Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
44536	2021-06-23 09:17	vbc-09.exe 4973f29c105dce3837d78fe291531f6b PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key crashed	11 Keyword trend analysis Info http://www.thesoulrevitalist.com/p2io/ - rule_id: 2157 http://www.trendbold.com/p2io/?jL0d00=ZJBXI2L0E8&hBZLH6X=YuHUVBROXCfg7aakNX6aejQt13LdGy2QNXOPqDJZQ0blgOG1Ou0e6o/Qymt+KddQAKm5B3Gq http://www.shopihy.com/p2io/?hBZLH6X=Ei6RqbmvJXwd1KhoWyb/BZtLNDk4B448l51n8Zz8P/g/u3IBdZc5bHR/QCXBboISRM182550&jL0d00=ZJBXI2L0E8 http://www.myfavbutik.com/p2io/ - rule_id: 1552 http://www.shopihy.com/p2io/ http://www.dmgt4m2g8y2uh.net/p2io/?jL0d00=ZJBXI2L0E8&hBZLH6X=QtqXFq7HS/X4MIE9GXms050Yi4WsLwGmbpvB1Cdjo9kEhb/cEuRUaHG+vgNP8VkCpLdNveMs - rule_id: 1571 http://www.trendbold.com/p2io/ http://www.myfavbutik.com/p2io/?hBZLH6X=dKp6rERBK113SD0GvHZ5ksFEU2G9ncFkpMVxqDe1xbP28bbT8N8SqFHc7ZWN2qvn1fWpyoOF&jL0d00=ZJBXI2L0E8 - rule_id: 1552 http://www.malcorinmobiliaria.com/p2io/ - rule_id: 1719 http://www.malcorinmobiliaria.com/p2io/?hBZLH6X=X0EtArFEUual2LrizL+JDvaaIJih4TPXrew0ftkRNgE5xhBEnMYnqlEM9Znbjzoaa6WF3j6b&jL0d00=ZJBXI2L0E8 - rule_id: 1719 http://www.thesoulrevitalist.com/p2io/?jL0d00=ZJBXI2L0E8&hBZLH6X=ywi4HDlC8ElSOMEyK6H+rd6B6cynTULkanOSXBUPYg06e2wPUHpv6wPun14JIO+5lIaxxIkr - rule_id: 2157	13 Info www.malcorinmobiliaria.com(160.121.176.84) www.shopihy.com(160.153.137.40) www.foxwaybrasil.com() - mailcious www.myfavbutik.com(172.67.161.4) www.trendbold.com(64.190.62.111) www.thesoulrevitalist.com(34.102.136.180) - mailcious www.dmgt4m2g8y2uh.net(103.120.12.5) 172.67.161.4 160.121.176.84 - mailcious 34.102.136.180 - mailcious 64.190.62.111 - mailcious 103.120.12.5 160.153.137.40 - mailcious	2	7	10.4	M	26	ZeroCERT

44537	2021-06-23 09:16	OsB36TxkNFTkn1MKz.exe 61286518a4a98a17eb6f4e85391b3ee4 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					11.2		36	ZeroCERT

44538	2021-06-23 09:14	wininit.exe ff5a7718e9f32b7332743f2b1b34d393 PWS Loki[b] Loki[m] AsyncRAT backdoor Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	1	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	1	15.2	M	23	ZeroCERT

44539	2021-06-23 09:14	new.xlsx 87b64dec6a53c93bde6a4e984e0d51c0 Generic Malware MSOffice File Malware download VirusTotal Malware exploit crash unpack itself Windows Exploit DNS DDNS crashed Downloader	1 Keyword trend analysis	5	4		5.6		20	ZeroCERT

44540	2021-06-23 09:12	vbc-09.exe ff2e823d200a33909f4adaa63e41e5e9 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					10.2		30	ZeroCERT

44541	2021-06-23 09:11	vbc.exe 018c822e08bf5da34aab3a73a614f3f5 AsyncRAT backdoor Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed					12.0		26	ZeroCERT

44542	2021-06-23 09:09	ongod.exe 5013cd46f5bc64f2f91c2f1b26eff560 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					10.0		29	ZeroCERT

