Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8521	2021-06-03 21:04	maxfrnd.exe 5d740968b96798cd1db3fdd4d9b18427 PWS .NET framework SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4		14.6	M	44	ZeroCERT

8522	2021-06-03 21:05	4bd5e746e9329d8ab41a7d4fbbc91d... a4c547cfac944ad816edf7c54bb58c5c AsyncRAT backdoor Generic Malware PE File PE32 DLL .NET DLL GIF Format VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself AppData folder AntiVM_Disk sandbox evasion IP Check VM Disk Size Check	3 Keyword trend analysis	8	1	2	7.8	M	42	ZeroCERT

8523	2021-06-03 21:06	TT-3.exe 0b4ab2b8547d9d49b35788f9da74b439 AsyncRAT backdoor PE File PE64 VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself DNS					3.4	M	38	ZeroCERT

8524	2021-06-03 21:06	palemo.exe de6401f377f747f03e084396fc6de3b7 Admin Tool (Sysinternals Devolutions inc) Anti_VM Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself					7.0	M	5	ZeroCERT

8525	2021-06-03 21:08	nzex.exe 4a6d4f7e8a406a92228604f076758e22 AsyncRAT backdoor Malicious Packer SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger					11.8	M	21	ZeroCERT

8526	2021-06-03 21:09	moimoi.exe 46eadea2077db56d94566a6c8b7d45c2 AsyncRAT backdoor PWS .NET framework SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows ComputerName DNS crashed	1 Keyword trend analysis	3	1		11.4	M	20	ZeroCERT

8527	2021-06-03 21:11	vbc.exe c84c6557f6cf8e87f9830d5e7c6851f3 AsyncRAT backdoor PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Anti_VM Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed		1			9.6	M	11	ZeroCERT

8528	2021-06-03 21:11	ABCD.exe d534c439cb108c89522bb611a7aacbe4 AsyncRAT backdoor PE File .NET EXE PE32 VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces DNS	1 Keyword trend analysis	4	2		4.4	M	27	ZeroCERT

8529	2021-06-03 21:13	ZIMAGE_0285429243JPG.exe 884dbc27a793e0e380b7582ea98c178f AsyncRAT backdoor PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Anti_VM Malicious Library PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key					8.0	M	15	ZeroCERT

8530	2021-06-03 21:13	S-2.exe 4270337062dd7bc8bf4ccbe505a15256 AsyncRAT backdoor Antivirus PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process AppData folder Windows ComputerName Cryptographic key					6.0	M	47	ZeroCERT

8531	2021-06-03 21:15	skMdx992wfqPuLs.exe 846d357601d74fe9facba3c0ed069d40 PWS .NET framework Anti_VM Malicious Library PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows DNS Cryptographic key					3.2	M	26	ZeroCERT

8532	2021-06-03 21:16	vbc.exe d8a0e96605bf9ae5340d6c7e98b2bead PWS Loki[b] Loki[m] AsyncRAT backdoor .NET framework Admin Tool (Sysinternals Devolutions inc) Anti_VM Malicious Library DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Trojan DNS Cryptographic key Software	1 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	12.8	M	10	ZeroCERT

8533	2021-06-03 21:18	svchost.exe 37a1a7a4f9d11930d2d548ff9e0559fe PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself DNS		1			2.4	M	22	ZeroCERT

8534	2021-06-03 21:18	TT-4.exe 19295d360b9ca2678d757d87d9445a65 AsyncRAT backdoor PWS .NET framework Antivirus PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process AppData folder Windows ComputerName DNS Cryptographic key					6.4	M	37	ZeroCERT

8535	2021-06-03 21:20	america.exe 9de7dac414eb27813a810892a854d547 AsyncRAT backdoor PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Anti_VM Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					9.0	M	26	ZeroCERT