Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
7951	2021-05-11 16:06	Zyuwyxqnp.exe 483606a3262dce394e4bfec106cc7557 PWS Loki[b] Loki[m] AsyncRAT backdoor DNS AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	13.6		27	ZeroCERT

7952	2021-05-11 16:08	Bskftg.exe b7bd6976002dbef357dee165fa37cdbc PWS Loki[b] Loki[m] AsyncRAT backdoor DNS AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	15.8		30	ZeroCERT

7953	2021-05-11 16:09	PLP_017542000.exe 217779bed934af71afc6c861f99ff065 PWS Loki[b] Loki[m] AsyncRAT backdoor DNS AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed		1		13.4		25	ZeroCERT

7954	2021-05-11 16:10	www.jpg 0f95ad208afee32bfaf13056a9ecbf11 AntiDebug AntiVM PE File PE32 VirusTotal Malware Code Injection unpack itself Windows utilities suspicious process AppData folder Windows DNS				6.4		30	ZeroCERT

7955	2021-05-11 16:11	fgmq.exe 355160860209999220faf31b76ba7a80 AsyncRAT backdoor AgentTesla SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName Cryptographic key crashed				9.4		20	ZeroCERT

7956	2021-05-11 16:55	cosmos.exe 810ae4ef26f40a3b18db460a7763bd8b AsyncRAT backdoor PWS .NET framework Malicious Library AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key				8.6	M	27	Kim.GS

7957	2021-05-11 17:09	www.jpg 0f95ad208afee32bfaf13056a9ecbf11 ASPack AntiDebug AntiVM PE File PE32 VirusTotal Malware Code Injection unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk VM Disk Size Check Windows				6.2	M	30	r0d

7958	2021-05-11 17:20	http://alshamaleh-ye.com/xplt/... 5f4725f701ced44640eaa5c979bc01a6 AgentTesla AsyncRAT backdoor PWS .NET framework Malicious Library DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed		2	3	5.2	M	11	Kim.GS

7959	2021-05-11 18:08	12_CNB_Programas_de_Becas-7021... daf77956a7cbbdb2a322a8bb64e6f2b7 Anti_VM AntiDebug AntiVM OS Processor Check PE File PE32 PE64 Browser Info Stealer VirusTotal Malware AutoRuns PDB MachineGuid Code Injection Checks debugger Creates executable files exploit crash unpack itself Windows utilities WriteConsoleW installed browsers check Windows Exploit Browser Remote Code Execution DNS crashed				9.6		32	ZeroCERT

7960	2021-05-12 09:19	RNtjhYOuSq68AdF.exe 97b253f75db04460e18db48d1fbe0185 AsyncRAT backdoor PWS .NET framework Malicious Library .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces Windows Cryptographic key				3.2		22	ZeroCERT

7961	2021-05-12 09:19	da.exe 9fdf605ce0358540d48502367e637b0a PWS .NET framework Malicious Library .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key				2.8		26	ZeroCERT

7962	2021-05-12 09:21	vbc.exe 4f5fa4a89f176b2ff7882895cf08bc0b PWS .NET framework Malicious Library AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key				7.4	M	21	ZeroCERT

7963	2021-05-12 09:22	oio.exe e997628c9a564e871b85c85014a22228 Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Disables Windows Security powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger				16.0		17	ZeroCERT

7964	2021-05-12 09:23	s.doc 3501b3b9d6892a91c8cf9b33c0a25967 RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed	1 Keyword trend analysis	1	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.0		27	ZeroCERT

7965	2021-05-12 09:24	kamix.exe 5dfa698be3649abe2f920e159b4d4b09 PWS .NET framework Malicious Packer AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself ComputerName DNS				7.6	M	21	ZeroCERT