Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6436	2021-03-23 18:04	awo.exe 201f85fa5fa1c640a82426a1764fd481 Google Chrome User Data browser info stealer VirusTotal Malware Buffer PE AutoRuns Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious process Windows					10.6	M	17	ZeroCERT

6437	2021-03-23 18:04	regasm.exe 0e4438e0bfcf156fa295606c644f1dc1 Glupteba Malicious Library VirusTotal Malware PDB unpack itself Windows Remote Code Execution crashed					2.8	M	26	ZeroCERT

6438	2021-03-23 18:06	regasm.exe 1a1be53d670ccd09e6ec6826d2387980 Azorult .NET framework AsyncRAT backdoor Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		13.6	M	14	ZeroCERT

6439	2021-03-23 18:06	winlog.exe 77884e0a699626ff689e7517bbd56e9f Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files unpack itself AppData folder sandbox evasion installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	8 Info ET INFO Observed DNS Query to .biz TLD ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		8.8	M	24	ZeroCERT

6440	2021-03-23 18:06	winlog.exe 08a81bb421dcb799fec1b7832d27c0c3 VirusTotal Malware suspicious privilege Check memory Creates executable files unpack itself AppData folder sandbox evasion					3.6	M	19	ZeroCERT

6441	2021-03-23 18:08	regasm.exe 661c62fd911443183b7759e3109d27c7 Azorult .NET framework AsyncRAT backdoor Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	3	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response		13.8	M	20	ZeroCERT

6442	2021-03-23 18:10	e5lojgiow.tar 8abd17bb45aaf7ded8caa930b60d38ef Gen VirusTotal Malware PDB unpack itself DNS crashed					1.8	M	9	ZeroCERT

6443	2021-03-23 18:11	winlog.exe 33ce4f175c72082b303ebb2d9a2d69eb VirusTotal Malware suspicious privilege Check memory Creates executable files unpack itself AppData folder sandbox evasion					3.8	M	22	ZeroCERT

6444	2021-03-23 18:11	159.dll 9a56fc82eecf183305cd5149c8888765 Emotet Trickbot Gen VirusTotal Malware Checks debugger buffers extracted RWX flags setting unpack itself suspicious process Remote Code Execution					4.4	M	22	ZeroCERT

6445	2021-03-23 18:14	win32.exe 2016efd23d991477b03728e2013d9a8d Azorult .NET framework AsyncRAT backdoor Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		13.8	M	25	ZeroCERT

6446	2021-03-23 18:16	vbc.exe 8e99d7a6d0449a22e94330a4f6d2284d Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed					9.4	M	18	ZeroCERT

6447	2021-03-23 18:19	http://amenyan.zouri.jp/201907... 0c4b081b61a89b5a8914da12cefe15de VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		2	2		5.0	M	37	ZeroCERT

6448	2021-03-23 18:22	VZR.exe fc7c1d93d598a03632552cb838f466e1 Google Chrome User Data browser info stealer VirusTotal Malware Buffer PE AutoRuns Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious process Windows					10.6	M	17	ZeroCERT

6449	2021-03-23 18:25	158.dll 022e2c948003e42124c97687fac72f3a Emotet Trickbot Gen Dridex TrickBot VirusTotal Malware suspicious privilege Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself Check virtual network interfaces suspicious process Kovter ComputerName Remote Code Execution DNS crashed	1 Keyword trend analysis	4	2	1	6.6	M	7	ZeroCERT

6450	2021-03-23 18:30	vbc.exe 8e99d7a6d0449a22e94330a4f6d2284d Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					8.8	M	18	ZeroCERT