Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	VT	Player
15526	2021-11-18 08:07	TSO_01103300638632719.exe 491ca2d6005190bfe3d8524cc93f3f09 RAT Generic Malware UPX SMTP KeyLogger AntiDebug AntiVM PE File OS Processor Check PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	3	14.4	27	ZeroCERT

15527	2021-11-18 08:07	5380_1637000786_958.exe 2f4587e2ea6606a3e77bc2187c034558 AntiDebug AntiVM PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI RWX flags setting unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName Cryptographic key Software crashed	2 Keyword trend analysis	6	1	13.2	30	ZeroCERT

15528	2021-11-18 08:09	mazx.exe bd0094d9b5cbc6c4468bc2f93d3c57bc PWS Loki[b] Loki.m .NET framework Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software		1		12.0	34	ZeroCERT

15529	2021-11-18 08:09	6811_1636975440_8833.exe dd7a37e366011f1b7aec62845b3a6b97 RAT Generic Malware UPX AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		1		8.0	19	ZeroCERT

15530	2021-11-18 08:11	vbc.exe 42ee4abbbf304e9497b3bb06b78b6d3d PWS Loki[b] Loki.m RAT .NET framework Generic Malware Antivirus DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName Cryptographic key Software		1		13.6	13	ZeroCERT

15531	2021-11-18 08:11	data_02.exe 727e77069ab3d1fdd2c308b05ac86560 Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName DNS Software		1		10.4	29	ZeroCERT

15532	2021-11-18 08:14	setup.exe 682d741260d7a77643182eb40000ca92 Generic Malware Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE File PE32 DLL OS Processor Check AutoRuns Check memory Creates executable files Windows utilities suspicious process AppData folder Windows DNS		1		3.6		ZeroCERT

15533	2021-11-18 08:14	vbc.exe 50f958ff8031633301e940aefc306b19 RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	1		12.4	29	ZeroCERT

15534	2021-11-18 08:16	wong.exe 18bd8df74057cf4fa99265699c15985f PWS Loki[b] Loki.m RAT .NET framework Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName DNS Software		1		12.8	33	ZeroCERT

15535	2021-11-18 08:16	famzx.exe 8c5350abb9e91109f0801109653bdaed RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	3 Keyword trend analysis Info http://www.eehhaaacharity.com/fa83/?5j=IEDtVLP3cLJNsNqE5VWnTen1Zo9DEH1N54cuGDJ/6+HvKVKnCXCPiBfsAPcuzAx65fzpOBZB&vTaDF=LJBPmDW http://www.mnloghomerental.com/fa83/?5j=xK9i3x4nATu42+iXrQhCWUWUQuNhMQ32KRqfhRtn9xfUrA0lC57VG2bJeyXd9xn532VhjACn&vTaDF=LJBPmDW http://www.realtywithsandy.com/fa83/?5j=Ce3eMsxgcM93RS1fWhf/HSKvFJMRRIlenMqFkF0dLnZRnzKI05YMOSqxOcqNUuuKuFI4fFaL&vTaDF=LJBPmDW	6	1	8.4	44	ZeroCERT

15536	2021-11-18 08:18	vbc.exe 345eb590bada4bd9f84e64e160f80e65 Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself DNS		1		2.8	44	ZeroCERT

15537	2021-11-18 08:18	favor.exe f6ebb41c891b00b673f9649c5ceef393 RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	1 Keyword trend analysis	3	1	8.2	39	ZeroCERT

15538	2021-11-18 08:20	vbc.exe 803403abfa57194087a7f744cfc4ab3c Generic Malware Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself				1.8	27	ZeroCERT

15539	2021-11-18 08:20	OOOOR.exe c30a7fcacc84c6ac819b5ce309463ab2 Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	10.2	17	ZeroCERT

15540	2021-11-18 08:22	3759_1636974578_2316.exe 19903b209d0d98a0634428da1d7ecec2 Themida Packer UPX PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Checks Bios Collect installed applications Detects VMWare VMware anti-virtualization installed browsers check Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed		1		9.2	50	ZeroCERT