Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	VT	Player
38611	2021-11-18 14:42	blk00000.dat 3d4656931a8b1ba6b4b6669ea03b8c03 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.4		C0d3_22

38612	2021-11-18 14:41	file2.cms 7a8ff582c7e91af4c10019b82ada67b4 PE64 PE File DLL VirusTotal Malware unpack itself WriteConsoleW					1.6	3	ZeroCERT

38613	2021-11-18 14:40	E5WhBhUP2dqn 356252e7a07ec1a807795cfb77629ea7 VBA_macro Generic Malware Antivirus Create Service DGA Socket Steal credential DNS Internet API Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot Http API P2P AntiDebug AntiVM Word 2007 file format(docx) VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key					8.4	20	ZeroCERT

38614	2021-11-18 14:39	Done.exe aaea0b2a1b429283fe48d824d1c40c4b Themida Packer Generic Malware Malicious Library UPX Anti_VM Antivirus Create Service DGA Socket Steal credential DNS Internet API Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot Http API P2P AntiDebug AntiVM PE Fi Browser Info Stealer FTP Client Info Stealer VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare powershell.exe wrote suspicious process AppData folder VMware anti-virtualization installed browsers check Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed		3			12.6	32	ZeroCERT

38615	2021-11-18 14:37	obizx.exe dafce59283b215958f71191b6ec0fc7c PWS .NET framework Generic Malware UPX AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	1 Keyword trend analysis	3	1		9.0	23	ZeroCERT

38616	2021-11-18 14:35	initis.exe cea270aef0733d09aece2d38e7bc18c1 Generic Malware Malicious Packer Admin Tool (Sysinternals etc ...) Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware unpack itself WriteConsoleW					2.0	24	ZeroCERT

38617	2021-11-18 14:33	dllhost.exe 9b5f45c953ea288417af845da00ad28a Generic Malware Admin Tool (Sysinternals etc ...) UPX Code injection AntiDebug AntiVM PE File PE32 .NET EXE Dridex TrickBot VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Kovter DNS		1	1		7.6	24	ZeroCERT

38618	2021-11-18 14:33	csrss.exe 8970a7286be6110a9578b40290d5ca72 Loki PWS Loki[b] Loki.m .NET framework Generic Malware UPX Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software	2 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	14.6	40	ZeroCERT

38619	2021-11-18 14:31	xmrig.exe a7168bd94f951899e8a37523bde461dc Generic Malware Malicious Packer Malicious Library UPX PE64 PE File OS Processor Check VirusTotal Malware unpack itself					1.6	54	C0d3_22

38620	2021-11-18 14:27	Chia.exe 902c73e20846823545f0e59b30f17013 Gen2 Malicious Library UPX PE File OS Processor Check PE32 PDB crashed					0.4		C0d3_22

38621	2021-11-18 14:24	Setup.exe 4232d01db3e1de0c9294ed07a08007bf Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.0	33	ZeroCERT

38622	2021-11-18 14:22	vbc.exe 6f8972b5ac06219c84f4bded8dfab4a6 Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.0	35	ZeroCERT

38623	2021-11-18 14:20	SHIPPMENT.exe 619f8ccd0bd2187518c8c53eb5719058 Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger Creates executable files unpack itself AppData folder Windows Browser Email ComputerName DNS Cryptographic key Software crashed		1			9.4	39	ZeroCERT

38624	2021-11-18 14:19	vbc.exe c4839f9e9d80100927eb39678175bbe6 PWS .NET framework Generic Malware UPX AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself malicious URLs	8 Keyword trend analysis Info http://www.pharmacylinked.com/mwev/?EDK8bDR=kSazBseQ9VA3+O2zd86vUZtCsq4ujZp9CdzcCGRo6ROqLCJkM3TozqGUh8fUjNaeUw+D9gOF&BZ=E2M4oNWx_Ln http://www.bestinvest-4u.com/mwev/?EDK8bDR=fRnCKhUrMCsINhKSEJ00SnwJClpGmde6QLCdonPH4+C+ymFGyBrwuHjsYcSXUmVI/fDrkcVg&BZ=E2M4oNWx_Ln http://www.9linefarms.com/mwev/?EDK8bDR=IjrmxmCQQngtXgE+DfjHEVuIkvJ5tkiLJEgsa0CnjrXivTO01eRXbjBJ5bSESAMJcdRVK1b8&BZ=E2M4oNWx_Ln http://www.scion-go-getter.com/mwev/?EDK8bDR=Y+Hyy1N5D5MxwHpLzGerXtl/+e9k+2VYdp+JCOaNjGnZwwqutoqB71RoDgAXCJ7sEd8Lkw64&BZ=E2M4oNWx_Ln - rule_id: 7365 http://www.scion-go-getter.com/mwev/?EDK8bDR=Y+Hyy1N5D5MxwHpLzGerXtl/+e9k+2VYdp+JCOaNjGnZwwqutoqB71RoDgAXCJ7sEd8Lkw64&BZ=E2M4oNWx_Ln http://www.thegurusigavebirthto.com/mwev/?EDK8bDR=6Sc3LlBJxZZC4+mEboPE99cD6wuRe5iQ+Pzmr10Fl76FDXQrWG9i3gEbb3AnXvsJeMTBS4sp&BZ=E2M4oNWx_Ln - rule_id: 6986 http://www.thegurusigavebirthto.com/mwev/?EDK8bDR=6Sc3LlBJxZZC4+mEboPE99cD6wuRe5iQ+Pzmr10Fl76FDXQrWG9i3gEbb3AnXvsJeMTBS4sp&BZ=E2M4oNWx_Ln http://www.recbi56ni.com/mwev/?EDK8bDR=37LaxqPx4dRJgntBfpfjAqJd/Q4WaiTc/uUmetkq2PeO5XcZr3uM1g2Xyz18XUSrQIrn/awF&BZ=E2M4oNWx_Ln	15 Info www.recbi56ni.com(63.250.42.132) www.scion-go-getter.com(35.209.150.94) www.bestinvest-4u.com(172.67.141.192) www.squareleatherbox.net(185.225.17.147) www.carthy.foundation(209.17.116.163) www.9linefarms.com(34.102.136.180) www.pharmacylinked.com(34.102.136.180) www.thegurusigavebirthto.com(192.0.78.24) 209.17.116.163 - mailcious 35.209.150.94 34.102.136.180 - mailcious 63.250.42.132 192.0.78.24 - mailcious 172.67.141.192 185.225.17.147	1	2	10.4	34	ZeroCERT

38625	2021-11-18 14:16	5.exe 5947013e88bba4a0f8857d4d07e7ede4 Generic Malware Themida Packer Malicious Library UPX Antivirus Create Service DGA Socket Steal credential DNS Internet API Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot Http API P2P AntiDebug AntiVM PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare powershell.exe wrote suspicious process AppData folder VMware anti-virtualization installed browsers check Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed		1			12.4	25	ZeroCERT