Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
49321	2021-01-16 15:33	cornflexE.gif.exe 3e86685246c1fdcc9eef8b95986ba4e4 VirusTotal Malware Code Injection buffers extracted unpack itself crashed				6.6	M	66	ZeroCERT

49322	2021-01-16 15:31	cornflexC.gif.exe bdd455b064413ee7e1997bd10daa4904 Emotet VirusTotal Malware Buffer PE Code Injection buffers extracted unpack itself malicious URLs DNS crashed				9.4	M	66	ZeroCERT

49323	2021-01-16 15:31	CIC.exe 8a16967ee620b6d50578ec90143e9b88 VirusTotal Malware Check memory Checks debugger unpack itself				1.6	M	20	ZeroCERT

49324	2021-01-15 18:33	winlog.exe beb98920d31800a1752f27dcc154ff02 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs DNS	6 Keyword trend analysis Info http://www.cinefil-i.com/oean/?b6=Rweb1caLz/c9Aot1SsU81YNDd0wmDx18b7soMP/Px6ceSU8ZfumpQ+cZEG8OWupBdhsig0Ai&C0D=_DKdKJa http://www.chefericcatering.com/oean/?b6=BkQQOE+C7f26WM0fJBG6QO1Uh6GGn4x08a55cC4t/m1dRVq8ukQ2Fo+HCooBiIhHcHtmXOeR&C0D=_DKdKJa http://www.snigglez.com/oean/?b6=GYyzbmMF0tR7gyQNcafW9wP1lXMPj8vGcxWMFR+vvP6yhOrv21yFlex2Lf9rnMvsYh60+tUR&C0D=_DKdKJa http://www.cinefil-i.com/oean/ http://www.snigglez.com/oean/ http://www.chefericcatering.com/oean/	9		11.6	M	30	ZeroCERT

49325	2021-01-15 18:33	AQW.exe 1ddb0d8d57a7c11399b348da4199331d Browser Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious process malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName Cryptographic key crashed keylogger		2		16.4	M	14	ZeroCERT

49326	2021-01-15 18:01	vbc.exe 0b8b3fa0c3fed86cd8760db8caae9c28 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName crashed				13.2	M	30	ZeroCERT

49327	2021-01-15 17:48	darwin64.bin 8397ea747d2ab50da4f876a36d673272 VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger Creates shortcut unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName	2 Keyword trend analysis	3		6.0		16	guest

49328	2021-01-15 17:47	refundwillbe.exe 6f4ccca93c6ca61b35630738010a0923 VirusTotal Malware unpack itself DNS				2.6	M	29	ZeroCERT

49329	2021-01-15 17:46	regasm.exe 60ed045b258cff113c07de91fc6e2913 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	12.4	M	16	ZeroCERT

49330	2021-01-15 17:31	PO-2048736.exe fa9b525ea5d6ae6a2118907dacd3317b VirusTotal Malware unpack itself				1.6	M	28	ZeroCERT

49331	2021-01-15 17:30	QPR-34002.exe adb1b41d38984d5872382275b23d7ca0 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs VMware IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	4	4	17.8	M	50	ZeroCERT

49332	2021-01-15 17:21	Order-20034832.exe 4c462e9b7843fa6258b6e90816952948 VirusTotal Malware unpack itself DNS				2.2	M	25	ZeroCERT

49333	2021-01-15 17:19	lokkk.jpg.exe f8938b5c44ddb8c25bf1c976a6d2b627 VirusTotal Malware AutoRuns suspicious privilege Check memory Checks debugger unpack itself Windows utilities suspicious process malicious URLs Windows Cryptographic key				6.8	M	32	ZeroCERT

49334	2021-01-15 17:16	invoice.exe 07d297371e6af555aa5ed31d423de4bc VirusTotal Malware unpack itself DNS				2.8	M	28	ZeroCERT

49335	2021-01-15 17:14	LO-06.exe a71b92a0262b4067b2da39ad1f39bef5 Browser Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key DDNS keylogger		2	1	19.6	M	55	ZeroCERT

Submissions

3e86685246c1fdcc9eef8b95986ba4e4

bdd455b064413ee7e1997bd10daa4904

8a16967ee620b6d50578ec90143e9b88

beb98920d31800a1752f27dcc154ff02

1ddb0d8d57a7c11399b348da4199331d

0b8b3fa0c3fed86cd8760db8caae9c28

8397ea747d2ab50da4f876a36d673272

6f4ccca93c6ca61b35630738010a0923

60ed045b258cff113c07de91fc6e2913

fa9b525ea5d6ae6a2118907dacd3317b

adb1b41d38984d5872382275b23d7ca0

4c462e9b7843fa6258b6e90816952948

f8938b5c44ddb8c25bf1c976a6d2b627

07d297371e6af555aa5ed31d423de4bc

a71b92a0262b4067b2da39ad1f39bef5

View

Insert

Alert