Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
49246	2021-01-21 09:55	FastVD.exe 8f03ea5837f34733778418eb68134c34 VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs AntiVM_Disk VMware IP Check VM Disk Size Check Tofsee Windows DNS	6 Keyword trend analysis Info http://92.63.193.17/FastVDbuild.exe http://ipinfo.io/country http://ipinfo.io/ip https://script.google.com/macros/s/AKfycbyeDUociDSMjODhy_ZapM5zzyoJ3zrch9n5IUJeKIM3UQOEtZs/exec?ip=175.208.134.150&loc=KR&app=FastVD&payoutcents=0.75&ver=6 https://ipinfo.io/country https://ipqualityscore.com/api/json/ip/gp65l99h87k3l1g0owh8fr8v99dme/175.208.134.150	7	8 Info ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup ipinfo.io ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		8.6	M	38	ZeroCERT

49247	2021-01-21 09:55	figg.exe dfd545dbc01cac5d86f94dd0a3c8d675 Malware Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Checks Bios Detects VirtualBox Check virtual network interfaces malicious URLs VMware anti-virtualization Windows ComputerName DNS Cryptographic key Software		1			9.2	M		ZeroCERT

49248	2021-01-21 09:33	DR1.exe 67698483a208b58241acfcdbe9682f90 VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Checks Bios Detects VirtualBox Check virtual network interfaces malicious URLs VMware anti-virtualization Windows ComputerName DNS Cryptographic key Software crashed		1			10.4	M	35	ZeroCERT

49249	2021-01-21 09:33	effp.exe 1983ead6d04607d63ca056ec796fb87f VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Checks Bios Detects VirtualBox Check virtual network interfaces malicious URLs VMware anti-virtualization Windows ComputerName DNS Cryptographic key Software crashed		1			10.4	M	39	ZeroCERT

49250	2021-01-21 09:24	Crypto.exe 1e7b2831c2f3119aa5f38a3f0202bfc0 VirusTotal Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces AppData folder malicious URLs AntiVM_Disk sandbox evasion VMware IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key	21 Keyword trend analysis Info http://go.microsoft.com/fwlink/?LinkId=249118&clcid=0x409 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl http://ipinfo.io/country http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D http://www.cryptosignalpro.com/csignalpro_w3.exe http://r7---sn-3u-bh2lz.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe?cms_redirect=yes&mh=Sd&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lz&ms=nvh&mt=1611188182&mv=m&mvi=7&pl=18&shardbypass=yes http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSYagvY3tfizDNoybzVSPFZmSEm0wQUe2jOKarAF75JeuHlP9an90WPNTICEAUwi3asLhWylyD7Q5X2Xzg%3D http://ipinfo.io/ip http://redirector.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAtqs7A%2Bsan2xGCSaqjN%2FrM%3D http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA%2BoSQYV1wCgviF2%2FcXsbb0%3D http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl https://download.microsoft.com/download/1/E/3/1E3220BD-1D17-4EE7-8D7F-333422D1BA4B/enu_netfx/x64/windows6.1-kb958488-v6001-x64.msu https://script.google.com/macros/s/AKfycbyeDUociDSMjODhy_ZapM5zzyoJ3zrch9n5IUJeKIM3UQOEtZs/exec?ip=175.208.134.150&loc=KR&app=Crypto&payoutcents=0.60&ver=8 https://update.googleapis.com/service/update2?cup2key=10:1751551703&cup2hreq=c440df09b628af6fce456a6c3348a901a1ffebd2c23dfc142f156f62a74ce545 https://ipinfo.io/country https://ipqualityscore.com/api/json/ip/gp65l99h87k3l1g0owh8fr8v99dme/175.208.134.150	15 Info www.cryptosignalpro.com(45.67.231.196) ocsp.digicert.com(117.18.237.29) download.microsoft.com(23.40.44.112) r7---sn-3u-bh2lz.gvt1.com(59.18.45.210) ipinfo.io(216.239.34.21) script.google.com(172.217.175.238) ipqualityscore.com(172.67.72.12) 121.254.136.16 117.18.237.29 23.40.44.112 216.58.199.110 104.26.2.60 59.18.45.210 216.239.36.21 - suspicious 45.67.231.196	5 Info ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup ipinfo.io ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET POLICY PE EXE or DLL Windows file download HTTP		14.2	M	41	ZeroCERT

49251	2021-01-21 09:21	cj.exe f8bb59b31d3c499175097b82261b76c7 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName DNS		1			13.4	M	39	ZeroCERT

49252	2021-01-21 08:26	http://solicwebaps.azurewebsit... 3e1249e4d0b0b61d493da93139b9f3a4 Dridex VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed		2	5		5.0	M	22	ZeroCERT

49253	2021-01-20 18:32	AQW.exe 022d116c9e8cc50f7b3d837b69eef49a Browser Info Stealer VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious process malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check Windows Browser ComputerName DNS Cryptographic key crashed keylogger		2			16.0	M	21	ZeroCERT

49254	2021-01-20 18:32	CIC.exe 823f0fa14ac82cd2e7629ba0b49a7a04 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key crashed keylogger		2			14.8	M	19	ZeroCERT

49255	2021-01-20 18:11	Alex.exe 9a330e4e8d5854f48fc2cc07cc397108 VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder VMware IP Check Tofsee DNS crashed	4 Keyword trend analysis	4	4		5.6	M	42	ZeroCERT

49256	2021-01-20 18:11	admin.exe d64ae064a4fc5d008723a2d092d232e5 VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Checks Bios Detects VirtualBox Check virtual network interfaces malicious URLs VMware anti-virtualization Windows ComputerName DNS Cryptographic key Software	4 Keyword trend analysis	1			9.8		13	ZeroCERT

49257	2021-01-20 17:00	16.exe f14aa539774febdbb336e256eba3738c VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS crashed					14.2		15	ZeroCERT

49258	2021-01-20 16:58	67.exe 33781d32bd85d61f542cb3167631fb39 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName crashed					13.6	M	25	ZeroCERT

49259	2021-01-20 16:08	5555555555.jpg 1c50880c62efbe568b81db024fedd43f					0.2			guest

49260	2021-01-20 16:01	IMG_06176.pdf af5e99b838ae10dbc1e7cedc58413b06 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	15.0	M	25	guest

Submissions

8f03ea5837f34733778418eb68134c34

dfd545dbc01cac5d86f94dd0a3c8d675

67698483a208b58241acfcdbe9682f90

1983ead6d04607d63ca056ec796fb87f

1e7b2831c2f3119aa5f38a3f0202bfc0

f8bb59b31d3c499175097b82261b76c7

3e1249e4d0b0b61d493da93139b9f3a4

022d116c9e8cc50f7b3d837b69eef49a

823f0fa14ac82cd2e7629ba0b49a7a04

9a330e4e8d5854f48fc2cc07cc397108

d64ae064a4fc5d008723a2d092d232e5

f14aa539774febdbb336e256eba3738c

33781d32bd85d61f542cb3167631fb39

1c50880c62efbe568b81db024fedd43f

af5e99b838ae10dbc1e7cedc58413b06

View

Insert

Alert