Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
49096	2021-02-01 23:24	vbc2.exe e0a35464c8997bf189d9de32563fa11b VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process AppData folder malicious URLs Windows	6 Keyword trend analysis Info http://www.weoneqa.com/eaud/?-Z=l4RSrSTvA7ZBDB3bFnvp5TuJb2qsc3WQSXs0AcdUbA2GCX19ShwUPxXYKxLqHnKfTob8UGrB&rZ=X48HRfqP http://www.putlocker2.site/eaud/ http://www.weoneqa.com/eaud/ http://www.pensionbackup.com/eaud/?-Z=WhMSavTyHOvE10sn7jXZ2zxDwiIZq0gTquvqJfSvKmtyQpKMFvyYAkki+71dbH2Nl6XhnONj&rZ=X48HRfqP http://www.putlocker2.site/eaud/?-Z=AVoJMHczv7t2NCxoE+I144p7NbX+tyrB4sHs6CGWopObE6oYIg1+WLgm8dresjrhTrO2D4kG&rZ=X48HRfqP http://www.pensionbackup.com/eaud/	11 Info www.putlocker2.site(185.53.177.13) www.pensionbackup.com(34.102.136.180) www.geraldreed.com(54.208.77.124) - mailcious www.gigashit.com() www.weoneqa.com(66.97.33.176) www.missfoxie.com(34.102.136.180) - mailcious www.realestatejewel.com() 185.53.177.13 - mailcious 34.102.136.180 - mailcious 66.97.33.176 54.208.77.124 - mailcious			12.0	M	7	ZeroCERT

49097	2021-02-01 23:23	winlog.exe f81ddb2074613d44e6ec49e156fef866 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs DNS	1 Keyword trend analysis	3			9.6	M	9	ZeroCERT

49098	2021-02-01 23:19	vbc.exe 5ca35c6d01a8ebcce0c2444ea6a7a55b VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs DNS	2 Keyword trend analysis	4			8.8	M	16	ZeroCERT

49099	2021-02-01 23:18	ugopx.scr 963e6283c7d4698f10614845807f8f0b VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces DNS	1 Keyword trend analysis	1		1	3.6	M	19	ZeroCERT

49100	2021-02-01 23:14	svchost2.exe abaf4a16881e4133a46eb7db1ad760c9 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		13.6	M	25	ZeroCERT

49101	2021-02-01 23:13	svchost.exe 2c463f7c03f8264a1b9ad8e9bc8721a7 VirusTotal Malware Check memory RWX flags setting unpack itself					1.6	M	15	ZeroCERT

49102	2021-02-01 23:01	regasm.exe 2c57c1290f030436fb3addefe840fe5a Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software		2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		13.6	M	24	ZeroCERT

49103	2021-02-01 23:00	Protected Client.vbs 816473174f6851458936b335d48f4d85 Browser Info Stealer VirusTotal Email Client Info Stealer Malware powershell Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI heapspray Creates shortcut Creates executable files ICMP traffic unpack itself Check virtual network interfaces suspicious process malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check installed browsers check Windows Java Browser Email ComputerName DNS Cryptographic key DDNS keylogger		6	2		21.0	M	7	ZeroCERT

49104	2021-02-01 22:48	OBAAA.exe bac9014a9ed1a27a92d6f13e3de236c1 Browser Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check human activity check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key crashed		1			16.4	M	27	ZeroCERT

49105	2021-02-01 22:48	pablox.scr 8097dd099b5b30cc949253b22c59aeb9 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	2 Keyword trend analysis	3	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2	1	13.0	M	3	ZeroCERT

49106	2021-02-01 22:37	new.exe fd11932ba1ac909889ecb291e5555d25 VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs human activity check Windows ComputerName DNS DDNS		3	1		11.2	M	22	guest

49107	2021-02-01 22:36	kingtroupz.scr 93c18a3630eb1cb922a3761c45ae6dc2 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed keylogger	1 Keyword trend analysis	1		1	14.4	M	15	guest

49108	2021-02-01 22:25	IMG_1660392.pdf.exe e7064208a3674a61a91b3dd886a1a503 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs VMware IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4		16.6	M	18	guest