44543	2021-06-23 09:09	s.wbk 636c20db99ab89978c5318b23dd17424 RTF File doc AntiDebug AntiVM VirusTotal Malware MachineGuid Checks debugger exploit crash unpack itself Tofsee Exploit DNS crashed		2	2		4.2		31	ZeroCERT

44544	2021-06-23 09:07	md1_1eaf.exe 0f3560389b1ca2df45c12958c4f1c58e VMProtect PE File PE32 VirusTotal Malware crashed					2.2		39	ZeroCERT

44545	2021-06-23 09:07	new.exe aadd62021160ebeee45e25c33977d9b3 Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library DNS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS		3			15.0		20	ZeroCERT

44546	2021-06-22 18:16	GetFile.exe da37656f71601d9b59eaf8a9618f4817 AsyncRAT backdoor PWS .NET framework Generic Malware PE File .NET EXE PE32 VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself ComputerName DNS crashed					3.4		12	guest

44547	2021-06-22 18:14	prince_of_persia_P_v4_x64.exe b7605ff2f14efbd06844cc4473711fa9 AsyncRAT backdoor Generic Malware PE File PE64 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory buffers extracted unpack itself Windows utilities Check virtual network interfaces Tofsee Windows ComputerName DNS Cryptographic key	12 Keyword trend analysis Info https://nidhoggr.club/horatia/alpha/colorless/stealthy/evil/honoria/outnoise/collapsar/sneaky/39152ab9-6ffb-4b19-811e-e9538a897d93/?XU8IQz27epJ6sln https://nidhoggr.club/horatia/alpha/colorless/stealthy/evil/honoria/outnoise/collapsar/sneaky/7da76ce4-eabc-48f5-b3df-769296a4b738/?XU8IQz27epJ6sln https://nidhoggr.club/unnoised/strange?ballistic=greyish780990e3-289e-448e-9ae9-2674b0e3f3a2/?XU8IQz27epJ6sln https://nidhoggr.club/slither/overnoise/infiltrator/giulietta/collapsar/ https://nidhoggr.club/ultimate/giustina/collapsar/10f9ba50-c5d1-4e00-ab9e-541e6144061f/?XU8IQz27epJ6sln https://nidhoggr.club/ivie/soundless/Adelina/cheerless/gray/ivett?nameless=subrepticedcc4d3c3-0e97-40ed-98bc-e856a5c2f8ca/?XU8IQz27epJ6sln https://nidhoggr.club/undercover/atomic?hyacinthe=Gizelaff06fa1a-1992-43ef-9704-2913c9b2299e/?XU8IQz27epJ6sln https://nidhoggr.club/noiseproof/greyish/turbulent/turbulent/Hyacinthia/isabelle/Hildagard?glad=noisemakerd1cdbebf-220a-4726-87c6-1c3855c9c262/?XU8IQz27epJ6sln https://nidhoggr.club/anonymous/issie/nuclear/twilit/Iseabal/noiseful/bilious/glad/Sybil/Hyacinth/darkened?atomic=izabel5039d36f-1fe0-46d6-a3bc-d0d81257b6fe/?XU8IQz27epJ6sln https://nidhoggr.club/noised/noiseful/malicious/drab/unbeaten/shadow/1e58acfe-6387-4707-b70e-6e95181f902f/?XU8IQz27epJ6sln https://nidhoggr.club/noiselessly/crepuscular/winterly/metallic/antinoise/quiet/7326892f-c4f3-4728-9b5e-a22d33c3b139/?XU8IQz27epJ6sln https://nidhoggr.club/Gizela/unrecognized/noiselessly/colorless/nova?Odilia=janaya7312d3e3-fe83-4e36-a09f-2faea02ce400/?XU8IQz27epJ6sln	2	1		7.2		33	ZeroCERT

