Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
41251	2021-09-23 09:03	vbc.exe 4ebffc7b677cfa458f6833bc8e0341de Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.2	M	50	ZeroCERT

41252	2021-09-23 09:02	sy.exe 0775f63b4f86792829cc25569c911e00 PWS .NET framework NPKI email stealer Generic Malware DNS Socket Escalate priviledges KeyLogger Code injection Downloader persistence AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer VirusTotal Email Client Info Stealer Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS DDNS crashed		2	1		11.8	M	23	ZeroCERT

41253	2021-09-23 09:01	vbc.exe e50df54836bd38c86239e7f49917cb1c Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself RCE					2.4	M	49	ZeroCERT

41254	2021-09-23 09:00	mbx.exe cc5c9c131a1a28796e6a0ed1ef1914bd PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName crashed					11.2	M	41	ZeroCERT

41255	2021-09-23 08:59	ob.exe 190cf20ace9aa9cc41db31be3405b0d8 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName crashed					11.0	M	36	ZeroCERT

41256	2021-09-23 08:57	toolspab2.exe b17b3e448ea6c4904e9bb92ffb544d5e Malicious Library AntiDebug AntiVM PE File OS Processor Check PE32 Malware PDB Code Injection Checks debugger buffers extracted unpack itself RCE					6.6	M		ZeroCERT

41257	2021-09-23 08:56	atlaszx.exe 88bb493f91d20d39a8bb13cb98a9a037 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed					8.8	M	22	ZeroCERT

41258	2021-09-23 08:56	font.exe 1a1a9b3969abcd2fccd2c6ce20be68ac UPX Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File PE32 Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName crashed	3 Keyword trend analysis Info https://onedrive.live.com/download?cid=D6676A9A61E841F3&resid=D6676A9A61E841F3%21162&authkey=AMb87N8cpiL5Row https://l5d8cg.sn.files.1drv.com/y4mSaZorKK315vRgsptEjrE3dujWZAYwafYy5QfcxhDMYKUARl2P1AaRVHkC7bpYLAeCofg0BpF-hZo0NS8QQuKSaxtGGDeYJ2QeY8XK3UXreyrUiCrRn-pp0TG92R9pP_auhrwHMaCPd3annbupWRS5EYSkqm43DXzy7hjTTBioJNI0IwGLRtu_I4LxqbWySFu6Jzae_of3ByR2HlupF8eGA/Kkjczlmayclzjlniqyuemyubilsdhtk?download&psid=1 https://l5d8cg.sn.files.1drv.com/y4mobOpIGv1zX3LZgl4BW4c7yypfbd6VNAB3mY0umB_hqc-waN_bjRhzLk9qNv1Pj2e4Rhaf6q1ShL7TQTR2VVx1wJcKjavOenYJfZKrBUCXm3uBw32FaJdqCJ-xSCpQtzqgkPLyZkjIC9Ipl6k6mEukG8tF6RpDG17yNyL25zlEAGPKU7y2qezciuiwfyKqkduA-B_so1mTS61Tq2XTZhu7w/Kkjczlmayclzjlniqyuemyubilsdhtk?download&psid=1	6	1		11.0	M	21	ZeroCERT

41259	2021-09-23 08:54	vbc.exe f7896603ae14a91903ac46e5f31b182f Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself					2.6		48	ZeroCERT

41260	2021-09-23 08:53	test.exe cff6445670f4e1072714bf605a89986b RAT Generic Malware PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI ICMP traffic unpack itself Windows utilities Check virtual network interfaces suspicious process IP Check Tofsee Windows ComputerName DNS DDNS	1 Keyword trend analysis	5	6		8.2		32	ZeroCERT

41261	2021-09-23 08:52	fdsf.wbk 46502e94750a8fbfb089c90229998f3f Lokibot RTF File doc AntiDebug AntiVM LokiBot Malware download VirusTotal Malware c&c MachineGuid Malicious Traffic Check memory exploit crash unpack itself Windows Exploit DNS crashed Downloader	2 Keyword trend analysis	3	13 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE LokiBot Fake 404 Response	1	5.0	M	18	ZeroCERT

41262	2021-09-23 08:51	vbc.exe c91355d03f807047498dd7ff18824f41 NSIS Malicious Library PE File PE32 DLL VirusTotal Malware Buffer PE suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder human activity check Windows ComputerName		2			7.8		26	ZeroCERT

41263	2021-09-23 08:49	cyto.dotm 42d3a33135b372220211d217a62ffe95 VBA_macro Antivirus Word 2007 file format(docx) VirusTotal Malware AutoRuns Creates executable files unpack itself Windows					2.8		15	ZeroCERT

41264	2021-09-23 08:47	valman.exe e39c6db1274a46576cfb2cc4db22423e PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					12.8		36	ZeroCERT

41265	2021-09-23 08:47	vbc.exe c5b8eff1e9f73c6c365876188326f2e4 RAT PWS .NET framework Generic Malware UPX Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1	1	12.0	M	20	ZeroCERT