Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
5431	2021-02-25 14:09	winlog.exe 3687f254dea97e11b049d99739f4ade0 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		12.6	M	45	ZeroCERT

5432	2021-02-25 14:10	xxxx1_2021-02-16_11-51.exe 7fc4870a54a69a822f35e8649a4e4d1b VirusTotal Malware unpack itself malicious URLs DNS					3.4	M	57	ZeroCERT

5433	2021-02-25 14:18	0321.exe 6b77ec3dfa530f69ff49f06496232009 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Tofsee Windows DNS	1 Keyword trend analysis	3	1		12.0	M	30	ZeroCERT

5434	2021-02-25 14:18	angelx.exe 30f445bb737fd0200966f10b79ebc98a Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Disables Windows Security powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed keylogger	3 Keyword trend analysis	2		3	17.6	M	37	ZeroCERT

5435	2021-02-25 14:26	AroX3.txt.exe 4ef47260c033dd6fc7b0e4a744456209 VirusTotal Malware RWX flags setting unpack itself					1.4	M	17	ZeroCERT

5436	2021-02-25 14:27	eNwOl.txt.exe e18dbe57194dd717d54a907ba8e6d3e1 VirusTotal Malware RWX flags setting unpack itself DNS					2.6	M	20	ZeroCERT

5437	2021-02-25 14:30	hCazo.txt.exe 2724e3847ab9d043159c984a612d4173 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed					13.8	M	32	ZeroCERT

5438	2021-02-25 14:36	TFppy.txt.exe acfcbd916fa04787e4388b339592dd78 VirusTotal Malware RWX flags setting unpack itself					2.0	M	20	ZeroCERT

5439	2021-02-25 14:43	https://ifyouarebadtheniamyour... 1bbbe8c7df7d8f63cc120c38cfe90fbc VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	29 Keyword trend analysis Info https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png https://ifyouarebadtheniamyourdadheheue.blogspot.com/favicon.ico https://www.blogger.com/dyn-css/authorization.css?targetBlogID=5647531924926873169&zx=751864b0-8aeb-4422-bc29-2cad650a7144 https://www.google.com/css/maia.css https://fonts.googleapis.com/css?family=Open+Sans:300 https://www.blogger.com/static/v1/widgets/2473628150-widgets.js https://www.google-analytics.com/analytics.js https://ssl.gstatic.com/gb/images/p1_cfd8cf40.png https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff https://www.blogger.com/img/share_buttons_20_3.png https://www.blogger.com/static/v1/v-css/281434096-static_pages.css https://www.blogger.com/static/v1/widgets/3416767676-css_bundle_v2.css https://www.gstatic.com/og/_/js/k=og.qtm.en_US.Yi2_l953dwg.O/rt=j/m=q_d,qawd,qmd,qsd,qmutsd,qapid/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtb,qhtt/d=1/ed=1/rs=AA2YrTukMeXtxdl-OH9-2R7CQbBSwE70Hg https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff https://ifyouarebadtheniamyourdadheheue.blogspot.com/p/26-king-of-bec-13.html https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.GTg18L1Wqko.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_RJSdiavtoJQlz9JCcpOM9qnUIlw/cb=gapi.loaded_0 https://resources.blogblog.com/img/icon18_wrench_allbkg.png https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg https://fonts.googleapis.com/css?lang=ko&family=Product+Sans\|Roboto:400,700 https://www.blogger.com/img/blogger-logotype-color-black-1x.png https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://ifyouarebadtheniamyourdadheheue.blogspot.com/p/26-king-of-bec-13.html%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://ifyouarebadtheniamyourdadheheue.blogspot.com/p/26-king-of-bec-13.html%26bpli%3D1&passive=true&go=true https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js https://www.blogger.com/static/v1/jsbin/1277698886-ieretrofit.js https://www.gstatic.com/og/_/ss/k=og.qtm.9fiPLLb9DHE.L.I9.O/m=qawd,qmd/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtb,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTuULRmKUY2bL16zR_n7jbLALjZGXg https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fifyouarebadtheniamyourdadheheue.blogspot.com%2Fp%2F26-king-of-bec-13.html&bpli=1 https://resources.blogblog.com/img/icon18_edit_allbkg.gif https://www.blogger.com/blogin.g?blogspotURL=https://ifyouarebadtheniamyourdadheheue.blogspot.com/p/26-king-of-bec-13.html	21 Info ssl.gstatic.com(172.217.161.35) resources.blogblog.com(172.217.161.73) www.google.com(216.58.197.196) www.gstatic.com(172.217.24.131) fonts.googleapis.com(172.217.174.106) ifyouarebadtheniamyourdadheheue.blogspot.com(172.217.31.129) accounts.google.com(216.58.197.237) www.google-analytics.com(172.217.25.78) apis.google.com(172.217.27.78) fonts.gstatic.com(172.217.27.67) www.blogger.com(172.217.161.73) 172.217.161.174 - mailcious 216.58.197.99 172.217.25.3 216.58.200.67 216.58.221.233 172.217.174.196 172.217.161.138 172.217.24.201 216.58.220.205 172.217.161.129	2		5.0			ZeroCERT