44548	2021-06-22 18:13	prince_of_persia_P_v4_x86.exe 28906318e1bfa9949cd086e807a0f220 AsyncRAT backdoor Generic Malware PE File OS Processor Check PE32 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key	20 Keyword trend analysis Info https://nidhoggr.club/slither/overnoise/infiltrator/giulietta/collapsar/2ee38670-d342-4fec-99b0-a4f7f4bea0e4/?poP7OSkLBNturHY https://nidhoggr.club/jasmina/jaquenette/obscure/dull/dormant?strange=cheerless5039d36f-1fe0-46d6-a3bc-d0d81257b6fe/?poP7OSkLBNturHY https://nidhoggr.club/slither/overnoise/infiltrator/giulietta/collapsar/ https://nidhoggr.club/noised/noiseful/malicious/drab/unbeaten/shadow/39152ab9-6ffb-4b19-811e-e9538a897d93/?poP7OSkLBNturHY https://nidhoggr.club/issie/furtive/Hyacintha/noise/undiscovered/hazardous/Ivette?Adelina=noised994b6e21-8a8f-4128-bfc4-7637963c9483/?poP7OSkLBNturHY https://nidhoggr.club/turbulent/Ivette/nova/dull/fighter?fading=isabellaff06fa1a-1992-43ef-9704-2913c9b2299e/?poP7OSkLBNturHY https://nidhoggr.club/dreary/dull/Isahella/isobel/cheerless/dull/cheerless/noisefulness/counternoise?spy=champion7312d3e3-fe83-4e36-a09f-2faea02ce400/?poP7OSkLBNturHY https://nidhoggr.club/isabelle/Hulda/dark/isabella?crepuscular=isadoradcc4d3c3-0e97-40ed-98bc-e856a5c2f8ca/?poP7OSkLBNturHY https://nidhoggr.club/hilde/ghost/isabella/spy/corrosive/jasmin/steel/jaquenetta?corrosive=hazardousd1cdbebf-220a-4726-87c6-1c3855c9c262/?poP7OSkLBNturHY https://nidhoggr.club/Gizela/unrecognized/noiselessly/colorless/nova?Odilia=janayaeb53ebd1-51a1-41df-8408-4370caceac3e/?poP7OSkLBNturHY https://nidhoggr.club/dim/hildagarde/grey/Iseabal/7326892f-c4f3-4728-9b5e-a22d33c3b139/?poP7OSkLBNturHY https://nidhoggr.club/subreptice/corrosive/slither/evil/suzie/undiscovered/unbeaten/noiselessly/Isidora/noisemaking/ivy?giustina=dark10f9ba50-c5d1-4e00-ab9e-541e6144061f/?poP7OSkLBNturHY https://nidhoggr.club/Hildagard/ivory/spy/evil/Hyacintha/unrecognized/quiet/Hyacintha/ghost/dark/ae029445-9427-40f7-bb59-2b36300b52e6/?poP7OSkLBNturHY https://nidhoggr.club/hilde/ghost/isabella/spy/corrosive/jasmin/steel/jaquenetta?corrosive=hazardous1e58acfe-6387-4707-b70e-6e95181f902f/?poP7OSkLBNturHY https://nidhoggr.club/jaquelyn/stygian/corrosive/drab/jaquith/hyacinthe/hunter/Hope/winterly/joyless?colorless=iviee714bab2-5dfd-491a-a93f-d380656997c1/?poP7OSkLBNturHY https://nidhoggr.club/suzie/suzette/nuclear/unknown/metallic/discreet/undercover/dark?ivy=isis7da76ce4-eabc-48f5-b3df-769296a4b738/?poP7OSkLBNturHY https://nidhoggr.club/Gizela/ivie/jaquelyn/isabelita/Honor/noiseless/780990e3-289e-448e-9ae9-2674b0e3f3a2/?poP7OSkLBNturHY https://nidhoggr.club/noisefulness/Hyacinth/ballistic/hynda?silent=faultyc5390449-e189-426e-a0a4-7167c229cd83/?poP7OSkLBNturHY https://nidhoggr.club/issie/furtive/Hyacintha/noise/undiscovered/hazardous/Ivette?Adelina=noised1e38d28d-61d7-460d-a3f0-89548c65ef63/?poP7OSkLBNturHY https://nidhoggr.club/dolorous/sneaky/janaya/5055beb4-7979-414a-bfc0-644fa8e029fb/?poP7OSkLBNturHY	2	1		6.4		34	ZeroCERT

44549	2021-06-22 18:10	vbc.exe 8da587a72663d0312b35d53f4d45735c PE File PE32 DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	9 Info ET INFO DNS Query for Suspicious .cf Domain ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.cf Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		8.2		18	ZeroCERT

44550	2021-06-22 18:09	vbc.exe 357e95c47c4b8666b0fe33277a37f376 PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself RCE DNS crashed					3.4		33	ZeroCERT