Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
30796	2022-05-24 09:31	.winlogon.exe 2b7c7a158551f36c50a3fc8c01c514be PWS[m] Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Telegram AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed		2	4		14.6	M	22	ZeroCERT

30797	2022-05-24 09:31	Guatmala.hta 8a19742aa29249ae65244428f5cc9112 Generic Malware Antivirus UPX Malicious Library PowerShell PE32 PE File VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted heapspray Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder sandbox evasion WriteConsoleW installed browsers check Windows Browser ComputerName DNS Cryptographic key	6 Keyword trend analysis Info http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/279_20_6_20042.zip http://104.167.217.66/document.pdf http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip	1	5		14.4	M	10	ZeroCERT

30798	2022-05-24 09:29	vbc.exe 4cbeb3e6ff92824c8146af08e6b3a7ef Loki UPX Malicious Library PE32 PE File OS Processor Check Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	8 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET INFO DNS Query for Suspicious .ml Domain ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious .ml Domain ET INFO HTTP Request to a .ml domain ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Fake 404 Response	1	9.2	M	23	ZeroCERT

30799	2022-05-24 09:28	document345.lnk e134136d442a5c16465d9d7e8afb5ebe Generic Malware Antivirus AntiDebug AntiVM GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed	1 Keyword trend analysis	1			5.8		20	guest

30800	2022-05-24 09:27	data64_1.exe 18a323fe565384c9ad3ddffef8769bf1 Malicious Library PE32 PE File VirusTotal Malware PDB unpack itself RCE					2.6	M	40	ZeroCERT

30801	2022-05-24 09:27	vbc.exe 368b8dc3b4d4f753784fef11b3acc166 RAT PWS .NET framework UPX PE32 .NET EXE PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName crashed					2.6	M	25	ZeroCERT

30802	2022-05-24 09:25	vbc.exe 82cbf602edb285fb54113fd3cd50ebd6 Generic Malware Antivirus AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware powershell PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis	3	1	1	12.6	M	37	ZeroCERT

30803	2022-05-24 09:25	data64_5.exe 4668abb6d5faeeb29e2e910f22489d41 Malicious Library PE32 PE File VirusTotal Malware PDB unpack itself RCE					2.4	M	30	ZeroCERT

30804	2022-05-24 09:23	data64_2.exe b5994d2e3992c37eb17895b91185213b Malicious Library PE32 PE File VirusTotal Malware PDB unpack itself RCE					2.2	M	29	ZeroCERT

30805	2022-05-24 09:23	0397ase.dll 9b692f43d575acb739decfc809db7f2e Bazar Loader (Bazar Backdoor) Anti_VM DLL PE File PE64 IcedID Malware download VirusTotal Malware Malicious Traffic Checks debugger buffers extracted unpack itself	1 Keyword trend analysis	2	1		2.4		13	ZeroCERT

30806	2022-05-24 09:21	vbc.exe 21c7c1417e4dec1a2960197f22ae9c71 RAT PWS .NET framework Generic Malware Antivirus AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key					9.4	M	29	ZeroCERT

30807	2022-05-24 09:20	JMHFvkdcAjY b6ca42b6646e847ad826ebfc2e68d554 UPX Malicious Packer Malicious Library PE32 OS Processor Check DLL PE File Dridex TrickBot VirusTotal Malware Report Checks debugger RWX flags setting unpack itself Kovter ComputerName RCE DNS		17 Info 1.234.2.232 - mailcious 217.182.25.250 - mailcious 151.106.112.196 - mailcious 107.182.225.142 - mailcious 51.91.7.5 - mailcious 188.44.20.25 - mailcious 70.36.102.35 - mailcious 131.100.24.231 - mailcious 153.126.146.25 - mailcious 92.240.254.110 - mailcious 176.56.128.118 - mailcious 119.193.124.41 - mailcious 173.212.193.249 - mailcious 51.91.76.89 - malware 51.254.140.238 - mailcious 45.142.114.231 - mailcious 46.55.222.11 - mailcious	7 Info ET CNC Feodo Tracker Reported CnC Server group 18 ET CNC Feodo Tracker Reported CnC Server group 5 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET CNC Feodo Tracker Reported CnC Server group 4 ET CNC Feodo Tracker Reported CnC Server group 17 ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 8		5.2	M	44	ZeroCERT

30808	2022-05-24 09:19	1.dll 5a0e570b13623c79c9261a8a2cc41f04 DLL PE File PE64 IcedID Malware download VirusTotal Malware Malicious Traffic Checks debugger buffers extracted	1 Keyword trend analysis	2	1		1.8	M	4	ZeroCERT

30809	2022-05-24 09:18	winlog.exe ab72048ed2fba9b4a4504a69dd7685b1 Loki PWS[m] PWS Loki[b] Loki.m Socket DNS AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	2	9 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response ET DNS Query for .su TLD (Soviet Union) Often Malware Related	1	12.0	M		ZeroCERT

30810	2022-05-24 09:18	document317.lnk e134136d442a5c16465d9d7e8afb5ebe Generic Malware Antivirus AntiDebug AntiVM GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					5.8		20	guest