Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
7891	2021-05-05 20:28	KINO.exe 077fea37db6efe2491b3afe7e1813982 DNS AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key		2		13.6	M	19	ZeroCERT

7892	2021-05-05 20:30	build.exe 33783e52b9ba752622135e94ea7fe8c8 Glupteba OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself Windows DNS crashed				3.2	M	24	ZeroCERT

7893	2021-05-05 20:35	Cfzprazem.exe 98bd04ca5fb71ba249683cd17c47715d AsyncRAT backdoor PWS .NET framework AgentTesla AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Windows DNS Cryptographic key crashed	1 Keyword trend analysis	2		9.8	M	20	ZeroCERT

7894	2021-05-06 10:28	win32.exe 62c0acfc18a80a6132a3e8d8baacc90a PE File PE32 DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	1	1	7.4	M	37	r0d

7895	2021-05-06 10:31	win32.exe 62c0acfc18a80a6132a3e8d8baacc90a PE File PE32 DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName DNS Software		1	1	7.4	M	37	r0d

7896	2021-05-06 10:34	win32.exe 62c0acfc18a80a6132a3e8d8baacc90a PE File PE32 DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName DNS Software		1	1	7.4	M	37	r0d

7897	2021-05-06 10:38	invoice_996446.doc fecd086ea4879aa3e7b06eb1bcd0e102 RTF File doc LokiBot Malware download VirusTotal Malware c&c Malicious Traffic ICMP traffic exploit crash unpack itself Windows Exploit Trojan DNS crashed	3 Keyword trend analysis	6	11 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET HUNTING SUSPICIOUS winlog.exe in URI Probable Process Dump/Trojan Download ET POLICY PE EXE or DLL Windows file download HTTP	4.6		28	ZeroCERT

7898	2021-05-06 10:38	svchost.exe 1704d776125c307095920fe6e332f121 AsyncRAT backdoor PWS .NET framework Malicious Library SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself suspicious process Windows ComputerName DNS Cryptographic key				10.6	M	20	ZeroCERT

7899	2021-05-06 10:40	presentation.dll c54784a2a5c1b33fd4e29b63d39f7f17 Gen2 DLL OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself				1.6	M	37	ZeroCERT

7900	2021-05-06 10:40	rest.exe 96764a0a62e66a147a3d4db0e59a6e34 PE64 OS Processor Check PE File VirusTotal Malware unpack itself ComputerName Remote Code Execution DNS				3.0		8	ZeroCERT

7901	2021-05-06 10:42	Kvinolsz.exe d5c422ea212c924cf5d360500c87ab05 PWS Loki[b] Loki[m] AsyncRAT backdoor .NET framework AgentTesla DNS Socket AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory malicious URLs installed browsers check Browser Email ComputerName DNS Software	2 Keyword trend analysis	3	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2	8.2	M	21	ZeroCERT

7902	2021-05-06 10:42	scr.dll a48dc2da2655fd049e37e36fcda28fba DLL PE File PE32 JPEG Format VirusTotal Malware Malicious Traffic Checks debugger buffers extracted unpack itself DNS	1 Keyword trend analysis	1	1	4.0	M	36	ZeroCERT

7903	2021-05-06 10:44	wtkNa4Cs6HxepX8.exe 9941b30db8a7c185c5517e5d7431487c PWS .NET framework Malicious Library .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows Cryptographic key				2.2		13	ZeroCERT

7904	2021-05-06 10:47	sa.exe 0aecf41f923bf5cd728a670757af61ed AsyncRAT backdoor PWS .NET framework Malicious Library .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key				2.8	M	20	ZeroCERT

7905	2021-05-06 10:48	Dwmnrn.exe ff39cfda26bd410c078d509c552688c7 AsyncRAT backdoor PWS .NET framework AgentTesla SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Windows ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	2		11.4	M	32	ZeroCERT