Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
44806	2021-06-04 18:16	ac.exe a9bd3a038170c1a41212c8e320b68d5d AsyncRAT backdoor Malicious Packer KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS		3			12.8	M	33	ZeroCERT

44807	2021-06-04 18:15	axcxcvhgfc.exe 2eb4f37816d7e7b632eecee6952f473f PWS Loki[b] Loki[m] AsyncRAT backdoor Gen1 Malicious Packer KeyLogger DNS Socket HTTP Http API Internet API ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check JPEG Format Browser Info Stealer Malware download Vidar ENERGETIC BEAR VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization installed browsers check OskiStealer Stealer Windows Browser Email ComputerName DNS Password	10 Keyword trend analysis Info http://veronikaa.ac.ug/msvcp140.dll http://veronika.ac.ug/index.php http://veronikaa.ac.ug/nss3.dll http://veronikaa.ac.ug/sqlite3.dll http://veronikaa.ac.ug/main.php http://veronikaa.ac.ug/freebl3.dll http://veronikaa.ac.ug/mozglue.dll http://veronikaa.ac.ug/softokn3.dll http://veronikaa.ac.ug/vcruntime140.dll http://veronikaa.ac.ug/	3	7 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 24 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)		18.6	M	23	ZeroCERT

44808	2021-06-04 18:14	cc.exe a366fb953227608061d99b578d6a31c1 AgentTesla DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Code injection Http API Internet API Steal credential ScreenShot Downloader P2P AntiDebug AntiVM PE File PE32 Code Injection buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName RCE	1 Keyword trend analysis	2	1		9.2	M		ZeroCERT

44809	2021-06-04 18:13	oxcxcvhgfc.exe f8e766e4d22bc299950f6a4d23c824cc AsyncRAT backdoor Gen1 Malicious Packer KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check JPEG Format Browser Info Stealer Malware download Vidar ENERGETIC BEAR VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check OskiStealer Stealer Windows Browser Email ComputerName Password	9 Keyword trend analysis Info http://veronikaa.ac.ug/msvcp140.dll http://veronikaa.ac.ug/nss3.dll http://veronikaa.ac.ug/sqlite3.dll http://veronikaa.ac.ug/main.php http://veronikaa.ac.ug/freebl3.dll http://veronikaa.ac.ug/mozglue.dll http://veronikaa.ac.ug/softokn3.dll http://veronikaa.ac.ug/vcruntime140.dll http://veronikaa.ac.ug/	2	5 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 24 ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2 ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)		16.0	M	24	ZeroCERT

44810	2021-06-04 18:12	vbc.exe 1d1e0caaf70abcc7ae285e98d04e2f31 PWS Loki[b] Loki[m] .NET framework Admin Tool (Sysinternals Devolutions inc) Anti_VM Malicious Library DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName Trojan DNS Cryptographic key Software	1 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	15.0	M	28	ZeroCERT

44811	2021-06-04 13:23	5.exe 26c1fa9d93b8875b52d84e0e1b268d3e AsyncRAT backdoor BitCoin KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer ENERGETIC BEAR VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces malicious URLs installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	3		12.2		14	ZeroCERT

44812	2021-06-04 12:12	covid.exe 0ac067f9a888d650d44d0f3c9cef21bf Anti_VM Malicious Library DNS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS		2			14.4		28	ZeroCERT

44813	2021-06-04 12:12	flashplayer.exe c25218fcf7bce8f3b6431d8125e2e898 AsyncRAT backdoor Emotet Generic Malware VMProtect AntiDebug AntiVM PE File .NET EXE PE32 DLL GIF Format Browser Info Stealer VirusTotal Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic unpack itself Check virtual network interfaces suspicious process AppData folder sandbox evasion WriteConsoleW IP Check Tofsee Ransomware Windows Browser DNS Cryptographic key crashed	8 Keyword trend analysis Info http://ol.gamegame.info/report7.4.php - rule_id: 1518 http://iw.gamegame.info/report7.4.php - rule_id: 1517 http://ip-api.com/json/ http://uyg5wye.2ihsfa.com/api/?sid=225691&key=326f32f218d7def7aba855b5cc3b5918 - rule_id: 1396 http://uyg5wye.2ihsfa.com/api/fbtime - rule_id: 1396 http://ip-api.com/json/?fields=8198 https://iplogger.org/18hh57 https://www.facebook.com/	15 Info www.facebook.com(157.240.215.35) email.yg9.me(198.13.62.186) - suspicious uyg5wye.2ihsfa.com(88.218.92.148) - mailcious ol.gamegame.info(104.21.21.221) - mailcious iplogger.org(88.99.66.31) - mailcious ip-api.com(208.95.112.1) iw.gamegame.info(104.21.21.221) - mailcious news-systems.xyz() - mailcious 88.99.66.31 - mailcious 208.95.112.1 172.67.200.215 104.21.21.221 - mailcious 88.218.92.148 - malware 157.240.215.35 198.13.62.186 - suspicious	3	4	17.6	M	34	ZeroCERT

44814	2021-06-04 12:10	file31s.exe 6a763fac0951021be4b351dddf62bb1d PWS .NET framework BitCoin AntiDebug AntiVM PE File .NET EXE PE32 MSOffice File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted RWX flags setting unpack itself Windows utilities Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	5 Keyword trend analysis	7	3		12.8	M	27	ZeroCERT

44815	2021-06-04 12:09	0b1.exe e7287f303c0b70b8f23c67c962a84f81 AsyncRAT backdoor PWS .NET framework PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows utilities Check virtual network interfaces suspicious process Tofsee Windows DNS	1 Keyword trend analysis	8	1		10.0	M	43	ZeroCERT

44816	2021-06-04 12:09	Invoice.exe 6d9d41b8c7b2019d513c52822c6b7a91 PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Anti_VM Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key					8.8		20	ZeroCERT

44817	2021-06-04 12:09	tesy.scr 12b686d6b88ab3ece8f2cc13fed9cd91 PE File PE32 DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	4	5		9.6	M	12	ZeroCERT

44818	2021-06-04 11:43	lv.exe 227da511d6e03d33bb9e1cbf18f957c8 Generic Malware Malicious Packer Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows crashed					3.2	M	34	ZeroCERT

44819	2021-06-04 11:42	file.exe ec250b7fcf58aae6f996e3ad512ac6c8 Generic Malware Malicious Packer Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows DNS crashed					3.2	M	29	ZeroCERT

44820	2021-06-04 11:42	lv.exe 63d15d5090f05f893dddb0cfed1ffeb7 Gen1 Gen2 Generic Malware Malicious Packer Malicious Library PE File PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder Windows DNS crashed		1			4.2	M	31	ZeroCERT