Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6676	2021-03-30 14:48	ORDER-656-2561981-4091274.zip 76cdb2bad9582d23c1f6f4d868218d6c								guest

6677	2021-03-30 15:56	requirement.txt 61c79da0f94843294be6de0a0f9f8501 Check memory unpack itself					1.0			조광섭

6678	2021-03-30 15:58	requirement.txt 61c79da0f94843294be6de0a0f9f8501 Check memory unpack itself DNS					1.6			조광섭

6679	2021-03-30 16:00	requirement.txt 61c79da0f94843294be6de0a0f9f8501 Check memory unpack itself					1.0			조광섭

6680	2021-03-30 16:00	requirement.txt 61c79da0f94843294be6de0a0f9f8501 Check memory unpack itself					1.0			조광섭

6681	2021-03-30 16:07	iexplore.exe c50eeb216ab9f7e9b375270426c4dfd6 Gen PDB Remote Code Execution					0.6			조광섭

6682	2021-03-30 16:08	requirement.txt 61c79da0f94843294be6de0a0f9f8501 Check memory unpack itself					1.0			조광섭

6683	2021-03-30 16:16	om.exe a5cef6534e6f1347419ce386ba477c3e Azorult .NET framework VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					8.4	M	12	조광섭

6684	2021-03-30 16:57	winlog.exe d178c14362d0e9f7f76cd0dd6c90ef2c Azorult .NET framework VirusTotal Malware Check memory Checks debugger unpack itself					2.4	M	50	조광섭

6685	2021-03-30 17:13	Practical3.exe 8819d7f8069d35e71902025d801b44dd Antivirus VirusTotal Malware PDB suspicious privilege Check memory WMI Windows utilities WriteConsoleW Windows ComputerName					5.0		48	guest

6686	2021-03-30 18:01	musteri.exe c64253856d7af67fb3a75fe2cfcffd09 VirusTotal Malware PDB Check memory RWX flags setting unpack itself					2.0		20	조광섭

6687	2021-03-30 18:21	ezmumkw.rar 72a78f73900f015106d45b1d1d6149fe Dridex TrickBot VirusTotal Malware PDB MachineGuid Malicious Traffic Checks debugger unpack itself Collect installed applications installed browsers check Kovter Browser ComputerName DNS crashed	1 Keyword trend analysis	1	1	1	5.4	M	9	ZeroCERT

6688	2021-03-30 18:22	winlog.exe f04d2a73e6cbfa7448cddc8a720e8b7d FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files ICMP traffic unpack itself AppData folder sandbox evasion DNS	18 Keyword trend analysis Info http://www.autobrehna.com/aqu2/ http://www.starr2021.com/aqu2/?9r4P-=FDSTiZqVi7tV49ht7ud1XtYEDVJDcY6JSxG6s2Z614q4ZNLNR7otPsG8VHEGh5rPl6zGokL3&EjU4Sz=fdMTVRIPcB http://www.biehnrecords.com/aqu2/ http://www.infinapisoft.com/aqu2/?9r4P-=SveQ6QzNEG+Ue0UwYIovIxfrG5axgatZLqXsvY6ElwpmK3TkDnNFzNvAGoEWYf/jIVOkNNG5&EjU4Sz=fdMTVRIPcB http://www.420vaca.com/aqu2/ http://www.duilian2013.com/aqu2/?9r4P-=5T8DNXyrvTvL3cvbCU8PV1xBAkBpMBooLRHVIm24TfVNXk1h2qJwczX0CVlXYEUDBsaTBuFr&EjU4Sz=fdMTVRIPcB http://www.autobrehna.com/aqu2/?9r4P-=wtLrPw5G3VNgAxvTFC+8Ts+SNzTM/uZNWocoEnFjjUI2fKD6Pab6SV03kGTmFfga64lrh9kx&EjU4Sz=fdMTVRIPcB http://www.dottproject.com/aqu2/ http://www.starr2021.com/aqu2/ http://www.dottproject.com/aqu2/?9r4P-=8qPweG0M789YemAnK98F/0dsoL0lvZuH4dsjV8cLixPNFImJmQS9PHFW6D+/m7Lk8jThFiV8&EjU4Sz=fdMTVRIPcB http://www.infinapisoft.com/aqu2/ http://www.playfulpainters.com/aqu2/?9r4P-=K5Kf6zcnOMGTDC2nOfN1gGfLaJuyFjl9HZYEWhqsekuFhK5NTINkzyKwNhoE1GWzMyDeLT6f&EjU4Sz=fdMTVRIPcB http://www.biehnrecords.com/aqu2/?9r4P-=Nog7saUOe31pChY/asrlCYsF2JarF3pmjxxHAraosre8RL+8bBQEPfty0402us1yMe8cuyAg&EjU4Sz=fdMTVRIPcB http://www.duilian2013.com/aqu2/ http://www.playfulpainters.com/aqu2/ http://www.billionaireblinggg.com/aqu2/?9r4P-=ezJe0KVdq3fVmDouUeAbH78G8ipTOR7GTRL6he53iD6u4cwHuna0YSy1Ma1OKRV6+VXtkBZ5&EjU4Sz=fdMTVRIPcB http://www.billionaireblinggg.com/aqu2/ http://www.420vaca.com/aqu2/?9r4P-=8Y6pPms9UfKezqwrIA4J0qFhxM8TaW5F1yAxNjmyXs8DMCT68aA9YDkaYQcQ9glKOSYhsy+X&EjU4Sz=fdMTVRIPcB	23 Info www.dottproject.com(91.195.240.94) www.nagoyadoori.xyz() www.biehnrecords.com(184.168.131.241) www.xn--2021-kmd.com() - mailcious www.urbanladder.info() www.infinapisoft.com(85.233.160.23) www.duilian2013.com(156.232.212.225) www.420vaca.com(64.190.62.111) www.starr2021.com(52.54.251.87) www.pdxcontracttracer.com() www.autobrehna.com(62.116.130.8) www.playfulpainters.com(34.102.136.180) www.printerpartsuk.com() www.billionaireblinggg.com(34.102.136.180) www.stone-master.info() - mailcious 91.195.240.94 - phishing 52.54.251.87 34.102.136.180 - mailcious 85.233.160.22 184.168.131.241 - mailcious 62.116.130.8 - mailcious 64.190.62.111 - mailcious 156.232.212.225	1		6.2		11	ZeroCERT

6689	2021-03-30 18:23	rh1trnt.rar 3479d48fef3fa742d91e84705ff4f882 Dridex TrickBot VirusTotal Malware PDB MachineGuid Malicious Traffic Checks debugger unpack itself Collect installed applications installed browsers check Kovter Browser ComputerName DNS crashed	1 Keyword trend analysis	1	1	1	5.4	M	8	ZeroCERT

6690	2021-03-30 18:23	vbc.exe 36f0d9fd3552d8cc6034d3be558568d4 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	9.4	M	7	ZeroCERT