49109	2021-02-01 22:25	is.exe 34effb36eea9746901723c2690bec3c7 VirusTotal Malware powershell AutoRuns suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName Cryptographic key		2	1		7.8	M	24	guest

49110	2021-02-01 22:11	document.doc 9e1772002f8791df8ccc8534c234e971 VirusTotal Malware Malicious Traffic ICMP traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed	14 Keyword trend analysis Info http://www.thedancehalo.com/bw82/ - rule_id: 174 http://www.thedancehalo.com/bw82/?GTgP=TJmBUVi76XvdedvdT4XTiNg0xow+eIDVhd+PvrNB1pQf64xZGmJKzxet+DQnJGM605l+3b5o&5j2=Ulq8E - rule_id: 174 http://www.ondemandbarbering.com/bw82/ http://www.activagebenefits.net/bw82/?GTgP=kkzs7wdmjdk7n45UjfiLHnYXY/z1ZZpbk/YksZMR2IH2vaFa+RYbCAbMSAFheW9HER5RLpU/&5j2=Ulq8E http://www.activagebenefits.net/bw82/ http://www.rizrvd.com/bw82/?GTgP=AJ+QNFfrOFbXfaBH3oQHABBFVni950JEMBOKAlzmtW9JOrHkbqbPArp20lyvTn0sGIZMgptI&5j2=Ulq8E - rule_id: 170 http://www.rizrvd.com/bw82/?GTgP=AJ+QNFfrOFbXfaBH3oQHABBFVni950JEMBOKAlzmtW9JOrHkbqbPArp20lyvTn0sGIZMgptI&5j2=Ulq8E http://www.ninasangtani.com/bw82/ http://3.34.179.142/deskopc/hkcmd.exe http://www.illfingers.com/bw82/?GTgP=oL6WGk535ShIMWn5X5nbn/aOUoaL8VsOPK21+5lbgTOaDrSYSQVH4Z9wRk26hxOpEjraHrRl&5j2=Ulq8E http://www.rizrvd.com/bw82/ - rule_id: 170 http://www.illfingers.com/bw82/ http://www.ninasangtani.com/bw82/?GTgP=93QlrcGOmhPsmOLgwQd5PEYiUPAOZQsvIL0jPQXRPmTWIMdxoi8MiiqiyXGvZznnQGjs4sZc&5j2=Ulq8E http://www.ondemandbarbering.com/bw82/?GTgP=/uLN5+r0nTwG6mTCqOKXvxUOX9d2FCRa7e+MtK6cN7T3OLj7ozaH392B6MC00J0ZZtqhoxnm&5j2=Ulq8E	13 Info www.illfingers.com(162.241.217.138) www.thedancehalo.com(34.102.136.180) - mailcious www.activagebenefits.net(34.102.136.180) www.healthyfifties.com(198.20.125.69) - mailcious www.rizrvd.com(34.102.136.180) - mailcious www.ondemandbarbering.com(182.50.132.242) www.blacksailus.com() www.ninasangtani.com(34.102.136.180) 162.241.217.138 34.102.136.180 - mailcious 182.50.132.242 - mailcious 198.20.125.69 - mailcious 3.34.179.142 - mailcious	5 Info ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4	6.4	M	25	guest

Submissions

e0a35464c8997bf189d9de32563fa11b

f81ddb2074613d44e6ec49e156fef866

5ca35c6d01a8ebcce0c2444ea6a7a55b

963e6283c7d4698f10614845807f8f0b

abaf4a16881e4133a46eb7db1ad760c9

2c463f7c03f8264a1b9ad8e9bc8721a7

2c57c1290f030436fb3addefe840fe5a

816473174f6851458936b335d48f4d85

bac9014a9ed1a27a92d6f13e3de236c1

8097dd099b5b30cc949253b22c59aeb9

fd11932ba1ac909889ecb291e5555d25

93c18a3630eb1cb922a3761c45ae6dc2

e7064208a3674a61a91b3dd886a1a503

34effb36eea9746901723c2690bec3c7

9e1772002f8791df8ccc8534c234e971

View

Insert

Alert