Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	VT	Player
15586	2021-11-18 14:09	file.exe 3e2ac75c37deb5eaf3d253581c436ba2 Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.0	39	ZeroCERT

15587	2021-11-18 14:09	vbc.exe 186ee2b0fbae609d44351da0241dd0ec PWS .NET framework Emotet Gen2 Gen1 RAT Formbook Generic Malware NSIS UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) Antivirus ASPack Anti_VM KeyLogger ScreenShot AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check Browser Info Stealer VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs installed browsers check Windows Browser					10.2	34	ZeroCERT

15588	2021-11-18 14:09	http://etherx.jabber.org/strea... Create Service DGA Socket Steal credential DNS Internet API Hijack Network Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot Http API P2P persistence AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	7	2		4.8		C0d3_22

15589	2021-11-18 14:11	mypc.exe 5ca007dbd88522738eab36ecbf8cc230 Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB WMI ComputerName					2.4	30	ZeroCERT

15590	2021-11-18 14:13	sqlservr.exe 3412c25937783c5151f42c1576b6bbbc Lokibot PWS Loki[b] Loki.m .NET framework Generic Malware UPX Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName DNS Software crashed	2 Keyword trend analysis	1	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	1	14.6	34	ZeroCERT

15591	2021-11-18 14:16	5.exe 5947013e88bba4a0f8857d4d07e7ede4 Generic Malware Themida Packer Malicious Library UPX Antivirus Create Service DGA Socket Steal credential DNS Internet API Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot Http API P2P AntiDebug AntiVM PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare powershell.exe wrote suspicious process AppData folder VMware anti-virtualization installed browsers check Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed		1			12.4	25	ZeroCERT

15592	2021-11-18 14:19	vbc.exe c4839f9e9d80100927eb39678175bbe6 PWS .NET framework Generic Malware UPX AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself malicious URLs	8 Keyword trend analysis Info http://www.pharmacylinked.com/mwev/?EDK8bDR=kSazBseQ9VA3+O2zd86vUZtCsq4ujZp9CdzcCGRo6ROqLCJkM3TozqGUh8fUjNaeUw+D9gOF&BZ=E2M4oNWx_Ln http://www.bestinvest-4u.com/mwev/?EDK8bDR=fRnCKhUrMCsINhKSEJ00SnwJClpGmde6QLCdonPH4+C+ymFGyBrwuHjsYcSXUmVI/fDrkcVg&BZ=E2M4oNWx_Ln http://www.9linefarms.com/mwev/?EDK8bDR=IjrmxmCQQngtXgE+DfjHEVuIkvJ5tkiLJEgsa0CnjrXivTO01eRXbjBJ5bSESAMJcdRVK1b8&BZ=E2M4oNWx_Ln http://www.scion-go-getter.com/mwev/?EDK8bDR=Y+Hyy1N5D5MxwHpLzGerXtl/+e9k+2VYdp+JCOaNjGnZwwqutoqB71RoDgAXCJ7sEd8Lkw64&BZ=E2M4oNWx_Ln - rule_id: 7365 http://www.scion-go-getter.com/mwev/?EDK8bDR=Y+Hyy1N5D5MxwHpLzGerXtl/+e9k+2VYdp+JCOaNjGnZwwqutoqB71RoDgAXCJ7sEd8Lkw64&BZ=E2M4oNWx_Ln http://www.thegurusigavebirthto.com/mwev/?EDK8bDR=6Sc3LlBJxZZC4+mEboPE99cD6wuRe5iQ+Pzmr10Fl76FDXQrWG9i3gEbb3AnXvsJeMTBS4sp&BZ=E2M4oNWx_Ln - rule_id: 6986 http://www.thegurusigavebirthto.com/mwev/?EDK8bDR=6Sc3LlBJxZZC4+mEboPE99cD6wuRe5iQ+Pzmr10Fl76FDXQrWG9i3gEbb3AnXvsJeMTBS4sp&BZ=E2M4oNWx_Ln http://www.recbi56ni.com/mwev/?EDK8bDR=37LaxqPx4dRJgntBfpfjAqJd/Q4WaiTc/uUmetkq2PeO5XcZr3uM1g2Xyz18XUSrQIrn/awF&BZ=E2M4oNWx_Ln	15 Info www.recbi56ni.com(63.250.42.132) www.scion-go-getter.com(35.209.150.94) www.bestinvest-4u.com(172.67.141.192) www.squareleatherbox.net(185.225.17.147) www.carthy.foundation(209.17.116.163) www.9linefarms.com(34.102.136.180) www.pharmacylinked.com(34.102.136.180) www.thegurusigavebirthto.com(192.0.78.24) 209.17.116.163 - mailcious 35.209.150.94 34.102.136.180 - mailcious 63.250.42.132 192.0.78.24 - mailcious 172.67.141.192 185.225.17.147	1	2	10.4	34	ZeroCERT

15593	2021-11-18 14:20	SHIPPMENT.exe 619f8ccd0bd2187518c8c53eb5719058 Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger Creates executable files unpack itself AppData folder Windows Browser Email ComputerName DNS Cryptographic key Software crashed		1			9.4	39	ZeroCERT

15594	2021-11-18 14:22	vbc.exe 6f8972b5ac06219c84f4bded8dfab4a6 Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.0	35	ZeroCERT

15595	2021-11-18 14:24	Setup.exe 4232d01db3e1de0c9294ed07a08007bf Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.0	33	ZeroCERT

15596	2021-11-18 14:27	Chia.exe 902c73e20846823545f0e59b30f17013 Gen2 Malicious Library UPX PE File OS Processor Check PE32 PDB crashed					0.4		C0d3_22

15597	2021-11-18 14:31	xmrig.exe a7168bd94f951899e8a37523bde461dc Generic Malware Malicious Packer Malicious Library UPX PE64 PE File OS Processor Check VirusTotal Malware unpack itself					1.6	54	C0d3_22

15598	2021-11-18 14:33	csrss.exe 8970a7286be6110a9578b40290d5ca72 Loki PWS Loki[b] Loki.m .NET framework Generic Malware UPX Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software	2 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	14.6	40	ZeroCERT

15599	2021-11-18 14:33	dllhost.exe 9b5f45c953ea288417af845da00ad28a Generic Malware Admin Tool (Sysinternals etc ...) UPX Code injection AntiDebug AntiVM PE File PE32 .NET EXE Dridex TrickBot VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Kovter DNS		1	1		7.6	24	ZeroCERT

15600	2021-11-18 14:35	initis.exe cea270aef0733d09aece2d38e7bc18c1 Generic Malware Malicious Packer Admin Tool (Sysinternals etc ...) Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware unpack itself WriteConsoleW					2.0	24	ZeroCERT