Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
8176	2021-05-20 10:04	0519_2457254452195.doc 4680281474f5c31c4161ea107032b297 Gen1 Gen2 VBA_macro DNS Socket ScreenShot AntiDebug AntiVM OS Processor Check MSOffice File Browser Info Stealer Malware download FTP Client Info Stealer Vulnerability VirusTotal Malware Cryptocurrency wallets Cryptocurrency Buffer PE MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces suspicious process suspicious TLD sandbox evasion anti-virtualization IP Check installed browsers check Ransomware Stealer Windows Browser ComputerName DNS Software	6 Keyword trend analysis	11 Info hrowedinizoin.ru(2.56.10.123) - mailcious sweyblidian.com() - mailcious api.ipify.org(54.221.236.13) traverso.ru(8.211.5.232) - malware thotainizent.com(45.90.46.59) - mailcious 8.211.5.232 - malware 45.90.46.59 - mailcious 23.21.48.44 2.56.10.123 - mailcious 50.16.192.84 92.62.115.177	6	20.4	M	7	ZeroCERT

8177	2021-05-20 10:04	payload.exe 8d5a68faee4b8e327317a3d58e7c3cca AgentTesla AsyncRAT backdoor PWS .NET framework Malicious Library DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Code injection Http API Internet API Steal credential ScreenShot Downloader P2P AntiDebug AntiVM .NET EXE P Dridex TrickBot VirusTotal Malware AutoRuns Code Injection Windows utilities suspicious process AppData folder WriteConsoleW Kovter Windows ComputerName DNS		1	1	5.6	M	38	ZeroCERT

8178	2021-05-20 10:06	kqazroc.exe 5cc8b1a5e9ed0ffbed8544ff917c6e9a PE File PE32 DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	2	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	9.4		12	ZeroCERT

8179	2021-05-20 10:06	82fCjYVpb8ndb5x.exe afe68f9fb3208b55e2192245f14102d9 Malicious Library .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself DNS		1		2.8	M	23	ZeroCERT

8180	2021-05-20 10:08	jayx.exe 33cc3219480644582977bc9c7bf77d24 AsyncRAT backdoor PWS .NET framework Malicious Packer SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName Cryptographic key Software crashed keylogger				11.2	M	22	ZeroCERT

8181	2021-05-20 10:09	H2AymTOp.txt 6281865f1e7a60eca71ecce24d777c59 AsyncRAT backdoor PWS .NET framework DNS AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW human activity check Tofsee Windows ComputerName DNS DDNS	1 Keyword trend analysis	5	2	15.8	M	21	ZeroCERT

8182	2021-05-20 10:10	lc3em0zAh4dJV1c.exe 9f5894fc929c4c147d6ebb4c49c1447c NPKI PWS .NET framework Malicious Library .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key				2.8	M	23	ZeroCERT

8183	2021-05-20 10:11	filename.exe 16dedf6a7059fc1d1a76926e84072f5f Glupteba PE File OS Processor Check PE32 PDB unpack itself Windows Remote Code Execution crashed				2.2			ZeroCERT

8184	2021-05-20 10:12	k5dy7ow2EwylXhP.exe a1fbfc2302350826dd8fe8576b9db9cd PWS .NET framework Malicious Library .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key				2.8	M	23	ZeroCERT

8185	2021-05-20 10:13	damianox.exe bce8e13b13ee7afcce01c1b5d98b589a PWS .NET framework Malicious Packer SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed				9.2	M	42	ZeroCERT

8186	2021-05-20 10:15	223417.msi 625dacf1ae85f53efac9eb596c15edb5 MSOffice File PE File PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows utilities suspicious process AntiVM_Disk VM Disk Size Check human activity check Windows ComputerName				4.2	M	4	ZeroCERT

8187	2021-05-20 10:16	updatewin2.exe 996ba35165bb62473d2a6743a5200d45 PE File PE32 VirusTotal Malware unpack itself Windows Remote Code Execution DNS				3.8	M	60	ZeroCERT

8188	2021-05-20 10:17	wp.exe 38867e376e58b17041629a08476959fe PE64 PE File OS Processor Check VirusTotal Malware PDB RWX flags setting unpack itself DNS crashed				2.8	M	4	ZeroCERT

8189	2021-05-20 10:17	skyex.exe 319aa3ef09635ec5a3e4a34b11a532fc AsyncRAT backdoor PWS .NET framework SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed				9.2	M	43	ZeroCERT

8190	2021-05-20 10:19	8990321gc.msi 0f5eac65288c3f0f84902dbf9626585e MSOffice File PE File PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows utilities AntiVM_Disk VM Disk Size Check human activity check Windows ComputerName				3.8	M	8	ZeroCERT