Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
42226	2021-08-24 12:34	vbc.exe 8901adddca065dc397595e7d835171e2 Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed				9.4	M	31	ZeroCERT

42227	2021-08-24 12:31	mn.exe 0bdd37b8a257b2c21b63508c9e53ac04 PE File PE32 VirusTotal Malware unpack itself				1.8	M	33	ZeroCERT

42228	2021-08-24 12:31	Mars.exe af93c6b29531289459db2cbe41a0cb1c Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself				1.8	M	28	ZeroCERT

42229	2021-08-24 12:29	5.php da06f080170b823ad617874958f2fcaf Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself RCE				2.0	M	20	ZeroCERT

42230	2021-08-24 12:29	pope.exe 36a443909fb713e12bfd996dde324f0b RAT Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows ComputerName DNS Cryptographic key		1		3.2	M	28	ZeroCERT

42231	2021-08-24 12:28	omozx.exe 76bb446dcf0629ec91c21cb40ca202d5 Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Disables Windows Security Checks Bios Detects VirtualBox powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW VMware anti-virtualization IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	6	4	21.2	M	35	ZeroCERT

42232	2021-08-24 12:27	mb.exe 5c2f7d7c59e2651c57690c5e76ebf2a7 PE File PE32 VirusTotal Malware unpack itself				1.6	M	21	ZeroCERT

42233	2021-08-24 12:18	soul3ss.exe 411ca7ba89ae45e92f9ed4663f903335 RAT PWS .NET framework Generic Malware PE File OS Processor Check .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1	8.6	M	23	ZeroCERT

42234	2021-08-24 12:05	DCRAT.exe e8317caac6568f4d37d8535a1e56ad29 RAT Generic Malware Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File OS Processor Check .NET EXE PE3 VirusTotal Malware AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName DNS crashed	2 Keyword trend analysis Info http://52.158.47.4/javascriptPollhttpLongpoll.php?gYQiHgBoraZJp0sBv=v8tc5kTrjNhfpeQ4JfvCdeMEktzeM&m3ueS5wDdqOa6yGMu53v=MQtbRvp1Luyf8lovLMUHFC&eeba483f778911903cf941b68c630bd5=c6f9f06b86c5fe1279ff41ef4bf3f710&85f5986082198b606d527e0650b5ef02=QNjhTO4Q2NiJWMjRWO1IjYwIjM5ADNzQWMiVWNxUjNxIzMmJmY3QGO&gYQiHgBoraZJp0sBv=v8tc5kTrjNhfpeQ4JfvCdeMEktzeM&m3ueS5wDdqOa6yGMu53v=MQtbRvp1Luyf8lovLMUHFC http://52.158.47.4/javascriptPollhttpLongpoll.php?gYQiHgBoraZJp0sBv=v8tc5kTrjNhfpeQ4JfvCdeMEktzeM&m3ueS5wDdqOa6yGMu53v=MQtbRvp1Luyf8lovLMUHFC&7f85f2c144b70ea263aa66e5a581cc10=AOzAjZ4cjZ1cTM2UjYyMmY4gTNjhTMyQWOlZWMmBTZlZmZlZmZzkjN0AjNycDO0EzMyIDM2ATO&85f5986082198b606d527e0650b5ef02=gZlVmYmFTOxU2N5EmMhZTZ0IDOihjY1ITY3gTO2ATOhRGOjNzY1UWN&203c937cd11a470beeb4818efaf5745a=d1nIwQTZ0YTO1EGZjZTY2QWO0YDZzMmZ2MjYjlTYzI2NhZzNldDO1IWYlJiOiEjY3IzMiJTMlRGO5Q2YwATZmZGZyMjMlBjNzQ2Y0gjYiwiI1AjZ1IzN0UDM3UWZ1gzY0IzY0UGM3IjZwYzMmVjZjRjZyE2NkhjM3IiOiMmZmRzYwEzM1cTM3UGM4ADO3EDMkVmM3gTZxkTNhNGOis3W&15c8a6031aa36409a7e96bf6d99174e8=QX9JiI6IiYzETYzMjZzUDN5AjZ3Y2YlBDNlFmZmVTOmRDZ2YzYxICLiADNlRjN5UTYkNmNhZDZ5QjNkNzYmZzMiNWOhNjY3EmN3U2N4UjYhVmI6ISMidjMzImMxUGZ4kDZjBDMlZmZkJzMyUGM2MDZjRDOiJCLiUDMmVjM3QTNwcTZlVDOjRjMjRTZwcjMmBjNzYWNmNGNmJTY3QGOycjI6IyYmZGNjBTMzUzNxcTZwgDM4cTMwQWZycDOlFTO1E2Y4Iyes0nI5oUajxGZXlVdGdFVnBzVZlHZyIWeCxWS2kUekZnUtJGckZkVEZ0aJNXSTdVavpWS1x2VitmRwMGcKNETpRzaJZTSTJGaO1WWsRWMjBnSDxUarxWS2k0UaVXOHF2d502Yqx2VUpHbtl0cJNVT3F1RiBnStlkNJlnUCJFbJNXSDRGcKVUSwkFRJ9kQDJGa1IjYw50MjxmWyIWeCZUSzEUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3UmlWRXpVe5IzUnd2RkFTOyU1ZwMUSrZ1Vh1GbykFbCNzYnF1Mi9kSp9Uaj12Y2p0QMl2aE9EeFpGTzkEVNNXSU10dVpGTz0kaJZTS5lld41WSzlUaVxkSp9Uar52YwUzVkZnTtl0cJNkYxkzVaRlSp9Ua0IjYwR2ValnSDxUaVNjW0V0Rj5WNyIGVKl2TptGSkBnTtl0cJNUTxUkaMBTTU1UdnRUT5RzUONTRqlkNJN0YwpUelZTS5JWb1c1U3x2aJNXSp1UeRNzYsJlbJZTSTpFdG1GV5ZlMjZlSDxUaNVUV0lkaNVlTWJVVKl2TpV1VihWNwEVUKNETpVkaMBDND5UavpWS5ZVbWlnVtRWeWJTVpdXaJZDawI1dnpGT5F0QRdWVGVFRCNUT3FFRPRXVUF2ZrNFVVh2UalXOyE1ZrlWVvd3VaBTNXNVavpWSsFzVZ9kVGVFRKNETplURJdXQTx0ZJhlWwIEWZtmRFlkeOdVYvJEWZlHZFlkQktmVnFVbjhmUtJGaSNTVp9maJxWMXl1TWZUVIp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiI2MxE2MzY2M1QTOwY2NmNWZwQTZhZmZ1kjZ0QmN2MWMiwiIkBjYhNDOkFmY4UDZ1Y2YlRzM3EjZ5cDMxgzYhRTNhhTYxEWYxYTZwIiOiEjY3IzMiJTMlRGO5Q2YwATZmZGZyMjMlBjNzQ2Y0gjYiwiI1AjZ1IzN0UDM3UWZ1gzY0IzY0UGM3IjZwYzMmVjZjRjZyE2NkhjM3IiOiMmZmRzYwEzM1cTM3UGM4ADO3EDMkVmM3gTZxkTNhNGOis3W	1		10.2		48	ZeroCERT

