Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
45871	2021-04-29 10:44	kellyx.exe d6593adf011c7683f63a0a4cd86b44f4 AsyncRAT backdoor SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis Info http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-7B3CB491E69F14DD03AE67C19E9537DE.html - rule_id: 1176 http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-5EFD3570C629C1296C13C331574DEE53.html - rule_id: 1176	2	1	2	14.4	M	15	ZeroCERT

45872	2021-04-29 10:38	IMG_850_007_630.exe 378c246b3278f0343eb02a5f6dd63263 AgentTesla AsyncRAT backdoor Gen1 AntiDebug AntiVM PE File PE32 .NET EXE JPEG Format DLL OS Processor Check Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Phishing Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization installed browsers check OskiStealer Stealer Windows Browser Email ComputerName DNS Cryptographic key crashed Password	9 Keyword trend analysis	2	5 Info ET POLICY Data POST to an image file (jpg) ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) ET HUNTING HTTP POST to XYZ TLD Containing Pass - Possible Phishing		17.0	M	18	ZeroCERT

45873	2021-04-29 10:36	hATsvlnsX4Ox4qP.exe 0a719c4a0920d961681bb1bf298f20cb PWS .NET framework AsyncRAT backdoor Malicious Library PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key crashed					3.0	M	23	ZeroCERT

45874	2021-04-29 10:35	PUKfyFHG2AWXj1W.exe 1c24719aaa1f1a844cda4bc2ae526f89 PWS .NET framework AsyncRAT backdoor Malicious Library PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key		1			2.8	M	22	ZeroCERT

45875	2021-04-29 10:33	IMG_0501_765_013.exe 716e89179126809cc5a4b476a03dda11 AgentTesla AsyncRAT backdoor Gen1 AntiDebug AntiVM PE File PE32 .NET EXE DLL OS Processor Check JPEG Format Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization installed browsers check OskiStealer Stealer Windows Browser Email ComputerName DNS Cryptographic key crashed Password	9 Keyword trend analysis	1	5 Info ET POLICY Data POST to an image file (jpg) ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)		17.4	M	19	ZeroCERT

45876	2021-04-29 10:33	mnesotta.exe 88d1770a52e372a6bfa4526406701e60 AsyncRAT backdoor Malicious Library PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows Cryptographic key					5.0		13	ZeroCERT

45877	2021-04-29 10:32	smartpc.exe 51ef8f866755aeade1626e3c14b8ec21 Antivirus PE File PE32 OS Processor Check VirusTotal Malware powershell AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key DDNS		2	1		11.4	M	23	ZeroCERT

45878	2021-04-29 10:31	vbc.exe 52b2d5053a85993dd987973c80489356 Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName Cryptographic key crashed					9.6	M	34	ZeroCERT

45879	2021-04-29 10:29	FPI_0485010214.exe 00bc3f04139ef508d1b9908f5664ded3 AgentTesla AsyncRAT backdoor SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4		8.8	M	33	ZeroCERT

45880	2021-04-29 10:03	FLP_5012_306_171.exe a746c90dae245470777071a6c41dea07 KeyBase AgentTesla Gen1 AntiDebug AntiVM PE File PE32 .NET EXE DLL OS Processor Check JPEG Format Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Phishing Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Malicious Traffic Check memory WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check OskiStealer Stealer Windows Browser Email ComputerName Password	9 Keyword trend analysis	2	6 Info ET POLICY Data POST to an image file (jpg) ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2 ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) ET HUNTING HTTP POST to XYZ TLD Containing Pass - Possible Phishing		11.4	M	22	r0d

45881	2021-04-29 09:37	svch.exe 372f96b73c0ff71825a027aca714dc7b PWS Loki .NET framework AsyncRAT backdoor Malicious Library DNS Socket AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Trojan DNS Cryptographic key Software	1 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	12.8	M	23	조광섭

45882	2021-04-29 09:33	svch.exe 372f96b73c0ff71825a027aca714dc7b Socket PWS .NET framework Malicious Library AntiDebug AntiVM .NET EXE PE32 PE File DNS AsyncRAT backdoor Loki Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Trojan DNS Cryptographic key Software	1 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	12.8	M	23	조광섭

45883	2021-04-29 09:27	4.html a5b6964b3df390bbc68275fae8aacf51 AntiDebug AntiVM Antivirus VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process Windows ComputerName DNS Cryptographic key	3 Keyword trend analysis	2	1		12.2		15	ZeroCERT

45884	2021-04-29 09:24	svch.exe 372f96b73c0ff71825a027aca714dc7b Socket PWS .NET framework Malicious Library AntiDebug AntiVM .NET EXE PE32 PE File DNS AsyncRAT backdoor Loki Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName Trojan DNS Cryptographic key Software	1 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.8	M	23	조광섭

45885	2021-04-29 09:23	4.html a5b6964b3df390bbc68275fae8aacf51 VirusTotal Malware crashed					0.8		15	ZeroCERT