Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
44566	2021-06-19 09:04	upservices.exe 5af71e2a08eed74f115e2b5d3ef4e570 PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows DNS crashed				3.6	M	26	ZeroCERT

44567	2021-06-19 09:04	g63.exe 607a1510ce7946e7e5528dee9a6e6e2c Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows crashed				3.0	M	27	ZeroCERT

44568	2021-06-18 18:08	Betalingskopi.exe 5a7ce837df7e550836993a5a8c6ecc36 PWS Loki[b] Loki[m] AsyncRAT backdoor .NET framework Admin Tool (Sysinternals etc ...) Anti_VM Malicious Library DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .gq Domain ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious .gq domain ET INFO HTTP Request to a .gq domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	15.0	M	49	ZeroCERT

44569	2021-06-18 17:57	SystemCrasher_ByDaniel.exe fe6bb808dff8cb1a8571a1a07dbafe89 DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM PE File PE64 MachineGuid Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName crashed				5.8	M		ZeroCERT

44570	2021-06-18 17:54	build.exe 2f2506f0d7f62f22018c3e69438b7ce0 Raccoon Stealer PE File OS Processor Check PE32 PDB unpack itself Windows crashed				2.2	M		ZeroCERT

44571	2021-06-18 17:51	THyMIS5b5vbewxD36.exe 2ee14bf16671a7f8b4f76d6e7e5f2ce8 PWS .NET framework Admin Tool (Sysinternals etc ...) Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed				10.8	M		ZeroCERT

44572	2021-06-18 17:50	5.exe a9b0f21cb30e239e1f3af96eb376a0ba Generic Malware Malicious Packer PE File OS Processor Check PE32 PDB unpack itself Windows RCE crashed				2.0	M		ZeroCERT

44573	2021-06-18 17:45	Nhin_cai_dit_me_may.txt.html 0054e362a98af79987efdb3945fdd54b Antivirus AntiDebug AntiVM powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process Tofsee Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	2	6.2	M		ZeroCERT

44574	2021-06-18 17:42	M4C5n1UQnIWeWsRb.exe 7a4bc39ba2e82f3bc8b8775d11113cf0 PWS .NET framework Admin Tool (Sysinternals etc ...) Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed				10.8	M	32	ZeroCERT

44575	2021-06-18 17:42	inquiry.exe 5cf27ec755267b1f7e443c9f2f45e627 Generic Malware Admin Tool (Sysinternals etc ...) PE File PE32 VirusTotal Malware AutoRuns RWX flags setting unpack itself Windows DNS				2.6		12	ZeroCERT

44576	2021-06-18 17:42	BfWe.txt.html d9a580f007effddf29bb8cef119aac46 VBScript PowerShell Obfuscated File Antivirus AntiDebug AntiVM VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1		7.2		17	ZeroCERT

44577	2021-06-18 17:41	sefile.exe 06ac95deaa340711db9f10e66642fdb4 Raccoon Stealer PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows crashed				3.0	M	29	ZeroCERT

44578	2021-06-18 17:38	hut.exe 4ccbe3a8fa850367d5efde685a350d80 PE File PE32 VirusTotal Malware RWX flags setting unpack itself Tofsee crashed	1 Keyword trend analysis	2	1	3.2	M	27	ZeroCERT

44579	2021-06-18 17:37	OSdm4SizH7WvTFnlz.exe 7aa1962ebd8bfadc1f0a02eba48d98f8 PWS .NET framework Admin Tool (Sysinternals etc ...) Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed				12.6	M	41	ZeroCERT

44580	2021-06-18 16:43	cports.exe 120dd0fcdbecf5b37b0f6578fc541323 Gen1 Gen2 Generic Malware PE File OS Processor Check PE32 DLL PE64 VirusTotal Malware Checks debugger unpack itself AppData folder AntiVM_Disk VM Disk Size Check ComputerName				2.8		16	ZeroCERT