Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
6871	2023-12-01 10:41	11vsoiocw2.exe f16185080a8c12bc14de28c77c41c559 Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB unpack itself				2.0	M	37	ZeroCERT

6872	2023-11-30 17:01	soyaorjaga.exe 1abc02588884a0d1d0c29117da4c8969 AgentTesla Malicious Library Malicious Packer UPX PE32 PE File .NET EXE OS Name Check OS Memory Check OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS Software crashed		2	4	5.2		41	ZeroCERT

6873	2023-11-30 16:51	conhost.exe 249b4980b929e202ad6ccc95bbd455b2 Malicious Library UPX PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself crashed				2.8	M	49	ZeroCERT

6874	2023-11-30 16:32	setup294.exe 6cf975704d03f5ca810c254d104ce07f Malicious Library AntiDebug AntiVM PE32 PE File DLL Code Injection Check memory Checks debugger Creates executable files unpack itself AppData folder				3.8			ZeroCERT

6875	2023-11-30 14:40	Documento.txt.exe 1af7a2e45f20ad74e091fc976be0492e UPX PE32 PE File .NET EXE VirusTotal Malware Checks debugger unpack itself ComputerName DNS DDNS crashed		2	1	3.6		56	ZeroCERT

6876	2023-11-30 09:08	chungzx.doc 32df679e7f2b7ddb0fab5275e968c10d MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash unpack itself suspicious TLD Windows Exploit DNS DDNS crashed	1 Keyword trend analysis	4	7 Info ET DNS Query to a .top domain - Likely Hostile ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET INFO HTTP Request to a .top domain ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING Possible EXE Download From Suspicious TLD ET INFO DYNAMIC_DNS Query to a .duckdns .org Domain ET INFO DYNAMIC_DNS Query to .duckdns. Domain	5.6	M	31	ZeroCERT

6877	2023-11-30 09:06	1 45ae0455fdcb1ceb6e1d3eed8ba7ffaf Downloader UPX PE32 PE File VirusTotal Malware crashed				1.6	M	11	ZeroCERT

6878	2023-11-30 07:18	webplugin.exe 174a99ce7fd9e7cfe4634a0125a2ecb2 Emotet NSIS Malicious Library UPX PE32 PE File DLL OS Processor Check Lnk Format GIF Format VirusTotal Malware Check memory Creates shortcut Creates executable files unpack itself suspicious process				2.4	M	2	ZeroCERT

6879	2023-11-30 07:15	hjk.exe 95ee9a372c00b4fbb86fc4cab7af8739 Generic Malware Malicious Library UPX PWS SMTP DNS AntiDebug AntiVM PE File PE64 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key				8.4	M	36	ZeroCERT

6880	2023-11-30 07:13	B13zx.exe 93fcdbdc88b1331060cd070f569e3e93 LokiBot North Korea Socket PWS DNS AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs suspicious TLD installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	7 Info ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Fake 404 Response	13.6	M	51	ZeroCERT

6881	2023-11-30 07:11	987123.exe e2557e6dc21ccdfb9c2004f97fe03a57 Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware unpack itself Windows crashed				3.0	M	33	ZeroCERT

6882	2023-11-30 07:11	Usmgboc.exe 491310d10c0ea2d217c90a2403c20bea Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself				2.2	M	40	ZeroCERT

6883	2023-11-30 07:10	zackzx.exe 88b0c932e404501921d7e88757bf82b2 .NET framework(MSIL) PWS AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself AppData folder Browser	9 Keyword trend analysis Info http://www.sqlite.org/2022/sqlite-dll-win32-x86-3380000.zip http://www.book2110.com/q0a9/ http://www.myvicesweats.com/q0a9/ http://www.sqlite.org/2019/sqlite-dll-win32-x86-3290000.zip http://www.sqlite.org/2019/sqlite-dll-win32-x86-3300000.zip http://www.sqlite.org/2020/sqlite-dll-win32-x86-3310000.zip http://www.sqlite.org/2021/sqlite-dll-win32-x86-3350000.zip http://www.myvicesweats.com/q0a9/?fG-En0Op=kT8vlbrJQaLSvujwD2rol+kqiMKODeNAKEOKqANkU9lz+d5BqiEiaoGVwIaoM+gLIJg+RScmlk791V9THbL6+wui9MqSvATkHuM+9Ak=&Qv=i5Dux0HsBbADdlg http://www.book2110.com/q0a9/?fG-En0Op=QjSgibKxvwzbRlRnma6INToqY/OPeko/3dKfcNic3/5B/KT4XkCX2/nzPpQDDMhbwqZ20zjeQpT79mRAD0H5kn0tpP/D80jiM/oMjuU=&Qv=i5Dux0HsBbADdlg	8		12.2		30	ZeroCERT

6884	2023-11-30 07:09	eta.exe d96ad0c55fdda0eedebc56b4a2f1d3b8 Generic Malware Malicious Library UPX PWS SMTP DNS AntiDebug AntiVM PE File PE64 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key				7.8		36	ZeroCERT

6885	2023-11-30 00:39	libier_3402.pdf eaafeaa8f30f2eba91cdd62af7acdd1a PDF							guest