Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
22396	2022-12-12 09:42	11.exe d718535b14065b8645d4c3310451a67e RedLine stealer[m] Malicious Library UPX AntiDebug AntiVM PE32 OS Processor Check PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	4	1		11.4	M	20	ZeroCERT

22397	2022-12-12 09:35	linda5.exe 873748cb744702ef641a968aa66d3df0 Malicious Library UPX Downloader Create Service Escalate priviledges AntiDebug AntiVM PE32 OS Processor Check PE File DLL PDB Code Injection unpack itself AppData folder RCE					2.4			ZeroCERT

22398	2022-12-12 09:32	anon.exe b1e4ae31c84df768e2020056ee02e4a3 RAT PWS .NET framework UPX PE32 OS Processor Check .NET EXE PE File Browser Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key crashed		1			5.6	M	50	ZeroCERT

22399	2022-12-12 09:30	exe1.exe 561b03f68bc6b48090df5d8e842fd5a6 RAT PWS .NET framework UPX PE32 OS Processor Check .NET EXE PE File VirusTotal Malware Code Injection Check memory Checks debugger unpack itself					3.4		22	ZeroCERT

22400	2022-12-12 09:28	nash.exe 886b804ad445e498eefb6cfb3f92fd51 RAT PWS .NET framework UPX PE32 OS Processor Check .NET EXE PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1			6.2	M	54	ZeroCERT

22401	2022-12-12 09:27	Gay.exe 31ffe86465095a5f2f7b8fa6fc059bda Malicious Library UPX DNS AntiDebug AntiVM PE32 OS Processor Check .NET EXE PE File VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself ComputerName RCE crashed					7.4	M	21	ZeroCERT

22402	2022-12-11 16:05	bibar.exe 83c5d928e7e62b7410c606fefe648945 Malicious Library UPX PE32 OS Processor Check PE File PDB unpack itself RCE					1.4	M		ZeroCERT

22403	2022-12-11 16:04	.csrss.exe 66ebc231e5f5c223e0dad7a9491484a6 Loki PWS[m] PWS Loki[b] Loki.m RAT .NET framework Socket DNS AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk suspicious TLD VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	2	9 Info ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	14.8	M	41	ZeroCERT

22404	2022-12-11 16:04	vbc.exe 44c87d5aa51f340c3c336d4296809842 Generic Malware AntiDebug AntiVM PE File PE64 FormBook Malware download VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	7 Keyword trend analysis Info http://www.hf9blwwuwpx7j8k.live/pgnt/?9rn4nZSH=jggKibTkaQnsv+2bz686sPrTKpZZj5Y7aAqpZixHsFh0T3weMU/cyshvM3OEWd3UvH/Dq+t9ATMUuDnmaxwczBaDQ+rEYQWWB3PST8s=&w2=jFQp3Rm0k - rule_id: 23650 http://www.easy005.xyz/pgnt/?9rn4nZSH=c6ZjPMR1KypLsYL8ZObHXIR8yq1gidghehR4txHs12y83WCLVbV9I23DeUmMEfmlfVnaxELxUHkqoDbKi0r8vsl7teQksvkhOq4cf7k=&w2=jFQp3Rm0k - rule_id: 24125 http://www.terratechpower.com/pgnt/ - rule_id: 24126 http://www.sqlite.org/2020/sqlite-dll-win32-x86-3330000.zip http://www.asiadesign.xyz/pgnt/?9rn4nZSH=h/dOLV7ogV91l6oB44/AYdolrnnmd0FTCCZkgEZfW+MDpsF7VPxAGLSAH18Os+ph5CHWuTyLlvX+1xLdeJRkC81tD9Sfyu2T9cG67js=&w2=jFQp3Rm0k - rule_id: 23651 http://www.asiadesign.xyz/pgnt/ - rule_id: 23651 http://www.easy005.xyz/pgnt/ - rule_id: 24125	10 Info www.hf9blwwuwpx7j8k.live(216.18.208.202) - mailcious www.asiadesign.xyz(85.159.66.93) - mailcious www.terratechpower.com(154.204.248.137) - mailcious www.easy005.xyz(175.41.16.124) - mailcious www.sqlite.org(45.33.6.223) 216.18.208.202 - mailcious 85.159.66.93 - mailcious 175.41.16.124 - mailcious 45.33.6.223 154.204.248.137 - mailcious	3	6	8.8	M	43	ZeroCERT

22405	2022-12-11 15:59	0xSE7Qn2.bat bbae81b88416d8fba76dd3145a831d19 PWS[m] Downloader UPX Create Service DGA Socket ScreenShot DNS Internet API Code injection Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PE32 PE File VirusTotal Malware Code Injection Check memory Creates executable files unpack itself AppData folder malicious URLs WriteConsoleW					5.0	M	37	ZeroCERT

22406	2022-12-11 15:59	vvglma 8fbfd27bf0d03b04e409876711ae1925 AntiDebug AntiVM ELF VirusTotal Email Client Info Stealer Malware Code Injection Check memory Checks debugger unpack itself installed browsers check Browser Email					4.2	M	36	ZeroCERT

22407	2022-12-11 15:56	.win32.exe f39bd4ceb0829ce57a0b67de1414e878 Malicious Library UPX PE32 OS Processor Check PE File VirusTotal Malware PDB unpack itself RCE					2.4	M	53	ZeroCERT

22408	2022-12-11 15:55	csrss.exe 76c60b1590b2af7f71d47550a725377e Loki PWS[m] PWS Loki[b] Loki.m Socket DNS AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	15.2	M	44	ZeroCERT

22409	2022-12-11 15:54	finka.exe d4b84ac8cebe9bac8b4d724367503859 Malicious Library UPX PE32 OS Processor Check PE File VirusTotal Malware PDB unpack itself RCE					2.2		28	ZeroCERT

22410	2022-12-11 15:34	notepads.exe 3ceae9e0773b63662aa06f792a016c47 Malicious Library Malicious Packer UPX OS Processor Check PE File PE64 VirusTotal Cryptocurrency Miner Malware Cryptocurrency Check memory unpack itself Check virtual network interfaces ComputerName Firmware DNS		1	2		3.8		48	guest