Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1561	2025-03-27 09:58	FilelessPELoader86.exe 7b10d8430d88fe76536b6b0ba6d65692 Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware PDB WriteConsoleW					1.6		45	ZeroCERT

1562	2025-03-27 09:56	de.exe 1868a8c3d7704666f9d3ce2e3b3d46da Malicious Library Malicious Packer UPX PE File PE64 VirusTotal Malware unpack itself WriteConsoleW crashed					3.0		32	ZeroCERT

1563	2025-03-27 09:56	temp.exe 3d5e7f93d532268c248c981737f80d60 PE File PE64 VirusTotal Malware RWX flags setting unpack itself ComputerName DNS		1			4.2		45	ZeroCERT

1564	2025-03-27 09:52	creatingbestthingsforhisbestst... 287ddf351810cc030f2eca5307052023 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware VBScript Code Injection Check memory wscript.exe payload download Creates executable files suspicious process malicious URLs Tofsee DNS Dropper	1 Keyword trend analysis	2	4		10.0		22	ZeroCERT

1565	2025-03-27 09:44	setup0321_or.msi 2bde31c6d3b70017f3f3b1f2705cab39 Generic Malware Malicious Library CAB MSOffice File OS Processor Check VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName	2 Keyword trend analysis	3		1	2.4		14	ZeroCERT

1566	2025-03-27 09:39	loader.exe e6bd18c05b4c856a0465f5c539b5873f Malicious Library UPX PE File MZP Format PE32 URL Format VirusTotal Malware Check memory ICMP traffic unpack itself Windows utilities suspicious process WriteConsoleW Windows DNS DDNS keylogger		3	3		8.0		27	ZeroCERT

1567	2025-03-26 15:44	ChromeUpdate.exe 168e78a7154b2453627f5ca82e9ccced Poorweb PE File PE32 VirusTotal Malware unpack itself					2.4	M	59	r0d

1568	2025-03-26 15:37	NYDYDSBERDSVERY.bat d2409a7a788c94d08291d211c4da0e9a Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					4.2			guest

1569	2025-03-26 13:42	PhotoshopSetup.exe 2987da97a36e8c4345ec4090e6986376 Generic Malware Antivirus UPX PE File .NET EXE PE32 OS Processor Check GIF Format Lnk Format VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName DNS Cryptographic key keylogger		1			9.0		58	ZeroCERT

1570	2025-03-26 13:38	ChromeUpdate.exe 4eb8488f870003161cde6198c3c1d4cd Generic Malware Malicious Library PE File PE64 VirusTotal Cryptocurrency Miner Malware DNS CoinMiner		2	1		1.6		57	ZeroCERT

1571	2025-03-26 13:36	Adobe_PhotoshopSetups.exe 9fff72f95c07e3922b9a34d51723f586 North Korea Generic Malware Malicious Library Antivirus PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself suspicious process AppData folder WriteConsoleW Windows ComputerName Cryptographic key					5.8		54	ZeroCERT

1572	2025-03-26 13:36	znicegreatveryspecialguestyour... 282cf1c2d51cb0e6a37b8689eda07eb8 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware VBScript Code Injection Check memory wscript.exe payload download Creates executable files RWX flags setting unpack itself suspicious process Tofsee DNS Dropper	1 Keyword trend analysis	2	4		10.0		13	ZeroCERT

1573	2025-03-26 13:34	sCIPrhZt5Yub9qL.exe fa95f352211ab2fb06a579a5da30a526 LokiBot Generic Malware Malicious Library .NET framework(MSIL) Antivirus Socket PWS DNS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process malicious URLs WriteConsoleW installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	1	7 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 13 ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		15.0		24	ZeroCERT

1574	2025-03-26 13:33	ChromeUpdate.exe 168e78a7154b2453627f5ca82e9ccced PE File PE32 VirusTotal Malware unpack itself					2.4		59	ZeroCERT

1575	2025-03-26 13:31	loader.exe d9a80ca3c99b9c9afb10e3e3e4137d17 Malicious Library Malicious Packer UPX PE File ftp PE64 OS Processor Check VirusTotal Malware PDB					1.8		41	ZeroCERT