Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
40036	2021-10-28 11:35	163.exe 9a7146fc6a650f4e344aa8102c5986e2 RAT NPKI Generic Malware Malicious Packer VMProtect Malicious Library AntiDebug AntiVM PE File PE32 .NET EXE PE64 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	8	1	1	13.4	M	23	ZeroCERT

40037	2021-10-28 11:32	10-20-2021.PDF.jar 668e3c7807e42329a01a3c85ccb17504 VirusTotal Malware Check memory Checks debugger RWX flags setting unpack itself Check virtual network interfaces WriteConsoleW DNS crashed		1			3.4		20	ZeroCERT

40038	2021-10-28 11:30	vbc.exe 585025734e3c4fed80865d8eedf61647 Loki NSIS Malicious Library UPX PE File PE32 DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	2 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .ml Domain ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious .ml Domain ET INFO HTTP Request to a .ml domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	10.6		32	ZeroCERT

40039	2021-10-28 11:29	JWMtirXqFC.png 345eadc8b1f5d0b373b531902c06572e Malicious Library PE File PE32 DLL VirusTotal Malware unpack itself Windows crashed					2.2		15	ZeroCERT

40040	2021-10-28 11:26	162.exe 33647b416fb2e49f3a8a57fd7b19c287 RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1		7.0		28	ZeroCERT

40041	2021-10-28 11:24	qYznSw.png e53a16bea7918b1f7d4c0e659febc766 Malicious Library PE File PE32 DLL VirusTotal Malware unpack itself Windows crashed					2.2		14	ZeroCERT

40042	2021-10-28 11:24	po7cv1bb.tar 2c9bae00aa5f17d0b9cfd75fcf7e05b7 Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware PDB unpack itself crashed					1.4		15	ZeroCERT