5440	2021-02-25 14:44	6sfsgfsgqwert.exe 77be0dd6570301acac3634801676b5d7 VirusTotal Malware ICMP traffic IP Check	1 Keyword trend analysis	4	1		4.2	M	61	ZeroCERT

5441	2021-02-25 14:55	free_vbucks.exe a7bcf7ea8e9f3f36ebfb85b823e39d91 VirusTotal Malware Code Injection Check memory RWX flags setting exploit crash unpack itself Windows utilities suspicious process malicious URLs sandbox evasion WriteConsoleW Tofsee Windows Exploit DNS crashed	5 Keyword trend analysis Info https://i.ytimg.com/vi/f993kjNIR6I/default.jpg?sqp=-oaymwEECHQQQQ&rs=AMzJL3nwY3m4D0UF07kUn3YnYc5Y6K3_bA https://www.google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp https://www.google.co.ck/images/branding/searchlogo/1x/googlelogo_desk_heirloom_color_150x55dp.gif https://www.google.co.ck/favicon.ico https://www.gstatic.com/ui/v1/icons/mail/images/triangle.gif	9	1		8.2	M	59	ZeroCERT

5442	2021-02-25 15:04	Nod32.exe 245153c656b6482404938345df15b354 AutoRuns MachineGuid Check memory Checks debugger unpack itself Windows Cryptographic key crashed					2.6	M		ZeroCERT

5443	2021-02-25 15:05	invoice_4152112.doc 2c15d6b5dacee38f2b9d5bb1236f0bc3 Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed Downloader	2 Keyword trend analysis	1	6 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.4	M	33	ZeroCERT

5444	2021-02-25 15:06	notas.exe 5e144be1ef6e59108b2d597105e3b9ed Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Windows DNS Cryptographic key DDNS	4 Keyword trend analysis Info http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f http://coroloboxorozor.com/base/280009862BA5753050356BDB8F838381.html - rule_id: 288	4	1	1	9.8	M		ZeroCERT

5445	2021-02-25 15:08	setupgo.exe ad606bf50981d15cea3647d3d089128e VirusTotal Malware Windows crashed	2 Keyword trend analysis				2.8	M	38	ZeroCERT

First
Previous
361
362
363
364
365
366
367
368
369
370
Next
Last
Total : 48,352cnts

Submissions

3687f254dea97e11b049d99739f4ade0

7fc4870a54a69a822f35e8649a4e4d1b

6b77ec3dfa530f69ff49f06496232009

30f445bb737fd0200966f10b79ebc98a

4ef47260c033dd6fc7b0e4a744456209

e18dbe57194dd717d54a907ba8e6d3e1

2724e3847ab9d043159c984a612d4173

acfcbd916fa04787e4388b339592dd78

1bbbe8c7df7d8f63cc120c38cfe90fbc

77be0dd6570301acac3634801676b5d7

a7bcf7ea8e9f3f36ebfb85b823e39d91

245153c656b6482404938345df15b354

2c15d6b5dacee38f2b9d5bb1236f0bc3

5e144be1ef6e59108b2d597105e3b9ed

ad606bf50981d15cea3647d3d089128e

View

Insert

Alert