Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
41296	2021-09-22 22:27	navitas_employee_survey.hta 537363b3738a8e0726ae15e6bc4fc314 VirusTotal Malware Check memory unpack itself	2 Keyword trend analysis	2			1.8	M	25	ZeroCERT

41297	2021-09-22 22:25	rsoft.exe 31ce4f326c616ad189f2b03bdee1e20d PE File PE32 VirusTotal Malware MachineGuid Malicious Traffic buffers extracted unpack itself Checks Bios Detects VirtualBox Detects VMWare VMware anti-virtualization Tofsee Windows Firmware DNS crashed	2 Keyword trend analysis	3	1		8.8	M	31	ZeroCERT

41298	2021-09-22 22:25	hussanzx.exe 88f75a26375befa941b2b57d7e302c32 PWS Loki[b] Loki.m RAT .NET framework Generic Malware DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	1	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	1	16.8	M	27	ZeroCERT

41299	2021-09-22 22:23	lv.exe b8ce3bfde204d00436c9af5d970a8d9b Gen1 Gen2 Themida Packer Generic Malware Malicious Library Anti_VM Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloade VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities AppData folder malicious URLs Windows crashed		1			6.0	M	35	ZeroCERT

41300	2021-09-22 22:23	vbc.exe 1b4d9985eae2737b8cc344aef840ec85 RAT PWS .NET framework Generic Malware UPX Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1	1	12.2	M	39	ZeroCERT

41301	2021-09-22 22:21	5.exe 5c03d52d98f6c01ea66e09f5993aebc2 RAT Generic Malware PE File .NET EXE PE32 PE64 OS Processor Check PNG Format Browser Info Stealer FTP Client Info Stealer VirusTotal Malware AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	7	4		15.6	M	35	ZeroCERT

41302	2021-09-22 22:20	8.exe 54e127a42f86ce2577e926a8c178bcca Generic Malware Themida Packer Anti_VM Malicious Library PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware Cryptographic key Software crashed	1 Keyword trend analysis	4	1		11.2	M	42	ZeroCERT

41303	2021-09-22 22:18	download2.php 6e96da1afcb4f380b8a198f096ab70ab VirusTotal Malware					1.0	M	30	ZeroCERT

41304	2021-09-22 22:18	8d6d7.exe cb9a037aaff7548550a2923c73d6b612 Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself					1.8	M	28	ZeroCERT

41305	2021-09-22 22:16	vbc.exe 415ec37f083919417aefd51bdfaa3831 UPX PE File PE32 VirusTotal Malware RCE					1.0	M	22	ZeroCERT

41306	2021-09-22 22:16	vbc.exe a96ab325cb199f7130a1496e377cdb58 Loki PWS Loki[b] Loki.m RAT .NET framework Generic Malware DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	12.8	M	18	ZeroCERT

41307	2021-09-22 22:14	vbc.exe 6e1476a40e4f1b65294f5ff5df9f99d7 RAT PWS .NET framework Generic Malware UPX AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself ComputerName	9 Keyword trend analysis Info http://www.consultantadvisors.com/euzn/?rN=gRHJwkU0eGhkrjVDfSU/OcJ7ShdCgW1BIV9SGNo0IH8WD3pEe1P+1VlpG5HE84G3l7hPUiuE&QZ3=ehux_83h40wLUZ http://www.surgeryforfdf.xyz/euzn/?rN=EpmAK0+2jFjtJaupBxY+iB/KODjASHlZTS8e2g9nhppabl0rCueEyWWeiGQCdQi64S5ePb9R&QZ3=ehux_83h40wLUZ http://www.aarohaninsight2021.com/euzn/?rN=tpA7Te0+nUnr1HOdOE+qFfTw2tLsCF2jUICbjpBBjxiTG/nmy3xWknIfEwtJw7ngaXTuFt3z&QZ3=ehux_83h40wLUZ http://www.arceprojects.com/euzn/?rN=YRXSBiSDQSCZhMMUR8bbHnyPN+rRNpjXZ/H6tz5eiGlkZ6MPFWs4UspiD2SvKhVY+KpYofGz&QZ3=ehux_83h40wLUZ http://www.livinwoodbridgefarms.com/euzn/?rN=moGIXacKCgTTAUe57kuPTI/aejLamE7P/iO2yXFvg6HSbU/5IHVbCLXK6r5ijAwS3zDQ8LAv&QZ3=ehux_83h40wLUZ http://www.anodynemedicalmassage.com/euzn/?rN=u178RPbG1CayFbOZYSAKyFLEc68kuAf3hA3vqsrS6PkpQJLqVCaolBE1fK47wZ3OtkH0Cafm&QZ3=ehux_83h40wLUZ http://www.pentesting-consulting.com/euzn/?rN=Qkk4EtUIbRe7bUc/kBPF3RhrTSrWSL+/l9z4M1f2eH5+z4sB/j6f5r71EEPNJmBkaLw9uaX1&QZ3=ehux_83h40wLUZ http://www.gofieldtest.com/euzn/?rN=IS9oJtnRB1khRNdbFj5DXdDtV4ltZM5ZCnM5/Nps8K1Le4Ve5neGTV6oufa6y97bH+uIf5+D&QZ3=ehux_83h40wLUZ http://www.sonimultispecialityclinic.com/euzn/?rN=sr5ufTzlwk8+d8O1oqUtSftrTl6NpBKEzurAJnMywP0ySu86WmQ5xv7EGBVjyp8+xZq3jniF&QZ3=ehux_83h40wLUZ	19 Info www.pentesting-consulting.com(198.54.117.211) www.arceprojects.com(217.160.0.187) www.consultantadvisors.com(50.87.248.44) www.livinwoodbridgefarms.com(184.168.131.241) www.gofieldtest.com(142.250.199.115) www.anodynemedicalmassage.com(199.59.242.153) www.surgeryforfdf.xyz(198.54.117.218) www.isystemslanka.com() www.aarohaninsight2021.com(99.86.207.13) www.sonimultispecialityclinic.com(208.91.197.91) 50.87.248.44 - mailcious 217.160.0.187 - mailcious 184.168.131.241 - mailcious 198.54.117.210 - mailcious 198.54.117.212 - mailcious 199.59.242.153 - mailcious 99.86.207.65 142.250.204.83 208.91.197.91 - mailcious	2		8.6	M	17	ZeroCERT

