Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
45646	2021-04-29 09:27	4.html a5b6964b3df390bbc68275fae8aacf51 AntiDebug AntiVM Antivirus VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process Windows ComputerName DNS Cryptographic key	3 Keyword trend analysis	2	1		12.2		15	ZeroCERT

45647	2021-04-29 09:24	svch.exe 372f96b73c0ff71825a027aca714dc7b Socket PWS .NET framework Malicious Library AntiDebug AntiVM .NET EXE PE32 PE File DNS AsyncRAT backdoor Loki Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName Trojan DNS Cryptographic key Software	1 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.8	M	23	조광섭

45648	2021-04-29 09:23	4.html a5b6964b3df390bbc68275fae8aacf51 VirusTotal Malware crashed					0.8		15	ZeroCERT

45649	2021-04-29 09:05	6fsjd89gdsug.exe 77be0dd6570301acac3634801676b5d7 Ficker Stealer PE File PE32 Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency MachineGuid Check memory ICMP traffic Collect installed applications sandbox evasion anti-virtualization IP Check installed browsers check Ransomware Stealer Browser ComputerName DNS Software	1 Keyword trend analysis	4	3		9.4	M	56	ZeroCERT

45650	2021-04-29 09:04	FLP_5012_306_171.exe a746c90dae245470777071a6c41dea07 KeyBase AgentTesla Gen1 AntiDebug AntiVM PE File PE32 .NET EXE DLL OS Processor Check JPEG Format Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Phishing Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Malicious Traffic Check memory WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check OskiStealer Stealer Windows Browser Email ComputerName Password	9 Keyword trend analysis	2	6 Info ET POLICY Data POST to an image file (jpg) ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2 ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) ET HUNTING HTTP POST to XYZ TLD Containing Pass - Possible Phishing		12.0		22	ZeroCERT

45651	2021-04-29 09:03	AnnualReport.exe 7908cc9996b7423c766157d8119df254 Antivirus PE File PE32 OS Processor Check VirusTotal Malware powershell PDB suspicious privilege Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName RCE DNS Cryptographic key					7.0	M	27	ZeroCERT

45652	2021-04-29 07:30	m.dot b733cd69833b58ee8e56e8ca6212966b AntiDebug AntiVM Malware download Malware MachineGuid Malicious Traffic Check memory exploit crash unpack itself Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	1	6 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		4.0			ZeroCERT

45653	2021-04-29 07:27	chrome.exe 9a802cbec55102eee639f4f3034e452f Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Checks debugger buffers extracted exploit crash unpack itself malicious URLs Windows Exploit Cryptographic key crashed					10.4		21	ZeroCERT

45654	2021-04-29 07:27	vbc.exe 9644a199c0d74c2f223b042b93899333 Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS Cryptographic key crashed					11.4		21	ZeroCERT

45655	2021-04-29 07:19	Startup%20Host.exe 8b6cf8530332474edbdec4dd82292a02 PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself suspicious process WriteConsoleW Windows DNS Cryptographic key					3.6		14	ZeroCERT

45656	2021-04-28 18:31	IMG_88134.exe 4d0b19cd29e6c8ce724607b85771de8d AsyncRAT backdoor Antivirus AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications powershell.exe wrote Check virtual network interfaces suspicious process AppData folder sandbox evasion WriteConsoleW installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	4 Keyword trend analysis Info http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-935E964B23126C54BA3A2FFC8EA154CE.html - rule_id: 1176 http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-258E48939AFC85C28CC3028886F4A492.html - rule_id: 1176 http://45.14.115.62:5405// https://api.ip.sb/geoip	5	3	2	18.2	M	17	ZeroCERT

45657	2021-04-28 18:00	regasm.exe 4d1a1e438fee82fce40619bbb27f4209 PE File PE32 DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName Software		1			7.4	M	37	r0d

45658	2021-04-28 17:43	IvGRnMiDzgderQQteqNjNgKoIYqaLW... e301bc81ee1ef7a1bd3549865719d839 RTF File doc buffers extracted exploit crash unpack itself Exploit DNS crashed	3 Keyword trend analysis	2			3.2			ZeroCERT

45659	2021-04-28 17:42	IvGRnMiDzgderQQteqNjNgKoIYqaLW... 695774e0748701ddf713140c675003fe unpack itself					1.6			ZeroCERT

45660	2021-04-28 17:40	cccc.dot a29a9ab928e578957fed4fb8c67b1e4d AntiDebug AntiVM Malware download VirusTotal Malware MachineGuid Malicious Traffic Check memory exploit crash unpack itself Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	1	6 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.4	M	28	ZeroCERT