40043	2021-10-28 11:22	new3.exe 0edc34831b45eded59bd2aeef85aa41b NSIS Malicious Library UPX PE File PE32 DLL FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder	15 Keyword trend analysis Info http://www.quizzesandcode.com/m5cw/?wR=ihr0j2gJcf5+EnssovkeYdomuhElEpGhMd2EDjmD8mK1WsJRn6CTnedoQTxVtgJe3r3SQDqs&SP=7nET_brp http://www.guard-usa.com/m5cw/?wR=W73qM1GHULF8N/ig74ZikXkwbq16m3e8KQqaSXAfVdrVInQdtPtI+x1PgF1aUoBvLo57swev&SP=7nET_brp http://www.x-play.club/m5cw/?wR=+5n4GXfN5kucnctwDd7o4LwiywL9i92sj/7/U6L90vnUXrk0BvUQbEK1TGqiLBk0IgwSjrwK&SP=7nET_brp http://www.jxypc.com/m5cw/?wR=oQ1T3JE0v5RBAF9MgIcnsk7ow6YXDyhYpLF2uhM5FAQrijQnGbVa2Yog1wbUE/g3OWV//0X0&SP=7nET_brp http://www.organic-outlaws.com/m5cw/?wR=m7Hi4aQ8EskjNlQYwLxIUbsM5u/saFFhIXhhNOkCWarPyjxdFOinRaUJjkgTN80ibU+86UM5&SP=7nET_brp http://www.nrnmuhendislik.com/m5cw/?wR=22FspJgoj0RspL2iXWhc41TdvXmKPe7/i7GG6oV36rS/vvrv2f3GgjczQdaLoxMiRkHsz+Zi&SP=7nET_brp http://www.the22yards.club/m5cw/?wR=emMSuu7GUcaDa4Oo/eoU+baJRAHOsrVhqwxc30o52Oy/Uh4TjPMUhzrdSct0qi37V/+TpRYI&SP=7nET_brp - rule_id: 6964 http://www.the22yards.club/m5cw/?wR=emMSuu7GUcaDa4Oo/eoU+baJRAHOsrVhqwxc30o52Oy/Uh4TjPMUhzrdSct0qi37V/+TpRYI&SP=7nET_brp http://www.art-for-a-cause.com/m5cw/?wR=J8VJ8UCC0khwQJPb8jXSgpuDN+WtvXxDYaYel8rzuxdPQ32TBsL8hQV0C7xWeQV4TeCDFs/g&SP=7nET_brp - rule_id: 6957 http://www.art-for-a-cause.com/m5cw/?wR=J8VJ8UCC0khwQJPb8jXSgpuDN+WtvXxDYaYel8rzuxdPQ32TBsL8hQV0C7xWeQV4TeCDFs/g&SP=7nET_brp http://www.depofmvz.com/m5cw/?wR=5PUtoX77uXON+Lr3j3xEIiowTK+Fe9cEHqRAl5GGXP+OaYsBwcvZKJsfkwNQZ+S/N6yJcvAx&APcPAD=djItCFUXjf9X http://www.thecompacthomegym.com/m5cw/?wR=AqkecTqC76kzSd9rRfkcnDPIrRsf6SN01j5h569v4mIPfvKpifU83VUxGMWqD9OrqsLPRV3f&SP=7nET_brp http://www.france-temps-partage.net/m5cw/?wR=o2vS9Af6+KK2A0vFIrXM7G9AmZyRuJ8gJRTGojAFVv+YOp+kqirPzAFgPy9CN1BpvRLeFzQw&SP=7nET_brp http://www.stolpfabriken.com/m5cw/?wR=+iv+h8qZuTrwiDCW4fxqzWDYox0n/o/qndB48j85BzBnCisZJjFOidXP+WGQXvtJhp+9Huta&SP=7nET_brp http://www.quickloanprovidersservices.com/m5cw/?wR=0KVAUDFSLmc+WbjjYrT+Ul2ZwbMHOjfE2WAoa1F3L/xh5cuh+cehjXU538o++lkW0snrMy48&SP=7nET_brp	29 Info www.thecompacthomegym.com(104.237.144.228) www.quizzesandcode.com(104.245.88.38) www.jxypc.com(3.223.115.185) www.stolpfabriken.com(194.9.94.86) www.france-temps-partage.net(217.70.184.50) www.horilka.store() www.organic-outlaws.com(66.96.162.136) www.dazalogistics.com() www.aragon.store() www.guard-usa.com(206.188.193.129) www.x-play.club(185.215.4.10) www.art-for-a-cause.com(192.0.78.25) www.depofmvz.com(70.35.199.82) www.nrnmuhendislik.com(45.84.188.101) www.quickloanprovidersservices.com(103.20.212.253) www.the22yards.club(184.168.96.211) 45.84.188.101 70.35.199.82 104.237.144.228 194.9.94.86 - mailcious 217.70.184.50 - mailcious 104.245.88.38 185.215.4.10 66.96.162.136 103.20.212.253 184.168.96.211 3.223.115.185 - mailcious 192.0.78.25 - mailcious 206.188.193.129	1	2	5.8		28	ZeroCERT

40044	2021-10-28 11:22	alNtY.png ae4472036314048bcb8ed8c9c7b62446 Malicious Library PE File PE32 DLL VirusTotal Malware unpack itself Windows crashed					2.2		14	ZeroCERT

40045	2021-10-28 11:22	vbc.exe 66eaa64c0b3581cd9f183f9a1af0d33d PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed					13.2		22	ZeroCERT

40046	2021-10-28 11:20	oWCwd.png 22779bfc1d6843924f5e2875afbba259 Malicious Library PE File PE32 DLL VirusTotal Malware unpack itself Windows crashed					2.2		14	ZeroCERT

40047	2021-10-28 11:18	oKwqQ.png edadfd868f1dd7590ec7c9581eaa146d Malicious Library PE File PE32 DLL VirusTotal Malware unpack itself Windows crashed					2.2		15	ZeroCERT

40048	2021-10-28 11:17	126808361.exe 8c957f8e5cc91f649891254901d6293c PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1			6.2		28	ZeroCERT

40049	2021-10-28 11:15	vbc.exe 76a273a48d0d9e02adc29457e145f437 Loki NSIS Malicious Library UPX PE File PE32 DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .gq Domain ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious .gq domain ET INFO HTTP Request to a .gq domain ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	10.4	M	29	ZeroCERT

40050	2021-10-28 11:15	vbc.exe df330ab2a2e5aa4ac947315ee3f93992 NSIS Generic Malware Malicious Library UPX PE File PE32 DLL Emotet VirusTotal Malware Code Injection Check memory Creates executable files unpack itself AppData folder					4.2		22	ZeroCERT