42235	2021-08-24 12:01	StaticArrayInitTypeSize.exe 50c7ebc89793bd7c8ba93468efec11dc PWS Loki[b] Loki.m Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName Cryptographic key Software	3 Keyword trend analysis	2	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	14.6		31	ZeroCERT

42236	2021-08-24 11:58	Explorer.exe fd3b4ad42fe49dff3b786e6e949fba83 AntiDebug AntiVM MSOffice File Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	3 Keyword trend analysis	8	2	4.2			ZeroCERT

42237	2021-08-24 11:57	211575.xls 85eec686404e8d636c1d2e115f0a28a2 VBA_macro MSOffice File VirusTotal Malware RWX flags setting unpack itself				1.2		6	ZeroCERT

42238	2021-08-24 09:48	galvanizedzx.exe 395b7c06e528ce1943e4f10b923acc9e PWS Loki[b] Loki.m Gen1 Gen2 Generic Malware Malicious Library Malicious Packer UPX DNS Socket KeyLogger HTTP Internet API ScreenShot Http API AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder malicious URLs sandbox evasion anti-virtualization installed browsers check Ransomware Zeus Windows Browser Email ComputerName Cryptographic key Software	1 Keyword trend analysis	2	1	15.4	M	25	ZeroCERT

42239	2021-08-24 09:43	bd.exe d25769efd533ba3d13a13a3274fe69ab PE File PE32 VirusTotal Malware unpack itself				1.6	M	29	ZeroCERT

42240	2021-08-24 09:41	ob.exe 95fe547bbaa4db499b9d04bf7843608b PE File PE32 VirusTotal Malware unpack itself				1.6	M	21	ZeroCERT