Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
41416	2021-09-18 20:00	123123.exe c25eeafa69c9b7e5cda2199ab1c5ace1 RAT PWS .NET framework Gen2 Generic Malware Malicious Packer Malicious Library PE64 PE File OS Processor Check .NET EXE PNG Format DLL VirusTotal Malware PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Windows ComputerName	2 Keyword trend analysis	4	2		7.6	M	21	ZeroCERT

41417	2021-09-18 20:00	askinstall45.exe da5b97bff4bdc3047c4feb274c785228 Gen2 Trojan_PWS_Stealer Emotet RAT NPKI Credential User Data Generic Malware Malicious Packer Malicious Library SQLite Cookie Admin Tool (Sysinternals etc ...) Anti_VM ASPack UPX Antivirus PE File OS Processor Check PE32 ELF PNG Format PE64 DLL MSOffice Browser Info Stealer VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Checks debugger WMI Creates executable files ICMP traffic exploit crash unpack itself Windows utilities suspicious process AppData folder WriteConsoleW installed browsers check Tofsee Ransomware Windows Exploit Browser ComputerName RCE crashed	4 Keyword trend analysis	8	1	2	12.4	M	46	ZeroCERT

41418	2021-09-18 19:56	update.exe c6778b548001d1226e25be15a0121432 RAT PWS .NET framework Generic Malware PE File .NET EXE PE32 VirusTotal Malware Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check	1 Keyword trend analysis	2	1		3.4	M	17	ZeroCERT

41419	2021-09-18 19:54	file.exe c226c5dc2b63899b8851aca8c932cc80 Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself					2.4	M	34	ZeroCERT

41420	2021-09-18 19:53	bobbyzx.exe 0549c9978e7b208ce66191ae9618576b PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed					9.0		33	ZeroCERT

41421	2021-09-18 19:53	CurrenyCalculatorInstaller.exe 47a6177d085d921f354fa5081ec7fd1d Themida Packer Generic Malware Malicious Library Anti_VM Antivirus DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File P Browser Info Stealer FTP Client Info Stealer VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare powershell.exe wrote Check virtual network interfaces suspicious process AppData folder VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed	1 Keyword trend analysis	5	1		14.2		27	ZeroCERT

41422	2021-09-18 19:52	askinstall59.exe 5eb27790b04148fabb21f09904a21ff1 Gen2 Trojan_PWS_Stealer Emotet RAT NPKI Credential User Data Generic Malware Malicious Packer Malicious Library SQLite Cookie Admin Tool (Sysinternals etc ...) Anti_VM ASPack UPX Antivirus PE File OS Processor Check PE32 ELF PNG Format PE64 DLL MSOffice Browser Info Stealer VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Checks debugger WMI Creates executable files ICMP traffic exploit crash unpack itself Windows utilities suspicious process AppData folder WriteConsoleW installed browsers check Tofsee Ransomware Windows Exploit Browser ComputerName RCE crashed	4 Keyword trend analysis	8	1	2	12.4	M	46	ZeroCERT

41423	2021-09-18 19:52	PBrowFile49.exe e54f5c8fcefa6b197658e8c9055b96a7 RAT Generic Malware Antivirus Anti_VM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces AppData folder VMware anti-virtualization installed browsers check Tofsee Ransomware Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed	11 Keyword trend analysis Info https://dependstar.bar/?username=p9_1 https://dependstar.bar/?username=p9_2 https://dependstar.bar/?username=p9_3 https://dependstar.bar/?username=p9_4 https://dependstar.bar/?username=p9_5 https://dependstar.bar/?username=p9_6 https://dependstar.bar/?username=p9_7 https://iplogger.org/1bsZq7 https://api.ip.sb/geoip https://one-globe-online.bar/api.php https://iplogger.org/1DAit7	10	1		14.2		36	ZeroCERT

41424	2021-09-18 19:51	asadzx.exe 4cf22ea879cba79ef086de06409cb254 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed					8.8	M	23	ZeroCERT

41425	2021-09-18 19:47	Update.exe2.rar 093f098e70cc57a17d02323cbe6cd484 Generic Malware Malicious Packer PE File PE32 VirusTotal Malware suspicious privilege unpack itself suspicious process sandbox evasion WriteConsoleW shadowcopy delete Ransom Message Ransomware Windows crashed					6.6	M	41	ZeroCERT

41426	2021-09-18 19:43	diagram-308.doc 1af9caa901bb14e513e6863e1d201f61 VBA_macro Generic Malware MSOffice File unpack itself					1.2			guest

41427	2021-09-18 19:43	diagram-303.doc 9848d167cd2ad39d503a07b4fbd5bc80 VBA_macro Generic Malware MSOffice File VirusTotal Malware RWX flags setting unpack itself					2.4		23	guest

41428	2021-09-18 19:35	EU-Business-Register.pdf b5e898bb90fb4838103c42958d3824dd PDF VirusTotal Malware Windows utilities Windows	5 Keyword trend analysis Info http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip				1.8		1	ZeroCERT

41429	2021-09-17 11:50	vbc.exe d55b6609eed1ae9711bafb8959297660 Lokibot PWS Loki[b] Loki.m RAT .NET framework Generic Malware DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2	1	12.2	M		ZeroCERT

41430	2021-09-17 11:15	diagram-125.doc 7bfc3adf08b35a9f9316a2ede16bb297 VBA_macro Generic Malware MSOffice File RWX flags setting unpack itself					1.6			guest