Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
9031	2021-06-18 17:45	Nhin_cai_dit_me_may.txt.html 0054e362a98af79987efdb3945fdd54b Antivirus AntiDebug AntiVM powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process Tofsee Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	2	6.2	M		ZeroCERT

9032	2021-06-18 17:50	5.exe a9b0f21cb30e239e1f3af96eb376a0ba Generic Malware Malicious Packer PE File OS Processor Check PE32 PDB unpack itself Windows Remote Code Execution crashed				2.0	M		ZeroCERT

9033	2021-06-18 17:51	THyMIS5b5vbewxD36.exe 2ee14bf16671a7f8b4f76d6e7e5f2ce8 PWS .NET framework Admin Tool (Sysinternals etc ...) Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed				10.8	M		ZeroCERT

9034	2021-06-18 17:54	build.exe 2f2506f0d7f62f22018c3e69438b7ce0 Raccoon Stealer PE File OS Processor Check PE32 PDB unpack itself Windows crashed				2.2	M		ZeroCERT

9035	2021-06-18 17:57	SystemCrasher_ByDaniel.exe fe6bb808dff8cb1a8571a1a07dbafe89 DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM PE File PE64 MachineGuid Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName crashed				5.8	M		ZeroCERT

9036	2021-06-18 18:08	Betalingskopi.exe 5a7ce837df7e550836993a5a8c6ecc36 PWS Loki[b] Loki[m] AsyncRAT backdoor .NET framework Admin Tool (Sysinternals etc ...) Anti_VM Malicious Library DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .gq Domain ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious .gq domain ET INFO HTTP Request to a .gq domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	15.0	M	49	ZeroCERT

9037	2021-06-19 09:04	g63.exe 607a1510ce7946e7e5528dee9a6e6e2c Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows crashed				3.0	M	27	ZeroCERT

9038	2021-06-19 09:04	upservices.exe 5af71e2a08eed74f115e2b5d3ef4e570 PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows DNS crashed				3.6	M	26	ZeroCERT

9039	2021-06-19 09:06	KarLocker_exe.exe 688cba9c88f928b0cf854b43e97bec75 Antivirus PE File OS Processor Check PE32 GIF Format JPEG Format VirusTotal Malware AutoRuns Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Ransomware Windows Browser				7.0	M	45	ZeroCERT

9040	2021-06-19 09:09	d3 cb34374f1b5fb771076872c6b14b7501 PE File PE32 VirusTotal Malware PDB				1.0		13	ZeroCERT

9041	2021-06-19 10:01	kk.exe b557a14d15bdb2a1ec7da60784c61ffe Raccoon Stealer PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows crashed				3.4		43	ZeroCERT

9042	2021-06-19 10:02	lv.exe 80135410ab6846b7264a67e135530903 Gen1 Gen2 Malicious Library DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM PE File PE32 DLL OS P VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows DNS crashed		1		7.6		37	ZeroCERT

9043	2021-06-19 10:02	maaacccc..exe 0061d17ff54d214c5ea6867cb815caea AgentTesla email stealer browser info stealer Google Chrome User Data DNS Socket KeyLogger Code injection ScreenShot persistence AntiDebug AntiVM PE File OS Processor Check PE32 VirusTotal Malware AutoRuns PDB Code Injection Check memory buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows DNS		1		10.4		44	ZeroCERT

9044	2021-06-19 10:02	Pupdate.exe 84378601c313693fbd323d32c4ff677f Malicious Library PE File OS Processor Check PE32 PDB unpack itself Windows DNS crashed				2.8			ZeroCERT

9045	2021-06-19 10:07	hut.exe 4ccbe3a8fa850367d5efde685a350d80 Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library PE File PE32 VirusTotal Malware RWX flags setting unpack itself Tofsee crashed	1 Keyword trend analysis	2	1	3.6	M	43	r0d