Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
43936	2021-01-14 10:37	WindowsForsApp2.jpg.exe d3a6b158e1e9696487764681659b132e Malware download AsyncRAT Dridex NetWireRC TrickBot VirusTotal Malware AutoRuns Code Injection Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Kovter Windows ComputerName DNS		1	2		5.8	M	42	guest

43937	2021-01-14 09:21	http://akybron.hu/wordpress/Tr... 00dc990ef89d168d1a2256a35efdaddd Dridex VirusTotal Malware Code Injection ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		1	3		5.6			ZeroCERT

43938	2021-01-13 18:29	VMQP93ODSB8.doc 5d945215f920eb558ea283588ea0ad85 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS		14 Info snowremoval-services.com(35.209.101.201) - malware kitsunecomplements.com(149.202.105.228) - mailcious altrashift.com(104.27.159.29) - mailcious shop.animewho.com(104.18.40.172) - mailcious www.autoeck-baden.at(81.19.159.72) - mailcious ojodetigremezcal.com(45.77.102.200) - malware imperioone.com(162.241.203.91) - malware 45.77.102.200 - malware 162.241.203.91 - malware 35.209.101.201 - malware 81.19.159.72 - mailcious 149.202.105.228 - mailcious 172.67.217.110 172.67.180.86	1		4.6	M	14	guest

43939	2021-01-13 18:27	UN7.dll 0ee5c78c6e2ee9f8a8c201474fd03b2e VirusTotal Malware					0.8	M	17	guest

43940	2021-01-13 17:10	QL-0217.jpg.exe 15368412abd71685cef34b2470ffd3a0 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2	1	18.0	M	36	guest

43941	2021-01-13 17:10	RG-1067.jpg.exe dbce571e89ef0357c78bb79dfa89bfad Browser Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder malicious URLs VMware IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS crashed	2 Keyword trend analysis	4	4		16.8	M	22	guest

43942	2021-01-13 16:38	PO-75013.jpg.exe e7e6ee6ef97ff797562c91e0ff401ac4 Browser Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs VMware IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS crashed	2 Keyword trend analysis	4	4		15.6	M	22	guest

43943	2021-01-13 16:37	PQ-0163.jpg.exe a9a388bb567d513a74c055c690931107 VirusTotal Malware AutoRuns suspicious privilege Check memory Checks debugger unpack itself Windows utilities suspicious process malicious URLs Windows DNS Cryptographic key					7.2	M	26	guest

43944	2021-01-13 13:38	PO-5042.jpg.exe f502ba6dcaa52430ff540dbdef13c40b Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4		14.8	M		guest

43945	2021-01-13 13:38	PO-013275.jpg.exe 5a409e1c8e75e0aa868951d8b792f054 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4		14.2	M		guest

43946	2021-01-13 11:42	PO_60577.jpg.exe 000af790102eb884cfb98b2e4cf50d5a Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		16.6	M	24	ZeroCERT

43947	2021-01-13 11:42	J6GGOYSZA6JBA1M7.doc e93393396ea5952fc1f5a0f1a5c3eff8 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee		14 Info snowremoval-services.com(35.209.101.201) - malware kitsunecomplements.com(149.202.105.228) - mailcious altrashift.com(104.27.158.29) - mailcious shop.animewho.com(104.18.40.172) - mailcious www.autoeck-baden.at(81.19.159.72) - mailcious ojodetigremezcal.com(45.77.102.200) - malware imperioone.com(162.241.203.91) - malware 81.19.159.72 - mailcious 104.27.159.29 - mailcious 104.18.40.172 162.241.203.91 - malware 35.209.101.201 - malware 149.202.105.228 - mailcious 45.77.102.200 - malware	1		4.0	M	13	ZeroCERT

43948	2021-01-13 11:38	gtmr748f6nnpr2.exe ffa6c47e69a40d26136861ef8bc8c969 VirusTotal Malware Check memory malicious URLs Tofsee DNS	1 Keyword trend analysis	2	1		2.8	M	9	ZeroCERT

43949	2021-01-13 11:38	GF-05448.jpg.exe 75608975989a15f4d05ce2dc7ecc987c VirusTotal Malware AutoRuns suspicious privilege Check memory Checks debugger unpack itself Windows utilities suspicious process malicious URLs Windows Cryptographic key					6.6	M	22	ZeroCERT

43950	2021-01-13 11:32	E3-20210112_2343.doc df66ce237d60ca77253674acb51f9420 Vulnerability Malware Malicious Traffic unpack itself malicious URLs Windows DNS		3	3		4.4	M		ZeroCERT

Submissions

d3a6b158e1e9696487764681659b132e

00dc990ef89d168d1a2256a35efdaddd

5d945215f920eb558ea283588ea0ad85

0ee5c78c6e2ee9f8a8c201474fd03b2e

15368412abd71685cef34b2470ffd3a0

dbce571e89ef0357c78bb79dfa89bfad

e7e6ee6ef97ff797562c91e0ff401ac4

a9a388bb567d513a74c055c690931107

f502ba6dcaa52430ff540dbdef13c40b

5a409e1c8e75e0aa868951d8b792f054

000af790102eb884cfb98b2e4cf50d5a

e93393396ea5952fc1f5a0f1a5c3eff8

ffa6c47e69a40d26136861ef8bc8c969

75608975989a15f4d05ce2dc7ecc987c

df66ce237d60ca77253674acb51f9420

View

Insert

Alert