Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
7741	2021-04-29 16:23	cccc.dot a29a9ab928e578957fed4fb8c67b1e4d Malware download Vulnerability VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed Downloader	1 Keyword trend analysis	1	2		4.4	M	31	조광섭

7742	2021-04-29 22:21	download.blog 0e65369ce84e7693c3a2bad17fdc1a57 Gen2 PE File PE32 OS Processor Check VirusTotal Malware Check memory Creates executable files unpack itself AppData folder DNS crashed					3.6	M	18	ZeroCERT

7743	2021-04-29 22:21	Producto.exe 964bd83c36b8ec52a37dc9dc4b5a457e PWS .NET framework Malicious Packer SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName crashed					11.6	M	29	ZeroCERT

7744	2021-04-29 22:23	mena.exe 91e4eac5a3c25fa30d7fdce558515975 PWS .NET framework AsyncRAT backdoor Malicious Library PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows DNS Cryptographic key					3.6		4	ZeroCERT

7745	2021-04-29 22:23	vbc.exe 346cf0402aa3f87e686a16da0d73e419 PE File OS Processor Check PE32 VirusTotal Malware unpack itself					1.8	M	29	ZeroCERT

7746	2021-04-29 22:26	CleanApex.exe c58d5a146655600ac6ecfa5a779b437b Gen2 PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Malicious Traffic WMI Creates executable files Windows utilities AppData folder WriteConsoleW Tofsee Ransomware Windows ComputerName DNS	2 Keyword trend analysis	3	1		7.4	M	22	ZeroCERT

7747	2021-04-29 22:26	Cjedeld.exe 0c2525c34d612a6e6592c019032850e1 PWS .NET framework AgentTesla AsyncRAT backdoor SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4		7.4			ZeroCERT

7748	2021-04-29 22:28	download.blog 509ddf0357ba0d4a11f09629e068f9f1 PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder sandbox evasion					3.2	M	41	ZeroCERT

7749	2021-04-29 22:28	.......dot befeeec69e0be81ba319c172e8f266d5 AntiDebug AntiVM LokiBot Malware download VirusTotal Malware c&c MachineGuid Malicious Traffic exploit crash unpack itself Tofsee Windows Exploit Trojan DNS crashed Downloader	4 Keyword trend analysis Info http://amrp.tw/chud/gate.php http://edgedl.me.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe https://update.googleapis.com/service/update2 https://update.googleapis.com/service/update2?cup2key=10:933805276&cup2hreq=bc5bad2e07a349d21221961523b8f1e1a86b356488e544d0a74df69dc039814c	5	18 Info ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)		5.0	M	27	ZeroCERT

7750	2021-04-29 22:34	IMG_8401_302_1076.exe ef8bf0e0c08418ed74b33120185fd044 AgentTesla AsyncRAT backdoor Gen1 AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check JPEG Format Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization installed browsers check Tofsee OskiStealer Stealer Windows Browser Email ComputerName DNS Cryptographic key crashed Password	12 Keyword trend analysis Info http://205.185.120.57/3.jpg http://205.185.120.57/1.jpg http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe http://205.185.120.57/2.jpg http://205.185.120.57/6.jpg http://205.185.120.57/4.jpg http://205.185.120.57/7.jpg http://205.185.120.57/main.php http://r2---sn-3u-bh2z7.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=175.208.134.150&mm=28&mn=sn-3u-bh2z7&ms=nvh&mt=1619702178&mv=m&mvi=2&pl=18&shardbypass=yes http://205.185.120.57/5.jpg http://205.185.120.57/ https://update.googleapis.com/service/update2?cup2key=10:14166197&cup2hreq=20c1416b2a2f82aac11ca40fe5c42a5b84b2cf5a3833cc39ca852275cd0d3e53	4	6 Info ET POLICY Data POST to an image file (jpg) ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)		17.6	M	29	ZeroCERT

7751	2021-04-30 09:11	v.dot c9c4c73fb74dc85539d7cc51b2d2b9c6 AntiDebug AntiVM LokiBot Malware download VirusTotal Malware c&c MachineGuid Malicious Traffic Check memory exploit crash unpack itself Windows Exploit Trojan DNS crashed Downloader	2 Keyword trend analysis	3	16 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO DNS Query for Suspicious .ga Domain ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	5.2	M	25	ZeroCERT

7752	2021-04-30 09:12	986758_IUX.msi ea5b0a11238124c6fc78dd72a7bb2401 Gen2 OS Processor Check MSOffice File VirusTotal Malware DNS crashed					1.2		9	ZeroCERT

7753	2021-04-30 09:13	netmount.dll 3f3cb269876273534664a5d37118de14 PE File DLL PE32 Dridex TrickBot VirusTotal Malware suspicious privilege Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces Kovter ComputerName DNS crashed	1 Keyword trend analysis	4	3		5.8	M	24	ZeroCERT

7754	2021-04-30 09:15	vbc.exe 44fd8894c4e507cafa1c767995dd8927 PWS Loki .NET framework AsyncRAT backdoor Malicious Library DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName Trojan DNS Cryptographic key Software	1 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	14.6	M	7	ZeroCERT

7755	2021-04-30 09:17	tgixx.exe 318f4d702f97b8d7fbc1a1fddfab81ae Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs ComputerName DNS					9.2		5	ZeroCERT