Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
17626	2023-05-28 14:10	toolspub1.exe 3862f7c67a51edbf6ff66e9d5956cac0 UPX Malicious Library AntiDebug AntiVM OS Processor Check PE File PE32 VirusTotal Malware PDB Code Injection Checks debugger buffers extracted unpack itself				7.0	M	32	ZeroCERT

17627	2023-05-28 14:09	1232.exe a1ce7b26712e1db177d86fa87d09c354 PWS .NET framework AntiDebug AntiVM .NET EXE PE File PE32 FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Ransomware Email Software				11.4	M	36	ZeroCERT

17628	2023-05-28 14:07	ss49.exe 891567deaac471357e8b75133ab42be4 Malicious Packer PE64 PE File VirusTotal Malware PDB RCE				1.0	M	11	ZeroCERT

17629	2023-05-28 14:07	work.exe f3ea299f7271137cfecf96f4e5d95793 PWS .NET framework RAT UPX OS Processor Check .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Windows DNS Cryptographic key		1		4.8	M	65	ZeroCERT

17630	2023-05-28 14:06	nigguy_1.exe 25344f4f54ec2afff00c28ca9c2a1818 PWS .NET framework RAT Loki_b Generic Malware Antivirus UPX Malicious Library Malicious Packer PE File PE32 OS Processor Check .NET EXE VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself suspicious process AppData folder WriteConsoleW Windows Email ComputerName Cryptographic key crashed				6.8	M	53	ZeroCERT

17631	2023-05-28 14:05	Sniepriu.exe 2c178c417c3621ad0c7c17a03b56ce3f RAT .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows ComputerName Cryptographic key		2	1	3.2	M	41	ZeroCERT

17632	2023-05-28 14:03	sksKQissjAN.dll 8245d843cd4d3e90e9edec8ebc0278d4 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself				2.0	M	32	ZeroCERT

17633	2023-05-28 14:03	LummaC2_2023-05-26_18-46.exe 016341463c7fc28b5f760d3119525fa6 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself				2.0	M	33	ZeroCERT

17634	2023-05-28 14:02	botminhok.exe 81b67629e8ec6b301ca40f22dcf74bdb PWS .NET framework RAT UPX OS Processor Check .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	4	2	7.4	M	55	ZeroCERT

17635	2023-05-28 14:01	donpyzx.exe 6c8af0fbafdbfd92df073c0df1be2d56 Loki_b Loki_m PWS .NET framework Socket DNS PWS[m] AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	14.2	M	45	ZeroCERT

17636	2023-05-28 14:01	ogumbgejapxd.exe 5079d5992497325dd379996d819ef7ea Generic Malware UPX Malicious Library Malicious Packer OS Processor Check PE64 PE File VirusTotal Malware crashed				1.2	M	37	ZeroCERT

17637	2023-05-28 13:50	KRILL_YOURSELF.cmd 0502d1878cc372e6118bd37951132d6d Gen2 Gen1 Generic Malware Suspicious_Script_Bin Downloader UPX Malicious Library Malicious Packer Antivirus Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger VirusTotal Malware AutoRuns suspicious privilege Code Injection Creates executable files unpack itself sandbox evasion WriteConsoleW human activity check Windows Browser				5.6	M	20	ZeroCERT

17638	2023-05-28 13:44	kakazx.exe 1f3def51e0810dd7738c3bc6407d5228 PWS .NET framework SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger		2	2	11.4		33	ZeroCERT

17639	2023-05-28 04:13	secret_conversations.json 478b6a33ffb676add90e557000508d0a AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				3.4			guest

17640	2023-05-27 21:10	https://www.pornhub.com Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		2	2	4.2			guest