41308	2021-09-22 22:14	yes.exe e3cbb2e3f1de0e9161429b42fcb12e59 Generic Malware Anti_VM PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Checks Bios Detects VMWare VMware anti-virtualization Windows Firmware DNS Cryptographic key crashed		1			7.6	M	19	ZeroCERT

41309	2021-09-22 22:13	me.exe 079627807595b290ff96d0d78f981055 Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself suspicious TLD DNS	16 Keyword trend analysis Info http://www.theklownz.com/n092/?KjUdv2=xZ6zTG1yfWAp1S2A4OgDrOSOP6aEPheXUTMWd2UF/Jx25s5YP8n7TsdqoIzOhHQP9VHsfIVj&lzul=z8oHn2ihgL http://www.hoshibanamogurablog.com/n092/?KjUdv2=tCH+IOi2Up8kweraIwYX/Hc3cvgnI173LdgscwSYShgUiRrZl7G6IwOGnLUFyHF2za2hZ3PV&lzul=z8oHn2ihgL http://www.paraflexwork.com/n092/?KjUdv2=MqLgVgGqfes2elbeOlwDwHPLn2aU31mvDuD5RLowlV4LKA8fR2x9yHu0mSJdI8KTdqNqHPJ7&lzul=z8oHn2ihgL http://www.azrock-express.com/n092/?KjUdv2=6VGFGxLAhWflDACrW1tjo3PuomEtVGIOek9mGbZZ1PhiOx3WUVraJy+ucXchxKapmEKjNvsD&lzul=z8oHn2ihgL http://www.highclassescorts.xyz/n092/ http://www.highclassescorts.xyz/n092/?KjUdv2=11C6opxYdenm4+LOW2rfkO+/DICHpdbPnaEmKVE8hnbELmTxLkPZX5P6Fg1264EmYUePHdji&lzul=z8oHn2ihgL http://www.hoshibanamogurablog.com/n092/ http://www.hivizpeople.com/n092/ http://www.arssaf.com/n092/ http://www.hivizpeople.com/n092/?KjUdv2=uaY0THpqv5ZUDi4Svnm06lpodfUxh6yq2Ukbc245yKA9WepW8xtBasK/cm7V+/dOV3B20yCG&lzul=z8oHn2ihgL http://www.theklownz.com/n092/ http://www.arssaf.com/n092/?KjUdv2=hKNhAfHVZZWwyDRcjphuVsdU/RdzYJu2V8VFy+XS+c7IxZI0SD3i+YwExSbpjKPidxarQtMx&lzul=z8oHn2ihgL http://www.azrock-express.com/n092/ http://www.paraflexwork.com/n092/ http://www.tanzibkarate.quest/n092/ http://www.tanzibkarate.quest/n092/?KjUdv2=mM5Ml+T6RzjtHa1ctXPWFZx/OlR+qTO/DcYgr0w797fzZ94DEcy52GQaH8JrHCfhd5GgPpkF&lzul=z8oHn2ihgL	18 Info www.tanzibkarate.quest(37.123.118.150) www.hoshibanamogurablog.com(118.27.122.217) www.theklownz.com(182.50.132.242) www.hivizpeople.com(208.91.197.27) www.azrock-express.com(2.57.90.16) www.paraflexwork.com(118.27.122.218) www.arssaf.com(198.54.126.239) www.highclassescorts.xyz(172.67.196.58) www.awbnmnmammmamnre.top(35.205.61.67) 172.67.196.58 2.57.90.16 - mailcious 37.123.118.150 35.205.61.67 - mailcious 208.91.197.27 - mailcious 118.27.122.217 182.50.132.242 - mailcious 198.54.126.239 - malware 118.27.122.218	3		9.0	M	33	ZeroCERT

41310	2021-09-22 22:11	952392868.exe e7c0b56dd1a23c604dfef02fde250715 Malicious Library AntiDebug AntiVM PE File PE32 VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Checks debugger buffers extracted unpack itself Windows DNS keylogger		1	1		12.6	M	47	ZeroCERT