Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
32851	2022-04-02 20:27	vbc.exe 348f3fa85be26eaf45471ac2b6f28f5a UPX Malicious Library PE32 PE File VirusTotal Malware Code Injection Check memory Creates executable files unpack itself AppData folder					4.4	M	43	ZeroCERT

32852	2022-04-02 20:25	vbc.exe 59f49dc05749550437c2dc62e4e8e983 UPX Malicious Library PE32 PE File VirusTotal Malware Code Injection Check memory Creates executable files unpack itself AppData folder					4.0		26	ZeroCERT

32853	2022-04-02 20:23	vbc.exe 1c313fe7562459e017b46c4dd280e88b Loki UPX Malicious Library PE32 PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	10.6	M	42	ZeroCERT

32854	2022-04-02 20:23	TrdngAnlzr1645.exe 6e00ff9abc3b0d0cdaae30c2e40efe59 UPX PE32 PE File VirusTotal Malware					2.0	M	34	ZeroCERT

32855	2022-04-02 20:21	csrss.exe 84de5d7cb1a1330735d10f9d4aa6dccd PWS[m] PWS Loki[b] Loki.m .NET framework Socket DNS AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	2	9 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET DNS Query for .su TLD (Soviet Union) Often Malware Related		14.2		37	ZeroCERT

32856	2022-04-02 20:21	csrss.exe b6d36cb695f76f7a0e7fca797691b481 PWS[m] PWS Loki[b] Loki.m .NET framework Socket DNS AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk suspicious TLD VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	9 Info ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2		15.0	M	44	ZeroCERT

32857	2022-04-02 20:19	Mxyifwsxgyhqyqmnsnpglyibmvmoyq... 486617e5e5a6c14c7ad1b7764c353b8b UPX Malicious Library PE32 PE File Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection buffers extracted Creates executable files RWX flags setting unpack itself Tofsee Windows RCE crashed	3 Keyword trend analysis Info https://tbiqbg.db.files.1drv.com/y4mAsbo0Qp-8BspVvTUyO_dkNsZfTjHLZt0F7uz2SYadwJlmMJ59UWQcDh6oGRyjbWD0OQ3PMTx4FyyrajVC_S849PcSNOVWiQQzUbcUAeHrelHtCArQqgeYkO8txg5m3dpiL75MqCgkr7qhjPVqrz0Jq3UULu6cOQ2tQFS6Kf7p_bOqW2Auwt317PzdJT8DCxHU8_m1FuzGyT11026_d_aDg/Mxyifwsxgyhqyqmnsnpglyibmvmoyqf?download&psid=1 https://onedrive.live.com/DOWNLOAD?cid=430B8666D9FC2C5C&resid=430B8666D9FC2C5C%21112&authkey=AMHvzAOHWkHWLug https://tbiqbg.db.files.1drv.com/y4mBKjWdHvQj_XC5BoVlH6Z-Fwa8-XyregPfgVcsKJVebPE88ufUCqACA_TBUlXm9TMIrwSmbwjxPJ_SRySvOZDvdhEjmHg2gf5CWg8GwLzTbiHHx8NFnNvhPuaca1jxTP5I1i8qdqswy-inJwc5wWbZkdovCFFXEXimPk9kVj7UHkEuQEiieGXGRRyxiQsGpmTiLnNMMuX5g_-JGvLQsOiQw/Mxyifwsxgyhqyqmnsnpglyibmvmoyqf?download&psid=1	4	1		8.6	M	41	ZeroCERT

32858	2022-04-02 20:19	ZEurBsC2H3soeiFbyeQ ed815b550144f4825dbc8fc0acd74f59 UPX Malicious Library OS Processor Check DLL PE32 PE File Dridex TrickBot ENERGETIC BEAR Malware Report Checks debugger ICMP traffic RWX flags setting unpack itself sandbox evasion Kovter ComputerName RCE DNS		12 Info 54.38.143.246 - mailcious 5.189.160.61 - mailcious 202.29.239.162 - mailcious 2.58.16.87 - mailcious 188.166.229.148 - mailcious 185.148.168.15 - mailcious 103.82.248.59 - mailcious 103.133.214.242 - mailcious 104.131.62.48 - mailcious 37.59.209.141 - mailcious 94.177.178.26 - mailcious 119.59.125.140 - mailcious	9 Info ET CNC Feodo Tracker Reported CnC Server group 14 ET CNC Feodo Tracker Reported CnC Server group 20 ET CNC Feodo Tracker Reported CnC Server group 19 ET CNC Feodo Tracker Reported CnC Server group 24 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET CNC Feodo Tracker Reported CnC Server group 11 ET CNC Feodo Tracker Reported CnC Server group 4 ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 2		5.4			ZeroCERT

