Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
17011	2023-05-22 08:57	dollzx.exe c38d1fa73b3535dda6bae5e604f88143 SMTP PWS[m] KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger	1 Keyword trend analysis	2	1		13.0	M	49	ZeroCERT

17012	2023-05-22 08:55	vbc.exe d0e186f273092a0c6a005cd1c46555bc Loki Loki_b Loki_m Formbook DNS PWS[m] AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.8	M	52	ZeroCERT

17013	2023-05-22 08:53	philipzx.exe d7ea3fda5afa8b48c063216fdbc0c1a3 RedLine stealer[m] PWS .NET framework PWS[m] Anti_VM BitCoin AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	2		13.0	M	48	ZeroCERT

17014	2023-05-22 08:53	vbc.exe 67600a2cf6e129d8883d76799561df02 PWS .NET framework RAT Generic Malware Antivirus SMTP PWS[m] KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Telegram suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger		2	4		15.0	M	43	ZeroCERT

17015	2023-05-22 08:53	Inv(05-19)Copy#18-54-15.js 89cde9b78c827ce1e542fddcdafce3a9 VirusTotal Malware VBScript wscript.exe payload download unpack itself Tofsee crashed Dropper	1 Keyword trend analysis	2	2		10.0		2	ZeroCERT

17016	2023-05-22 08:51	obizx.exe ac23a0048ca9e25149a3651cf9688e31 PWS .NET framework Formbook PWS[m] KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger	1 Keyword trend analysis	2	1		13.4	M	48	ZeroCERT

17017	2023-05-22 08:51	damianozx.exe c0e139b4721c1f3203f34732659fbf7e PWS .NET framework KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1		12.0	M	47	ZeroCERT

17018	2023-05-22 08:48	clp2.exe 114802905a97d79114782772cc7106cb UPX Malicious Library OS Processor Check PE64 PE File VirusTotal Malware					1.4		21	ZeroCERT

17019	2023-05-22 08:48	drvsa.hta 43ce488c4c6cc45f7c380dba9a86dad8 Generic Malware Antivirus AntiDebug AntiVM PowerShell PNG Format MSOffice File JPEG Format powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows Exploit ComputerName DNS Cryptographic key crashed Downloader	1 Keyword trend analysis	2			10.0			ZeroCERT

17020	2023-05-22 08:47	pablozx.exe de810661253723f2addc77820dc81aeb PWS .NET framework SMTP KeyLogger Anti_VM AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1		12.6	M	48	ZeroCERT

17021	2023-05-22 08:46	b2.exe 2afcac7aaede32980c96fda99c8c8677 UPX PE64 PE File VirusTotal Malware crashed					1.6		16	ZeroCERT

17022	2023-05-22 08:44	bonder.exe d60031ffc48a89ab83986641703d4b82 RAT Generic Malware Antivirus Anti_VM .NET EXE PE File PE32 VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					7.6	M	58	ZeroCERT

17023	2023-05-22 08:44	ilillil%23%23%23%23%23%23%23%2... f83050a49383b5c615b9a84543254f4e MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware buffers extracted RWX flags setting exploit crash Exploit crashed					3.4	M	28	ZeroCERT

17024	2023-05-20 16:32	mn.php 8fc84574c4e42940483c171e278c9338 UPX Malicious Library OS Processor Check DLL PE64 PE File Checks debugger unpack itself ComputerName DNS crashed		6			3.8	M		ZeroCERT

17025	2023-05-20 16:31	oloriii.exe e15fce57d8180b568e6e27bb06ddbe23 RAT SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1		11.0	M	43	ZeroCERT