Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	VT	Player
38671	2021-11-18 08:27	TSO_011020_10063863221.exe ee997c35fca1094cf6ca6ca00e410f78 RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4	14.6	32	ZeroCERT

38672	2021-11-18 08:26	9370_1636985686_7616.exe 0198c5a612317a06f11abbe95294408e RAT Generic Malware PE File PE32 .NET EXE Browser Info Stealer VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Check virtual network interfaces Tofsee Windows Browser ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	3	1	6.4	45	ZeroCERT

38673	2021-11-18 08:24	Systemltd.exe 84ee3ad9ae07bf078a255ebf59a216a6 RAT Generic Malware UPX PE File PE32 .NET EXE VirusTotal Malware PDB Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee ComputerName	1 Keyword trend analysis	2	1	4.0	18	ZeroCERT

38674	2021-11-18 08:24	2690_1636884579_4822.exe 42bef8c160d0b00cb4c26f713b7e9d3f RAT PWS .NET framework Generic Malware UPX PE File OS Processor Check PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1		6.2	46	ZeroCERT

38675	2021-11-18 08:22	office.exe b99700a45b29cd93558629b868d1f0c1 Antivirus Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware AutoRuns Windows DNS		1		4.8	57	ZeroCERT

38676	2021-11-18 08:22	3759_1636974578_2316.exe 19903b209d0d98a0634428da1d7ecec2 Themida Packer UPX PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Checks Bios Collect installed applications Detects VMWare VMware anti-virtualization installed browsers check Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed		1		9.2	50	ZeroCERT

38677	2021-11-18 08:20	OOOOR.exe c30a7fcacc84c6ac819b5ce309463ab2 Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	10.2	17	ZeroCERT

38678	2021-11-18 08:20	vbc.exe 803403abfa57194087a7f744cfc4ab3c Generic Malware Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself				1.8	27	ZeroCERT

38679	2021-11-18 08:18	favor.exe f6ebb41c891b00b673f9649c5ceef393 RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	1 Keyword trend analysis	3	1	8.2	39	ZeroCERT

38680	2021-11-18 08:18	vbc.exe 345eb590bada4bd9f84e64e160f80e65 Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself DNS		1		2.8	44	ZeroCERT

38681	2021-11-18 08:16	famzx.exe 8c5350abb9e91109f0801109653bdaed RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	3 Keyword trend analysis Info http://www.eehhaaacharity.com/fa83/?5j=IEDtVLP3cLJNsNqE5VWnTen1Zo9DEH1N54cuGDJ/6+HvKVKnCXCPiBfsAPcuzAx65fzpOBZB&vTaDF=LJBPmDW http://www.mnloghomerental.com/fa83/?5j=xK9i3x4nATu42+iXrQhCWUWUQuNhMQ32KRqfhRtn9xfUrA0lC57VG2bJeyXd9xn532VhjACn&vTaDF=LJBPmDW http://www.realtywithsandy.com/fa83/?5j=Ce3eMsxgcM93RS1fWhf/HSKvFJMRRIlenMqFkF0dLnZRnzKI05YMOSqxOcqNUuuKuFI4fFaL&vTaDF=LJBPmDW	6	1	8.4	44	ZeroCERT

38682	2021-11-18 08:16	wong.exe 18bd8df74057cf4fa99265699c15985f PWS Loki[b] Loki.m RAT .NET framework Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName DNS Software		1		12.8	33	ZeroCERT

38683	2021-11-18 08:14	vbc.exe 50f958ff8031633301e940aefc306b19 RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	1		12.4	29	ZeroCERT

38684	2021-11-18 08:14	setup.exe 682d741260d7a77643182eb40000ca92 Generic Malware Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE File PE32 DLL OS Processor Check AutoRuns Check memory Creates executable files Windows utilities suspicious process AppData folder Windows DNS		1		3.6		ZeroCERT

38685	2021-11-18 08:11	data_02.exe 727e77069ab3d1fdd2c308b05ac86560 Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName DNS Software		1		10.4	29	ZeroCERT