Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	Player
8896	2023-11-15 07:58	xin.exe 24420ef6433c1b0a907056208c3c12a6 Malicious Library Malicious Packer PE32 PE File Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		2	4	5.0		ZeroCERT

8897	2023-11-15 07:57	TrueCrypt_KSfcnd.exe ca18c2fc430d73758ee4b12f5108e413 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 crashed				0.2		ZeroCERT

8898	2023-11-15 07:56	netTimer.exe 457ba217e61453ff1dc2225ce50d9246 Malicious Packer UPX PE File PE64 suspicious privilege MachineGuid Check memory Checks debugger unpack itself anti-virtualization ComputerName Remote Code Execution				3.4	M	ZeroCERT

8899	2023-11-15 07:54	Soft.exe 7918013ae55de62f5e108342a464864c Malicious Library UPX PE32 PE File OS Processor Check unpack itself Windows crashed				1.6		ZeroCERT

8900	2023-11-15 07:53	wsclient.1.25.win.03.exe b27323c59498426807574a20824ac525 Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check PDB crashed				0.4	M	ZeroCERT

8901	2023-11-15 07:52	TrueCrypt_yhvFvl.exe 3490825682c943930ac5b7bc1802db73 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check crashed				0.2	M	ZeroCERT

8902	2023-11-15 07:51	audiodgse.exe a491f4dbb2e8aedd957e0f69b0562726 LokiBot .NET framework(MSIL) Socket PWS DNS AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk suspicious TLD VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	9 Info ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	12.6	M	ZeroCERT

8903	2023-11-15 07:50	217.exe a5e011229a460fe28b1d5de73ca405d6 Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check Browser Info Stealer Malware download Malware Cryptocurrency wallets Cryptocurrency Malicious Traffic Check memory buffers extracted Collect installed applications suspicious TLD sandbox evasion installed browsers check Ransomware Lumma Stealer Browser ComputerName Firmware DNS	1 Keyword trend analysis	2	4	6.6	M	ZeroCERT

8904	2023-11-15 07:49	london.exe 27137cb3cc5b6b3ef3a28ed8daf55ba7 Malicious Library Malicious Packer PE32 PE File Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5	5.4	M	ZeroCERT

8905	2023-11-15 07:48	Binary.exe fd7ba34260b053e342c996b2190ad23b Gen1 Malicious Library UPX Http API ScreenShot PWS HTTP Internet API AntiDebug AntiVM PE32 PE File OS Processor Check DLL Browser Info Stealer Malware download Malware RecordBreaker MachineGuid Code Injection Malicious Traffic Check memory buffers extracted Creates executable files unpack itself Collect installed applications AppData folder sandbox evasion installed browsers check Stealer Windows Browser DNS crashed	8 Keyword trend analysis Info http://195.20.16.35/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll http://195.20.16.35/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll http://195.20.16.35/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll http://195.20.16.35/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll http://195.20.16.35/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll http://195.20.16.35/066ef227bf519d5f8095e2246cd15509 http://195.20.16.35/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll http://195.20.16.35/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll	1	11 Info ET MALWARE Win32/RecordBreaker CnC Checkin M1 ET MALWARE Win32/RecordBreaker CnC Checkin - Server Response ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING Possible Generic Stealer Sending System Information	11.4	M	ZeroCERT

8906	2023-11-15 07:46	build.exe 2976287704476e6df68715c0d20754c1 Malicious Library UPX PE32 PE File OS Processor Check unpack itself Windows crashed				1.6		ZeroCERT

8907	2023-11-15 00:04	c7513589f3f2e02007be1301c2f08c... 31f840efbb9f5116f6bf1334c1fd55fd .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed		2	2	12.0	M	guest

8908	2023-11-14 17:33	Service_32.exe f353a6519b5c64d48f798d91e5235848 UPX Malicious Library Anti_VM AntiDebug AntiVM PE32 PE File .NET EXE OS Processor Check DLL PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder Windows Remote Code Execution Cryptographic key crashed				8.4	M	ZeroCERT

8909	2023-11-14 17:31	amdays.exe 1469e905f3ce6bd98f075df0293320b9 .NET framework(MSIL) UPX Http API HTTP Code injection Internet API AntiDebug AntiVM PE32 PE File .NET EXE Lnk Format GIF Format AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Windows ComputerName DNS		1		11.0	M	ZeroCERT

8910	2023-11-14 17:29	ma.exe 75ab3e51c23bdcbed0b3d61cfe34e115 Emotet Malicious Packer UPX PE File PE64 suspicious privilege MachineGuid Check memory Checks debugger unpack itself anti-virtualization ComputerName Remote Code Execution				3.8	M	ZeroCERT