Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
8161	2021-05-20 09:40	vzwawork.exe 6b56870f655d50a142e12e0d08f31894 PE File PE32 DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	9.0		7	ZeroCERT

8162	2021-05-20 09:40	rets.exe c344e0908b85d5fda0f5c51e815d977e PE64 PE File OS Processor Check VirusTotal Malware unpack itself ComputerName				1.8		6	ZeroCERT

8163	2021-05-20 09:42	cniuz61gAcm2VtT.exe f67d76897ad903441551d14d51df22df PWS .NET framework Malicious Library .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key				2.2		22	ZeroCERT

8164	2021-05-20 09:43	updatewin1.exe 5b4bd24d6240f467bfbc74803c9f15b0 PE File PE32 VirusTotal Malware unpack itself Windows Remote Code Execution DNS				3.8	M	51	ZeroCERT

8165	2021-05-20 09:44	terret.exe 25eb15c44373fbe160c8a8307a784b9f PE64 PE File VirusTotal Malware AutoRuns Check memory Creates executable files ICMP traffic unpack itself Windows utilities sandbox evasion Windows ComputerName DNS		1		7.4		22	ZeroCERT

8166	2021-05-20 09:45	JfN2LvqzjoDLylS.exe 7c99b74f8a7659f5c0a3013f463296af Malicious Library .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself				2.2		26	ZeroCERT

8167	2021-05-20 09:47	xcload.exe 5215dde464e1fbadbe4e7a59927a73b4 Malicious Library AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself DNS				7.8		14	ZeroCERT

8168	2021-05-20 09:47	dsd.exe a2514fac953de1e31ece31471716c852 Gen2 PE64 PE File OS Processor Check VirusTotal Malware PDB RWX flags setting unpack itself crashed				2.2		4	ZeroCERT

8169	2021-05-20 09:49	ChaosEnginev.vbe e6c1be365ba4762df1238cd678524e4b AntiDebug AntiVM VirusTotal Malware Code Injection unpack itself DNS crashed				3.6		24	ZeroCERT

8170	2021-05-20 09:49	FD1.exe 36f95f7e28e486ef9f48990e23a71ab0 Gen2 PE64 PE File OS Processor Check VirusTotal Malware PDB RWX flags setting unpack itself crashed				2.2	M	5	ZeroCERT

8171	2021-05-20 09:52	vbc.exe 7c66db0cfee1fa635e2b358a1110c893 AsyncRAT backdoor PWS .NET framework Malicious Library SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS crashed				9.4	M	21	ZeroCERT

8172	2021-05-20 09:54	hKB8FTiKlaekk3m.exe fa4d3d925791d3b46ac7bb09b643a256 AgentTesla AsyncRAT backdoor PWS .NET framework browser info stealer Malicious Library Google Chrome User Data DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Code injection Http API Internet API Steal credential ScreenSh VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities WriteConsoleW Windows DNS Cryptographic key				12.0	M	21	ZeroCERT

8173	2021-05-20 09:56	dsd.exe a2514fac953de1e31ece31471716c852 Gen2 PE64 PE File OS Processor Check VirusTotal Malware PDB RWX flags setting unpack itself DNS crashed				2.8	M	4	ZeroCERT

8174	2021-05-20 09:59	binbobbyx.exe af79da4c3ea7861340ecb21988915401 AsyncRAT backdoor PWS .NET framework Malicious Packer AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities AppData folder Windows DNS	4 Keyword trend analysis Info http://www.amercon.net/e2ci/ http://www.0713sun.com/e2ci/?TVg84P=zjR8DXapILM&q48HnNuH=mjXgAoGc9RiEdal923fYMsjwHVXgKiM9DTzs5kYNCd4TPCHNxR/c2ZF+kFqQgDCsM/ynEOPN http://www.amercon.net/e2ci/?TVg84P=zjR8DXapILM&q48HnNuH=JcnlCjkOOIBiQ/xfxAOFe67syMYooRlDgk8yaYfeSo2+mC+bu0GwiVI+/NZtw6qc0De33r3H http://www.0713sun.com/e2ci/	7	1	11.6	M	29	ZeroCERT

8175	2021-05-20 10:01	Delivery%20Order%2035933112.xl... 5c1384a9073d57a8dcd0321d3f6a712c VBA_macro MSOffice File VirusTotal Malware Checks debugger WMI unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName DNS crashed	3 Keyword trend analysis	4	2	8.0	M	23	ZeroCERT