32859	2022-04-02 20:17	TrdngAnlzr9562.exe 15bb44d49f02db5e9670db69d43e47bf UPX PE32 PE File VirusTotal Malware					1.4	M	16	ZeroCERT

32860	2022-04-02 20:17	TrdngAnlzr98262.exe 63b37fd586b14eb9b8971d1d663b431f RAT UPX PE32 PE File PE64 VirusTotal Malware MachineGuid Check memory Checks debugger Creates executable files RWX flags setting unpack itself sandbox evasion WriteConsoleW Windows ComputerName crashed					7.6	M	23	ZeroCERT

32861	2022-04-02 20:16	vbc.exe 5f69fa676168364367f8b1ff9f8c87ef Formbook UPX AntiDebug AntiVM PE File PE64 FormBook Malware download VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself suspicious TLD DNS	6 Keyword trend analysis Info http://www.alexandernestor.com/foi3/?AfhDQXr=MMBYbUiSn9Jp7xzZMniq7kEHudLeRwHrVuMcpUOdlfBfaW+oinDVWScWHSMDivQLBEpD/tZL&pPU=EFQxUr1XhHpd - rule_id: 15028 http://www.jobalrtforme.com/foi3/?AfhDQXr=NKVevXlcLh0tEBxa1pvbtcpMC6/1Yk/ze3+mxM4WJIGVn2jFdZbom2gpqgOIbfBV/zuXwbpj&pPU=EFQxUr1XhHpd http://www.trendzpk.com/foi3/?AfhDQXr=mENbOwf5SNtpNvVvj3QLJ5IBg5/NS8CGrFyQKWnW1DGHv9mxYI+2yYelVBDCKS597ty9LZge&pPU=EFQxUr1XhHpd http://www.rombutan.com/foi3/?AfhDQXr=EO+07ATohwkfgk4rzRFvDnPcqivk4XfGP0SAf6l6dwkmee2jhHznyT4QV5Cl+LP91v5CIYlf&pPU=EFQxUr1XhHpd - rule_id: 15023 http://www.petitsiteentreamis.com/foi3/?AfhDQXr=lhUwHk+EotedDGwkxa1yqcRlQe62RTpfJ3e1sBuN3KsSGbjmOr7+sTejHv3KHEhQOUJ4jdrX&pPU=EFQxUr1XhHpd - rule_id: 15509 http://www.resortcottages19.com/foi3/?AfhDQXr=zMNQRZRSHQeDi1mf2krhBWjQ5CUbKwM9Zz/5gpa6NY3KMxun72fOW2iaZI1HY/fVq1vN7jvG&pPU=EFQxUr1XhHpd - rule_id: 15026	14 Info www.morgan555.top() www.kloecker-versicherungen.com() www.alexandernestor.com(23.227.38.74) www.jobalrtforme.com(15.197.142.173) www.trendzpk.com(192.64.117.206) www.petitsiteentreamis.com(213.186.33.5) www.rombutan.com(213.255.247.184) www.resortcottages19.com(72.167.126.225) 213.255.247.184 - mailcious 72.167.126.225 - mailcious 3.33.152.147 213.186.33.5 - mailcious 192.64.117.206 - phishing 23.227.38.74 - mailcious	2	4	8.0	M	31	ZeroCERT

32862	2022-04-02 20:15	TrdngAnlzr2249.exe ae69335fc5a845be550b5fd8780edac4 UPX PE32 PE File VirusTotal Malware					2.0	M	35	ZeroCERT

32863	2022-04-02 15:32	https://vhostnetwork.com/core/... 2a1d5b4479f110326b54620aa9ed942a PWS[m] Create Service DGA Socket ScreenShot DNS Internet API Code injection Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Downloader Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File PNG Format JPEG Format VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		2	2		4.6			guest

32864	2022-04-01 17:41	DeliveryFailure-1623907580.xls... 7de6f070b2518d414de2284ad31d1498 Malicious Library Excel Binary Workbook file format(xlsb) Malware Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself suspicious process Exploit DNS crashed	2 Keyword trend analysis	3		2	5.2	M		guest

32865	2022-04-01 17:41	DeliveryFailure-1200829687.xls... 31f3d7c8e451be9068a5c25061ed2793 Malicious Library Excel Binary Workbook file format(xlsb) Malware Malicious Traffic Creates executable files unpack itself suspicious process DNS	2 Keyword trend analysis	3		2	4.2	M		guest