Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
5641	2021-03-05 11:37	sraTest.exe def38804980edf083085e30baf5dc16d VirusTotal Malware RWX flags setting unpack itself ComputerName DNS		2			3.6	M	32	ZeroCERT

5642	2021-03-05 11:41	svchost.exe 1c71f6d147d7c03e9691d001bac6bb80 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself suspicious process malicious URLs installed browsers check Windows Browser Email ComputerName Cryptographic key Software		2			12.8	M	34	ZeroCERT

5643	2021-03-05 11:42	0d83482657508424b4030ad4448e22... 1dccdbffc01df7194e26c7c27ce90cb4 unpack itself Remote Code Execution DNS					2.6	M		ZeroCERT

5644	2021-03-05 12:13	5160f288a2be6fa683d27ea76ce771... 904cb4a566276ddef1a804f5d90c75ca VirusTotal Malware unpack itself Remote Code Execution					2.6	M	59	ZeroCERT

5645	2021-03-05 12:14	6jhfa478.exe 77be0dd6570301acac3634801676b5d7 VirusTotal Malware ICMP traffic IP Check DNS	1 Keyword trend analysis	4	1		4.8	M	61	ZeroCERT

5646	2021-03-05 13:33	ami.exe 5b6489c0cc8f742c33b862901bcc23de VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself					2.4	M	42	guest

5647	2021-03-05 13:34	Filess.pdf.exe 61d1a23ebeaa3b8a6333cd46566a7e96 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName DNS Cryptographic key crashed					10.4	M	21	guest

5648	2021-03-05 13:39	kinsing.exe 648effa354b3cbaad87b45f48d59c616 VirusTotal Malware malicious URLs crashed					2.4	M	34	ZeroCERT

5649	2021-03-05 13:39	MARBLE-SAMPLE-PICTURES.exe 81d474f480901c0244d0d90e88da15f4 Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection buffers extracted Creates executable files RWX flags setting unpack itself malicious URLs Tofsee Windows Remote Code Execution DNS	1 Keyword trend analysis	4	1		10.8		34	ZeroCERT

5650	2021-03-05 13:50	PI_1037_Scanned_0547.pdf.exe 37997ca39c9a900255366c354ca2ebbb VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs Tofsee Windows	1 Keyword trend analysis	3	1		8.4	M	21	ZeroCERT

5651	2021-03-05 13:51	PO_2287_Scanned.pdf.exe efa6aa4c9687bdefad45af4771bf5ad5 VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs Tofsee Windows DNS	1 Keyword trend analysis	3	1		13.6	M	26	ZeroCERT

5652	2021-03-05 13:57	svchost.exe 8f3da2526f1c19254cece8c5c85c196c Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself suspicious process malicious URLs installed browsers check Windows Browser Email ComputerName Cryptographic key Software		2			14.0	M		ZeroCERT

5653	2021-03-05 13:57	regasm.exe 0a8ff8379ea5957d89a01ea84130c372 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files AppData folder malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2	1	10.4	M	30	ZeroCERT

5654	2021-03-05 14:06	svchost2.exe 1bc0aef8b9b5c3687fa1a5cfca4d109a VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Checks Bios Detects VirtualBox suspicious process malicious URLs VMware anti-virtualization Windows ComputerName Cryptographic key Software					11.2	M	12	ZeroCERT

5655	2021-03-05 14:06	temp.dotm e4ad03ab0e9413febc470f5a5eaf86c3 Vulnerability VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself malicious URLs DNS		1			8.8	M	10	ZeroCERT

First
Previous
371
372
373
374
375
376
377
378
379
380
Next
Last
Total : 48,345cnts

Submissions

def38804980edf083085e30baf5dc16d

1c71f6d147d7c03e9691d001bac6bb80

1dccdbffc01df7194e26c7c27ce90cb4

904cb4a566276ddef1a804f5d90c75ca

77be0dd6570301acac3634801676b5d7

5b6489c0cc8f742c33b862901bcc23de

61d1a23ebeaa3b8a6333cd46566a7e96

648effa354b3cbaad87b45f48d59c616

81d474f480901c0244d0d90e88da15f4

37997ca39c9a900255366c354ca2ebbb

efa6aa4c9687bdefad45af4771bf5ad5

8f3da2526f1c19254cece8c5c85c196c

0a8ff8379ea5957d89a01ea84130c372

1bc0aef8b9b5c3687fa1a5cfca4d109a

e4ad03ab0e9413febc470f5a5eaf86c3

View

Insert

Alert