PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Checks Bios Detects VirtualBox suspicious process AppData folder WriteConsoleW VMware anti-virtualization Windows Browser Email ComputerName Cryptographic key Software crashed					17.8	18	ZeroCERT

15519	2021-11-18 07:58	9630_1636883138_136.exe e42b505cb9bfbf8db1a9a6ccc4da3ac8 Themida Packer Admin Tool (Sysinternals etc ...) Anti_VM Malicious Library UPX PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself Checks Bios Detects VMWare VMware anti-virtualization Windows Firmware Cryptographic key crashed		2			6.2	49	ZeroCERT

15520	2021-11-18 08:00	data_01.exe 5a51e998a8ba5fd82a63377fc000df13 Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software		1			11.0	38	ZeroCERT

15521	2021-11-18 08:01	bt.exe 537010563e0d22cb0c9c397a55368de0 Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself					7.4	31	ZeroCERT

15522	2021-11-18 08:03	br.exe 87c3d31aec649fdb38ad4d25d121d224 PWS .NET framework Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					11.4	20	ZeroCERT

15523	2021-11-18 08:03	ab.exe 8c6e7129756f4cfd332b8fb55d341494 PWS Loki[b] Loki.m Generic Malware Admin Tool (Sysinternals etc ...) UPX Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		12.6	43	ZeroCERT

15524	2021-11-18 08:05	grace.exe 5baf357b6dfd6c9d4ebb6d8ad604be94 PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	2 Keyword trend analysis	5	1		8.4	43	ZeroCERT

15525	2021-11-18 08:05	Mk6tifsj5QCYn3v.exe d7654aea7b5d35ea6f6c529a4ed10da5 PWS Loki[b] Loki.m RAT .NET framework Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2		12.2	26	ZeroCERT