Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
41491	2021-09-16 09:00	vbc.exe 495f38b437ff5fc9f49d2d77842fe53b Lokibot PWS Loki[b] Loki.m Generic Malware DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.0	M	24	ZeroCERT

41492	2021-09-16 08:58	enquiry_6307300022png.exe e552183d16e0d6629c88a4a163d266fc RAT Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI RWX flags setting unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName crashed					11.2		23	ZeroCERT

41493	2021-09-16 08:57	3r.jpeg 3eb3bb1d54b8be3ca1c573e82c5ae51e								ZeroCERT

41494	2021-09-15 18:55	vbc.exe 4c658db84a58ce7ec0c2f2eb9f14c97c RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) DNS AntiDebug AntiVM PE File .NET EXE PE32 GIF Format Malware download Nanocore VirusTotal Malware c&c Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces AppData folder human activity check Tofsee Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	5	2		14.2		27	ZeroCERT

41495	2021-09-15 18:17	sorptions.exe f8146a71dedc3eeeaa1624d6832c39a4 RAT Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName	18 Keyword trend analysis Info http://www.colourfulcollective.travel/vuja/?tFQh=NeXfqbQBn00G7cicH7UB6xXl0LHypMJrE00CST2UIZFtAwAwj0eoKNg/2XDqkkXBp6wnS3m8&CTvX=cvUlPjex http://www.fizzandfun.com/vuja/ http://www.6144prestoncircle.com/vuja/ http://www.dressmids.com/vuja/?tFQh=mgzvXufa+90TG6R5SOMfQOc1unGQJGuCHGeN9AMDomfxeIRgjda1q2PXtdJf4iXUkYYT1jt2&CTvX=cvUlPjex http://www.casualwearus.com/vuja/ http://www.mckinleyacreage.com/vuja/?tFQh=9G9Onih7skeaW/ZE8vE8lBBj0mn4hV1hY34vlaK/oE7qJOC24/89nTu+owKUtYPkoEk7FLz3&CTvX=cvUlPjex http://www.seifenliebe.info/vuja/ http://www.seifenliebe.info/vuja/?tFQh=j4rn8y5wLXnljnCO2PBw1xYGB35MNQ6urzEBF/7gq/0pELoaCLD5ksrZvEnQjTzQa0aOSEeG&CTvX=cvUlPjex http://www.reebootwithjoe.com/vuja/ http://www.mckinleyacreage.com/vuja/ http://www.colourfulcollective.travel/vuja/ http://www.fizzandfun.com/vuja/?tFQh=JqmZ/5yCnXgdAKqAW7o9T7IOlu7elTN3lBWcIOIjYuG4cvTF7FtaFO6S8AL7YL3P1d1sQBYN&CTvX=cvUlPjex http://www.casualwearus.com/vuja/?tFQh=mxtan7FRl9X+yS8KhP5hSONLXvZcIEMjVDlTSbR1irRPqNRN5pncm/+YsSOpAWjjS5/QmgyI&CTvX=cvUlPjex http://www.thecoastalhomeshop.com/vuja/?tFQh=o7u44W4wSqglJiH0Hkz0GJyhxbwgX4vbxtomYdD15gH9DWV+e7d8xHWMnkdr1XCW9VT4lnMk&CTvX=cvUlPjex http://www.thecoastalhomeshop.com/vuja/ http://www.6144prestoncircle.com/vuja/?tFQh=cexc7msAl8Bekj82ch8DlEtwlrb7vERlnZPJr7vypF80BFBf38xl7xfBBBPuZzAzf5LM2Vgt&CTvX=cvUlPjex http://www.dressmids.com/vuja/ http://www.reebootwithjoe.com/vuja/?tFQh=Twl0vVhxCYX+WwcUMjdhaSOjZMxHdKOvh7b++vC075l05tLtCmhhCzBeyMPLUujHWAZb+Igo&CTvX=cvUlPjex	17 Info www.mckinleyacreage.com(99.83.154.118) www.6144prestoncircle.com(34.98.99.30) www.dressmids.com(34.98.99.30) www.colourfulcollective.travel(122.201.127.227) www.goodgrrrldesign.com() www.thecoastalhomeshop.com(198.54.117.218) www.fizzandfun.com(99.83.154.118) www.reebootwithjoe.com(34.98.99.30) www.seifenliebe.info(81.169.145.160) www.casualwearus.com(72.52.179.175) www.racanelliestimating.com() 122.201.127.227 81.169.145.160 - mailcious 198.54.117.215 - mailcious 99.83.154.118 - mailcious 34.98.99.30 - phishing 72.52.179.175 - mailcious	1		10.6		20	ZeroCERT

41496	2021-09-15 18:15	setup.exe 498d616eef919be56eb9760a0d749500 Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself RCE					2.0		28	ZeroCERT

41497	2021-09-15 18:14	svch.exe ddc1e4f7216d422e2534c4cbc2ff34d5 RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) Antivirus AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key Downloader	2 Keyword trend analysis	5	5 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		10.0		25	ZeroCERT

41498	2021-09-15 18:13	phorm.exe 400fc2e410b02fb12db7634c8221f51c Worm Phorpiex Malicious Library PE File PE32 VirusTotal Malware AutoRuns PDB Windows					3.0		34	ZeroCERT

41499	2021-09-15 16:01	loadetc.exe 2bd18b0ce7aa8dfaee0e922090aae138 Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File PE32 Malware download VirusTotal Malware AutoRuns PDB Code Injection Malicious Traffic Check memory Creates executable files Windows utilities suspicious process WriteConsoleW Windows DNS Downloader	1 Keyword trend analysis	1	5 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 25 ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	1	7.8	M	38	r0d

41500	2021-09-15 13:56	12332123331.exe f6b0a679d3821681191512265666d981 RAT PWS .NET framework Generic Malware Malicious Packer UPX Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiV VirusTotal Malware Code Injection Check memory AppData folder WriteConsoleW Tofsee ComputerName DNS		3	2		6.6		34	ZeroCERT

41501	2021-09-15 13:50	test3.exe fa0c8c44a1586d075fe128e07844ef1d RAT PWS .NET framework Generic Malware Malicious Packer UPX Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiV VirusTotal Malware Code Injection AppData folder WriteConsoleW Tofsee ComputerName DNS		3	2		5.8	M	32	ZeroCERT

41502	2021-09-15 13:47	ec.exe 4ab2935ce1e3b2e7032cc505f0850809 Malicious Library UPX AntiDebug AntiVM PE64 PE File VirusTotal Malware Code Injection Creates executable files Windows utilities suspicious process WriteConsoleW Windows					5.2	M	40	ZeroCERT

41503	2021-09-15 12:37	Virtual private network.js f1680aa55c88220bcf83e24d89628cc9 VirusTotal Malware ComputerName					1.0		25	ZeroCERT

41504	2021-09-15 12:32	Запит на цитату.exe 1192da6bbe33fcfbf4c537c96b7856dd RAT PWS .NET framework Generic Malware PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Check memory Checks debugger buffers extracted unpack itself ComputerName					3.8		25	ZeroCERT

41505	2021-09-15 12:29	REF-ORDER NO PO# 65081740.exe 64e08b4b275565cef9b49ea597d410de RAT PWS .NET framework Generic Malware DNS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS crashed		2	1		13.6		20	ZeroCERT