Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
6196	2021-03-19 08:24	mbena.exe e81cc62679b5e5aa3291b0168b271ee9 Azorult .NET framework VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed				9.4	M	18	ZeroCERT

6197	2021-03-19 08:26	ndena.exe d4b31689b01301f90ce578d418a74231 Azorult .NET framework VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows DNS Cryptographic key				5.6	M	18	ZeroCERT

6198	2021-03-19 09:26	4IM6UdbDirEU0hR.exe 5af713d1b395d4f6b4467f22643fb4c8 Azorult .NET framework Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4	13.0	M	25	ZeroCERT

6199	2021-03-19 09:28	55ec600e4e6500e080c5.doc d40ee9c8e2047bf8391d45ff1b067dda Vulnerability VirusTotal Malware Code Injection Check memory Creates executable files unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS		1		8.0	M	17	ZeroCERT

6200	2021-03-19 13:40	6gdwwv.exe 77be0dd6570301acac3634801676b5d7 Ficker Stealer VirusTotal Malware ICMP traffic malicious URLs IP Check	1 Keyword trend analysis	4	1	5.0	M	59	r0d

6201	2021-03-19 14:35	winlog.exe fcd3737d717fcf3402b9ed9f84eca28c Generic Malware Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software		1		11.6	M	32	r0d

6202	2021-03-19 14:39	cfsm.txt.exe 9ac835c38d4d0c6466e641427a2cf8f1 VirusTotal Malware DNS				2.6	M	57	ZeroCERT

6203	2021-03-19 14:39	bobbyx.exe 9798ba6199168e6d2cf205760ea683d1 Azorult .NET framework Generic Malware VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName Cryptographic key crashed				10.0	M	38	ZeroCERT

6204	2021-03-19 14:52	44273.4360444444.dat 334464d0b82e1d4a5de6669f0c98c055							ZeroCERT

6205	2021-03-19 14:53	IMG_150-76-13.pdf dd8a7c3bac724eac74d25c6a39535f9c Antivirus VirusTotal Malware powershell Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process Windows ComputerName Cryptographic key				9.0	M	32	ZeroCERT

6206	2021-03-19 14:54	44272.8138383102.dat a1c342d9ea0214e9e7b881a3b136f133 VirusTotal Malware				1.0	M	35	ZeroCERT

6207	2021-03-19 14:58	cred.dll 808900cf5256e33b7293ec630711e0c5 FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Malicious Traffic Check memory Checks debugger unpack itself Email DNS Software	1 Keyword trend analysis	1		6.2	M	48	ZeroCERT

6208	2021-03-19 15:00	ddd.exe 2ca2406431fbaf5befbf0de21509debe Azorult .NET framework Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Cryptographic key Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	14.0	M	39	ZeroCERT

6209	2021-03-19 15:03	IMG_150-76-13.pdf dd8a7c3bac724eac74d25c6a39535f9c Antivirus VirusTotal Malware powershell Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself powershell.exe wrote suspicious process malicious URLs Windows ComputerName Cryptographic key	3 Keyword trend analysis			9.4	M	32	ZeroCERT

6210	2021-03-19 15:08	44273.4360444444.dat 334464d0b82e1d4a5de6669f0c98c055 Gen IcedID Malware download Email Client Info Stealer Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs Tofsee Windows Email ComputerName DNS crashed	12 Keyword trend analysis Info http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f https://ugolkuzjaspace.website/news/8/1/0 https://lissikopopo.fun/news/18/255/0 https://lissikopopo.fun/news/4/2/0 https://lissikopopo.fun/news/1/255/0 https://ugolkuzjaspace.website/news/4/1/1 https://aws.amazon.com/ https://ugolkuzjaspace.website/news/4/3/1 https://ugolkuzjaspace.website/news/8/0/1 https://lissikopopo.fun/sqlite64.dll	7	3	8.4	M		ZeroCERT