Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	Rule	Score	Zero	VT	Player
35611	2022-01-18 08:28	vbc.exe 8e0af44a0ebf1b8c4a505184e29921e2 NSIS Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2		10.0		25	ZeroCERT

35612	2022-01-18 08:22	ava.exe fc137a8683575750f4ee06d368fb211b PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Disables Windows Security Check virtual network interfaces WriteConsoleW IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4		15.2		23	ZeroCERT

35613	2022-01-17 18:14	서보혁 질문지.doc 2de3ab14e582ed83da376345abfb81da MSOffice File unpack itself				2.2			ZeroCERT

35614	2022-01-17 18:04	서보혁 질문지.doc 2de3ab14e582ed83da376345abfb81da MSOffice File				0.8			ZeroCERT

35615	2022-01-17 17:41	vbc.exe 49c9c11b9fcf44769174c04557a19c19 PWS .NET framework Generic Malware PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself				4.8	M	19	ZeroCERT

35616	2022-01-17 17:39	.csrss.exe 917673e1f99f2450c9274a482a0862b8 Generic Malware Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself RCE				2.6	M	24	ZeroCERT

35617	2022-01-17 17:39	.win32.exe fa7e40a8f98c18f82da0c21b448423c7 Loki NSIS Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	1	10.4	M	22	ZeroCERT

35618	2022-01-17 17:37	okcm.exe 8c7155008f40abda98b1e83e783b2147 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed				8.8	M	22	ZeroCERT

35619	2022-01-17 17:37	loader4.exe 198702e6e2d890ba480f0089e2e0e3e7 NSIS Malicious Library UPX PE File PE32 DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software		1		10.8	M	23	ZeroCERT

35620	2022-01-17 17:35	vbc.exe 071a9c8efbb736aeb16025bb49a66b49 PWS .NET framework Generic Malware Antivirus AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key	3 Keyword trend analysis Info http://www.5gt-mobilevsverizon.com/g2fg/?lhr0k=Cgi7DBeK/tkiMpAPtpqVrtjHNt4OmdKxs3XLQM7Tij37hqBFvkIZi44YWSqeIODb1yhuOkXJ&1bm=3fedQNJXAXo0dL - rule_id: 9201 http://www.btcetffutures.online/g2fg/?lhr0k=aHajvukPgaJHHEa1n6tas7GjREvtRMiosSt/eYdou/co8dEKSA1tcnE4gM3G8VSCTTkmrR4h&1bm=3fedQNJXAXo0dL http://www.farcloud.fr/g2fg/?lhr0k=tgog7iLMOmTI9RFHLZbd9iQppoINgEjbBGIOiKidewXyDcje63LQgewnZczei8LvOKcHuZsZ&1bm=3fedQNJXAXo0dL	5	1	10.8	M	22	ZeroCERT

35621	2022-01-17 17:35	5304_1642027539_6274.exe 2d8ebe016b08ce37b916c8ce5889970b AgentTesla(IN) RAT PWS .NET framework Generic Malware Malicious Packer TEST UPX PE File PE32 .NET EXE VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key				2.4	M	33	ZeroCERT

35622	2022-01-17 17:33	vbc.exe c02cb63889491bf66eb4c4393c484e05 Loki NSIS Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	1	10.0	M	24	ZeroCERT

35623	2022-01-17 17:33	vbc.exe fc0ee0685a64b8c163f9358de2bf471a Loki NSIS Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	1	10.2	M	18	ZeroCERT

35624	2022-01-17 17:31	csrss.exe 056801460863b91b342c9d8b07572467 PWS Loki[b] Loki.m .NET framework Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2		14.2	M	24	ZeroCERT

35625	2022-01-17 17:31	1190_1641755976_5805.exe 18d3e1431950b4278077df135eb7fd61 RedLine stealer[m] AntiDebug AntiVM PE File PE32 VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		2		9.4	M	45	ZeroCERT