Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
42211	2021-08-24 16:59	filename.exe fc316a48dadfc20ef46f52d892a9c365 Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself RCE					2.4	M	48	ZeroCERT

42212	2021-08-24 16:57	fileT.exe 29903569f45cc9979551427cc5d9fd99 RAT PWS .NET framework Generic Malware SMTP AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	3	1		11.4	M	24	ZeroCERT

42213	2021-08-24 16:57	pub1.exe 8adf73ac6b7cab5e86b1f456b0651de4 Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself RCE					2.0	M	24	ZeroCERT

42214	2021-08-24 16:55	fdthirteenzx.exe 9c819f10b05b46e5363479fd47c2ff4d PWS Loki[b] Loki.m Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName Cryptographic key Software		2			14.2	M	42	ZeroCERT

42215	2021-08-24 16:55	gazx.exe 5be66e805ea10740668331c26a4591ee PWS Loki[b] Loki.m Generic Malware DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Cryptographic key Software		2			14.4	M	38	ZeroCERT

42216	2021-08-24 16:53	tpzx.exe 1125affa1b6019121459177922270303 PWS .NET framework Gen1 Gen2 Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library Malicious Packer ASPack UPX ScreenShot Http API Steal credential AntiDebug AntiVM PE File OS Processor Check .NET EXE PE32 DLL VirusTotal Email Client Info Stealer Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder installed browsers check Tofsee Ransomware Windows Browser Email ComputerName DNS Cryptographic key	4 Keyword trend analysis	3	4		14.6	M	28	ZeroCERT

42217	2021-08-24 16:53	pl.exe 1f6e49e83b13758948915b43fb388a94 RAT Generic Malware Themida Packer PE File OS Processor Check .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1		10.8	M	36	ZeroCERT

42218	2021-08-24 16:53	toolspab2.exe eb7b5911cfc0a95a5066f39ed22aee0a Malicious Library AntiDebug AntiVM PE File PE32 VirusTotal Malware PDB Code Injection Checks debugger buffers extracted unpack itself RCE					7.0	M	28	ZeroCERT

42219	2021-08-24 16:51	dyno.exe 256876a198e1b3f8e579ab00a4615e73 UPX PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization RCE DNS DDNS crashed	1 Keyword trend analysis	4	2		5.0	M	13	ZeroCERT

42220	2021-08-24 16:50	vbc.exe 252cae0537d8c3aa42d8e69ad802b966 PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	1	5 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2	1	8.6	M	25	ZeroCERT

42221	2021-08-24 16:48	fileT2.exe 73ca4c10afa6a3f712facb40aa8254ae UPX Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					1.8	M	21	ZeroCERT

42222	2021-08-24 16:22	kbinzx.exe a365ed966a7852458e597021a10e5348 Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					10.2		20	Kim.GS

42223	2021-08-24 12:37	7213.exe b293c3038385e59e5fe7d851b53dc76b Generic Malware Themida Packer Malicious Library Anti_VM ASPack Malicious Packer PE File OS Processor Check PE32 DLL PDB Creates executable files unpack itself AppData folder					1.8			ZeroCERT

42224	2021-08-24 12:37	7215.exe aeac57103b3c82c0c09cc0521db58362 Gen2 Gen1 Themida Packer Malicious Library UPX Malicious Packer ASPack PE File OS Processor Check PE32 DLL VirusTotal Malware PDB Creates executable files unpack itself AppData folder					3.0		43	ZeroCERT

42225	2021-08-24 12:34	mine.exe abad27b663c16a7458ce9bf4e21b9989 RAT Gen2 Generic Malware Malicious Library Malicious Packer Antivirus PE File .NET EXE PE32 PE64 DLL VirusTotal Malware powershell PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process Tofsee Windows ComputerName DNS Cryptographic key Downloader	1 Keyword trend analysis	3	1		10.0	M	16	ZeroCERT