Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
43621	2021-01-30 22:38	fdlaunchera.exe 361d3643b23e428cf9c2cf420751c1b1 Buffer PE AutoRuns Code Injection buffers extracted Creates executable files unpack itself AppData folder malicious URLs sandbox evasion Windows Remote Code Execution DNS		2	1		12.6	M		guest

43622	2021-01-30 22:38	document.doc d852cd3c154c4f51e69f5c55962c1570 VirusTotal Malware exploit crash unpack itself malicious URLs Exploit DNS crashed		1			5.4	M	26	guest

43623	2021-01-30 22:30	cpu64.exe 64e66fd668ef21bbd3d5ebb8a76d2ef8 unpack itself malicious URLs DNS					2.6			guest

43624	2021-01-30 22:30	87539487.jpg.exe 9b2be10d80b4a80c733fe8101234da89 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Checks Bios Detects VirtualBox suspicious process malicious URLs WriteConsoleW VMware anti-virtualization Windows ComputerName DNS DDNS Software		3	1		15.0	M	47	guest

43625	2021-01-29 17:50	iqv2v9p7.zip.exe 86cdc85c3d58de12bf6e8783d044a105 VirusTotal Malware Remote Code Execution					2.0	M	57	ZeroCERT

43626	2021-01-29 10:18	winlog2.exe d433d6c4c98e165cb999ae4e8fd5f0af VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows DNS Cryptographic key					7.6	M	7	ZeroCERT

43627	2021-01-29 10:18	winlog.exe d9cc09d0fd6c60708b7e0f2fa7cb2346 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates executable files unpack itself AppData folder malicious URLs sandbox evasion installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		10.4	M	27	ZeroCERT

43628	2021-01-29 10:08	osamax.scr 233052898800d961e4fc3ef2a339f555 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	1		1	12.6	M	12	ZeroCERT

43629	2021-01-29 10:07	DSC_Canon_110202_23.01.2021.zi... 4568bbfb8b5a5161c8b1045051933788 unpack itself					1.2			ZeroCERT

43630	2021-01-29 09:59	IMG-0607.pdf.exe 263f0b35e5768e624a84ac122bbf6a8c Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces malicious URLs AntiVM_Disk VMware IP Check VM Disk Size Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	3 Keyword trend analysis	7	4		16.2	M	24	ZeroCERT

43631	2021-01-29 09:59	gwfa.exe a8417cfd71637c7371986737cff269cf VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS	1 Keyword trend analysis	3			12.6	M	58	ZeroCERT

43632	2021-01-29 09:39	1599400056-01282021.xls b4f063612cbe944f5f63e3e132793941 Malware download Dridex TrickBot VirusTotal Malware suspicious privilege Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Kovter Windows ComputerName DNS Downloader		7	6 Info ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from MSXMLHTTP non-exe extension M2 ET MALWARE JS/WSF Downloader Dec 08 2016 M4		8.0	M	6	ZeroCERT

43633	2021-01-29 09:39	bvsd.exe 3adae286b1688adb95794b29d21f6ca0 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS	2 Keyword trend analysis	4			11.6	M	20	ZeroCERT

43634	2021-01-28 19:26	http://transplugin.io 242c23ea412530c7d94b77a7a978c176 Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	3 Keyword trend analysis	2	3		4.8			guest

43635	2021-01-28 13:58	nfeX-99.msi d388da2bf1c9ef59eabce635a6909348 Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself malicious URLs AntiVM_Disk suspicious TLD VM Disk Size Check ComputerName DNS DDNS	1 Keyword trend analysis	4	2		5.8		29	ZeroCERT

Submissions

361d3643b23e428cf9c2cf420751c1b1

d852cd3c154c4f51e69f5c55962c1570

64e66fd668ef21bbd3d5ebb8a76d2ef8

9b2be10d80b4a80c733fe8101234da89

86cdc85c3d58de12bf6e8783d044a105

d433d6c4c98e165cb999ae4e8fd5f0af

d9cc09d0fd6c60708b7e0f2fa7cb2346

233052898800d961e4fc3ef2a339f555

4568bbfb8b5a5161c8b1045051933788

263f0b35e5768e624a84ac122bbf6a8c

a8417cfd71637c7371986737cff269cf

b4f063612cbe944f5f63e3e132793941

3adae286b1688adb95794b29d21f6ca0

242c23ea412530c7d94b77a7a978c176

d388da2bf1c9ef59eabce635a6909348

View

Insert

Alert