Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	VT	Player
1621	2025-03-26 13:36	znicegreatveryspecialguestyour... 282cf1c2d51cb0e6a37b8689eda07eb8 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware VBScript Code Injection Check memory wscript.exe payload download Creates executable files RWX flags setting unpack itself suspicious process Tofsee DNS Dropper	1 Keyword trend analysis	2	4	10.0	13	ZeroCERT

1622	2025-03-26 13:34	sCIPrhZt5Yub9qL.exe fa95f352211ab2fb06a579a5da30a526 LokiBot Generic Malware Malicious Library .NET framework(MSIL) Antivirus Socket PWS DNS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process malicious URLs WriteConsoleW installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	1	7 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 13 ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	15.0	24	ZeroCERT

1623	2025-03-26 13:33	ChromeUpdate.exe 168e78a7154b2453627f5ca82e9ccced PE File PE32 VirusTotal Malware unpack itself				2.4	59	ZeroCERT

1624	2025-03-26 13:31	loader.exe d9a80ca3c99b9c9afb10e3e3e4137d17 Malicious Library Malicious Packer UPX PE File ftp PE64 OS Processor Check VirusTotal Malware PDB				1.8	41	ZeroCERT

1625	2025-03-26 13:30	system.exe ba061861481a48da1ae6efb1c678f26c Generic Malware Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName Cryptographic key				8.0	58	ZeroCERT

1626	2025-03-26 13:30	VixenLoader.exe 9e02078809cf34479e5108fca383862c North Korea Generic Malware Malicious Library Antivirus PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself suspicious process AppData folder WriteConsoleW Windows ComputerName Cryptographic key				5.8	41	ZeroCERT

1627	2025-03-26 13:28	8191032732_1740264845.vbs 4afad6366d8fb4b51b9b644bd3bbb275 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key				7.4	15	ZeroCERT

1628	2025-03-26 13:25	loader.exe c797beeee8e4aa8a65f2ec466d923404 Downloader UPX PE File PE64 OS Processor Check VirusTotal Malware PDB				1.4	50	ZeroCERT

1629	2025-03-26 13:22	nicworkingskillbetterwithnicet... 6fe3875062cb2b402b33d335dee94ac6 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware VBScript Code Injection Check memory wscript.exe payload download Creates executable files unpack itself suspicious process Tofsee DNS Dropper	1 Keyword trend analysis	2	4	10.0	8	ZeroCERT

1630	2025-03-26 11:31	apple.exe f0676528d1fc19da84c92fe256950bd7 Generic Malware Malicious Library WinRAR UPX AntiDebug AntiVM PE File PE32 OS Processor Check VirusTotal Malware PDB Code Injection Creates executable files Windows utilities Auto service suspicious process Windows				4.8	48	ZeroCERT

1631	2025-03-26 11:30	crypted.exe 264c28f35244da45b779e4ead9c6c399 PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself ComputerName				2.8	54	ZeroCERT

1632	2025-03-26 11:29	setup.exe 4a7a12a9e10dff157ee2b2bd9d8853ba Malicious Library UPX PE File PE32 MZP Format VirusTotal Malware unpack itself DNS		1		2.6	51	ZeroCERT

1633	2025-03-26 11:29	rem.exe 46482159a66da1f77b00f808b91ae3e4 Malicious Library PE File .NET EXE PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows ComputerName Cryptographic key crashed				6.0	50	ZeroCERT

1634	2025-03-26 11:28	xmsn.exe 808a1e4b004ad48ca5e96aece8c64133 Emotet Gen1 Generic Malware Malicious Library Malicious Packer UPX ASPack PE File PE64 CAB OS Processor Check DLL DllRegisterServer dll PE32 VirusTotal Malware Telegram PDB Malicious Traffic Checks debugger Creates executable files ICMP traffic unpack itself DNS	6 Keyword trend analysis Info http://37.27.142.100/internals/api/ip?1742955734973498442 http://37.27.142.97/internals/api/ip?1742955747971253166 http://37.27.142.139/internals/api/ip?1742955786967592643 http://37.27.142.101/internals/api/ip?1742955760967662430 http://37.27.142.97/internals/api/ip?1742955763973640697 http://www.google.com/	26 Info t.me(149.154.167.99) - www.google.com(142.250.206.196) - i.instagram.com(157.240.215.63) - vanaheim.cn(46.173.214.156) - scontent-ssn1-1.cdninstagram.com(157.240.215.63) - s.youtube.com(64.233.189.102) - www.google.co.uk(142.250.207.99) - graph.instagram.com(157.240.215.63) - 149.154.167.99 - 185.7.214.57 - 74.125.23.138 - 157.240.215.63 - 185.7.214.51 - 185.156.72.27 - 142.250.198.100 - 37.27.142.100 - 37.27.142.101 - 142.250.66.35 - 37.27.142.139 - 46.173.214.156 - 185.42.12.21 - 37.27.142.97 - 185.42.12.45 - 185.11.61.16 - 185.11.61.15 - 185.156.72.58 -	4	5.8	49	ZeroCERT

1635	2025-03-26 11:27	we.exe 7e54eec2d10957178e6410ba1c899c21 AsyncRAT task schedule Downloader Malicious Library .NET framework(MSIL) Malicious Packer UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDe Malware download AsyncRAT NetWireRC VirusTotal Malware AutoRuns Code Injection Windows utilities suspicious process AppData folder WriteConsoleW zgRAT Windows ComputerName DNS DDNS		12	5	5.8	59	ZeroCERT