Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
43486	2021-02-04 16:00	DsQwouT0.exe 943dff6e7979ded5b2d94f4e0503704a VirusTotal Malware Remote Code Execution					1.4		19	ZeroCERT

43487	2021-02-04 11:04	aa.exe 1ff59d25828ac6ee321e571439410b12 VirusTotal Cryptocurrency Miner Malware Cryptocurrency SMB Traffic Potential Scan AutoRuns Check memory Creates executable files ICMP traffic unpack itself Windows utilities Auto service Check virtual network interfaces suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows Browser ComputerName Remote Code Execution DNS	1 Keyword trend analysis	5	5 Info ET INFO DYNAMIC_DNS Query to 3322.net Domain .3322.net ET POLICY Unsupported/Fake Windows NT Version 5.0 ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain .3322.net ET POLICY Cryptocurrency Miner Checkin ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection		15.4		56	ZeroCERT

43488	2021-02-04 11:03	906249IMG_055708.pdf.exe 3a0f89e50b88ed60053533cca7003388 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs VMware IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	3 Keyword trend analysis	6	4		16.0	M	18	ZeroCERT

43489	2021-02-04 10:52	416212.jpg.exe 5210f2b1dea41fc2209ca7dccb4ec172					0.2	M		ZeroCERT

43490	2021-02-04 10:52	541310.jpg.exe ac7d58bf24cbc2083fe4a90f203c9ab5 Remote Code Execution					0.8	M		ZeroCERT

43491	2021-02-04 10:14	6lajhbjyuk.exe 77be0dd6570301acac3634801676b5d7 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency MachineGuid Check memory ICMP traffic Collect installed applications malicious URLs sandbox evasion anti-virtualization IP Check installed browsers check Ransomware Browser ComputerName DNS Software	1 Keyword trend analysis	4	1		10.8	M	59	ZeroCERT

43492	2021-02-04 10:14	winlog.exe 339fedf77e466d75dc3d7197fafa2ac3 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files unpack itself AppData folder malicious URLs sandbox evasion installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		10.0	M	48	ZeroCERT

43493	2021-02-04 09:59	vbc.exe 2ffc43d9e4d2482e7acfdcef863fe7e9 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself suspicious process malicious URLs WriteConsoleW Windows DNS Cryptographic key	4 Keyword trend analysis Info http://www.starlevelopulence.com/kre/?jFNHix=0OfHdNz0HWhF9HvaatlBO/XroeHlL7Urm8EImvnpnos1yLwvrzvh2obe20hMQlWMYoNQHDpy&oXU=_0GDCjlXRtr4u http://www.babylist.info/kre/?jFNHix=mkx09hqXalb1sG7rIkwTo1+5sqNE9cKMt7dvRqdNeRtwcb/BKuz3t/EUP1FALOL4s9t4U09z&oXU=_0GDCjlXRtr4u http://www.smyleoberry.com/kre/?jFNHix=wPJk7tKGuyBEXolqs/BP21jfPD8XOzKUBfoK5nxEF3WPIHY1woaeT3O1l5lNU2VWzdsP7CRb&oXU=_0GDCjlXRtr4u http://www.canceledculture.net/kre/?jFNHix=sZpFlhXP8dA3ffHIyrPzRO7rgjEq65TwHsovkvKuC9nuE9nDYSZRHOFurjv11gPSsq5taiH9&oXU=_0GDCjlXRtr4u	10 Info www.smyleoberry.com(18.211.19.104) www.babylist.info(52.219.116.115) www.canceledculture.net(34.102.136.180) www.starlevelopulence.com(23.227.38.74) www.fu2car.com(198.74.106.243) - mailcious 3.93.205.129 52.219.117.59 198.74.106.243 - mailcious 34.102.136.180 - mailcious 23.227.38.74 - mailcious			10.0	M	31	ZeroCERT

43494	2021-02-04 09:59	UDI.exe 103a67077a7c6f4efd59a2042168f08b VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces ComputerName DNS		1			3.8	M	24	ZeroCERT

43495	2021-02-04 09:46	svchost.exe c69a6a5f930af087691a861a2ba904eb Dridex VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS	1 Keyword trend analysis	2	5		11.0	M	17	ZeroCERT

43496	2021-02-04 09:45	TEMP.so.exe f160c057fded2c01bfdb65bb7aa9dfcc Malware download Amadey VirusTotal Malware Malicious Traffic Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS	1 Keyword trend analysis	1	1	1	6.8	M	56	ZeroCERT

43497	2021-02-04 09:40	bb.exe 2668dde5e520194c26a7dd49d1aab364 VirusTotal Malware AutoRuns Creates executable files malicious URLs sandbox evasion Windows Remote Code Execution DNS		1			7.4	M	57	guest

43498	2021-02-04 09:37	new.exe fea1df2cdbc8ed9c6a82bcce20402a0a VirusTotal Malware Buffer PE PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself human activity check Windows DNS DDNS		2	1		12.8	M	10	ZeroCERT

43499	2021-02-04 09:37	MLY.exe 3c9be33d1fd95c74f800e570cd4654eb VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW human activity check Windows ComputerName Cryptographic key crashed		2			14.4	M	28	ZeroCERT

43500	2021-02-04 09:20	lv.exe 5d2f84a7e74e6e5ff1db4c4038d0f5e4 VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates shortcut Creates executable files unpack itself Windows utilities Checks Bios Detects VMWare suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check Tofsee Windows ComputerName crashed	2 Keyword trend analysis	4	2		13.8	M	46	ZeroCERT

Submissions

943dff6e7979ded5b2d94f4e0503704a

1ff59d25828ac6ee321e571439410b12

3a0f89e50b88ed60053533cca7003388

5210f2b1dea41fc2209ca7dccb4ec172

ac7d58bf24cbc2083fe4a90f203c9ab5

77be0dd6570301acac3634801676b5d7

339fedf77e466d75dc3d7197fafa2ac3

2ffc43d9e4d2482e7acfdcef863fe7e9

103a67077a7c6f4efd59a2042168f08b

c69a6a5f930af087691a861a2ba904eb

f160c057fded2c01bfdb65bb7aa9dfcc

2668dde5e520194c26a7dd49d1aab364

fea1df2cdbc8ed9c6a82bcce20402a0a

3c9be33d1fd95c74f800e570cd4654eb

5d2f84a7e74e6e5ff1db4c4038d0f5e4

View

Insert

Alert