Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
46531	2020-09-09 09:16	eryjmw6yjw5.pdf.exe f75987ca78c9e1206c2c873f11020159 VirusTotal Malware Check memory unpack itself malicious URLs crashed				3.2		16	guest

46532	2020-09-09 09:12	sertbgewwt.gif.exe eb6c30c44f2281e7fe8aa01e5161d26b VirusTotal Malware unpack itself crashed				2.6		16	guest

46533	2020-09-08 18:22	md.exe 027cb4041c42ee1d56cd02830960fcc4 VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder malicious URLs crashed				3.4		13	guest

46534	2020-09-08 18:03	regasm.exe d6df44b5fcfe0451e9a30d1b31515f6f Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Trojan DNS Software	1 Keyword trend analysis	1	10 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	13.2		22	guest

46535	2020-09-08 15:39	presh.exe e740f5933346e9e3c1cd520dc40d3e39 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs				8.0		17	guest

46536	2020-09-08 15:38	ssfisjgniwerg.pdf.exe 150f42ff16bd2ae9895532a7be6284a1 VirusTotal Malware Check memory unpack itself malicious URLs crashed				3.2	M	15	guest

46537	2020-09-08 10:58	cars.gif.exe 8ba63bca1ee0583b8278dbf1eb38b4e4 Remote Code Execution				0.6			guest

46538	2020-09-08 09:01	racoon.exe 74aa2a6679d3b43a88e01078eab24e1a VirusTotal Malware unpack itself Remote Code Execution				2.2		23	guest

46539	2020-09-07 18:13	googlemap.exe dc4c40c4319c6503178e071707279c40 VirusTotal Malware Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName crashed				6.8		17	guest

46540	2020-09-07 15:41	Invoice.exe 01b18c1ec01a1341f043e6bb5fb4b968 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Collect installed applications AppData folder malicious URLs WriteConsoleW installed browsers check Tofsee Windows Browser DNS Software	2 Keyword trend analysis	1	1	15.8	M	30	guest

46541	2020-09-07 11:42	58506603.doc cfec52b8d80989c23a30a60b68b5dd45 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows Browser DNS	2 Keyword trend analysis	3	4	6.4	M	34	guest

46542	2020-09-07 11:39	RQDN6e8PhdV.exe 75a0acb14dfedc69f85a7e7dbb597db2 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Browser Advertising ComputerName Remote Code Execution DNS Cryptographic key	1 Keyword trend analysis	2	1	7.4		25	guest

46543	2020-09-07 11:12	invoice_124110.doc ea15e84815896ed7180041db61cb48eb Malware download VirusTotal Malware powershell Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed	1 Keyword trend analysis	1	6 Info ET INFO DYNAMIC_DNS Query to *.duckdns. Domain ET MALWARE Windows executable base64 encoded ET HUNTING EXE Base64 Encoded potential malware ET INFO PowerShell NoProfile Command Received In Powershell Stagers ET INFO PowerShell Hidden Window Command Common In Powershell Stagers M2 ET INFO PowerShell DownloadString Command Common In Powershell Stagers	5.2	M	24	guest

46544	2020-09-07 11:09	UNTITLED-20200905-L15317.doc e8c455b9d0a528d8e47a5fa5c949e368 Vulnerability VirusTotal Malware Malicious Traffic unpack itself Windows Browser DNS	2 Keyword trend analysis	2	5 Info ET POLICY HTTP traffic on port 443 (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP	4.2	M	33	guest

46545	2020-09-07 11:09	zero.exe 9773d366820d76e6702c6e94492caaa6 VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs human activity check Windows DNS Cryptographic key DDNS crashed		1	1	11.8		12	guest

Submissions

f75987ca78c9e1206c2c873f11020159

eb6c30c44f2281e7fe8aa01e5161d26b

027cb4041c42ee1d56cd02830960fcc4

d6df44b5fcfe0451e9a30d1b31515f6f

e740f5933346e9e3c1cd520dc40d3e39

150f42ff16bd2ae9895532a7be6284a1

8ba63bca1ee0583b8278dbf1eb38b4e4

74aa2a6679d3b43a88e01078eab24e1a

dc4c40c4319c6503178e071707279c40

01b18c1ec01a1341f043e6bb5fb4b968

cfec52b8d80989c23a30a60b68b5dd45

75a0acb14dfedc69f85a7e7dbb597db2

ea15e84815896ed7180041db61cb48eb

e8c455b9d0a528d8e47a5fa5c949e368

9773d366820d76e6702c6e94492caaa6

View

Insert

Alert