Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9106	2021-06-22 18:14	prince_of_persia_P_v4_x64.exe b7605ff2f14efbd06844cc4473711fa9 AsyncRAT backdoor Generic Malware PE File PE64 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory buffers extracted unpack itself Windows utilities Check virtual network interfaces Tofsee Windows ComputerName DNS Cryptographic key	12 Keyword trend analysis Info https://nidhoggr.club/horatia/alpha/colorless/stealthy/evil/honoria/outnoise/collapsar/sneaky/39152ab9-6ffb-4b19-811e-e9538a897d93/?XU8IQz27epJ6sln https://nidhoggr.club/horatia/alpha/colorless/stealthy/evil/honoria/outnoise/collapsar/sneaky/7da76ce4-eabc-48f5-b3df-769296a4b738/?XU8IQz27epJ6sln https://nidhoggr.club/unnoised/strange?ballistic=greyish780990e3-289e-448e-9ae9-2674b0e3f3a2/?XU8IQz27epJ6sln https://nidhoggr.club/slither/overnoise/infiltrator/giulietta/collapsar/ https://nidhoggr.club/ultimate/giustina/collapsar/10f9ba50-c5d1-4e00-ab9e-541e6144061f/?XU8IQz27epJ6sln https://nidhoggr.club/ivie/soundless/Adelina/cheerless/gray/ivett?nameless=subrepticedcc4d3c3-0e97-40ed-98bc-e856a5c2f8ca/?XU8IQz27epJ6sln https://nidhoggr.club/undercover/atomic?hyacinthe=Gizelaff06fa1a-1992-43ef-9704-2913c9b2299e/?XU8IQz27epJ6sln https://nidhoggr.club/noiseproof/greyish/turbulent/turbulent/Hyacinthia/isabelle/Hildagard?glad=noisemakerd1cdbebf-220a-4726-87c6-1c3855c9c262/?XU8IQz27epJ6sln https://nidhoggr.club/anonymous/issie/nuclear/twilit/Iseabal/noiseful/bilious/glad/Sybil/Hyacinth/darkened?atomic=izabel5039d36f-1fe0-46d6-a3bc-d0d81257b6fe/?XU8IQz27epJ6sln https://nidhoggr.club/noised/noiseful/malicious/drab/unbeaten/shadow/1e58acfe-6387-4707-b70e-6e95181f902f/?XU8IQz27epJ6sln https://nidhoggr.club/noiselessly/crepuscular/winterly/metallic/antinoise/quiet/7326892f-c4f3-4728-9b5e-a22d33c3b139/?XU8IQz27epJ6sln https://nidhoggr.club/Gizela/unrecognized/noiselessly/colorless/nova?Odilia=janaya7312d3e3-fe83-4e36-a09f-2faea02ce400/?XU8IQz27epJ6sln	2	1		7.2		33	ZeroCERT

9107	2021-06-22 18:16	GetFile.exe da37656f71601d9b59eaf8a9618f4817 AsyncRAT backdoor PWS .NET framework Generic Malware PE File .NET EXE PE32 VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself ComputerName DNS crashed					3.4		12	guest

9108	2021-06-23 09:07	new.exe aadd62021160ebeee45e25c33977d9b3 Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library DNS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS		3			15.0		20	ZeroCERT

9109	2021-06-23 09:07	md1_1eaf.exe 0f3560389b1ca2df45c12958c4f1c58e VMProtect PE File PE32 VirusTotal Malware crashed					2.2		39	ZeroCERT

9110	2021-06-23 09:09	s.wbk 636c20db99ab89978c5318b23dd17424 RTF File doc AntiDebug AntiVM VirusTotal Malware MachineGuid Checks debugger exploit crash unpack itself Tofsee Exploit DNS crashed		2	2		4.2		31	ZeroCERT

9111	2021-06-23 09:09	ongod.exe 5013cd46f5bc64f2f91c2f1b26eff560 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					10.0		29	ZeroCERT

9112	2021-06-23 09:11	vbc.exe 018c822e08bf5da34aab3a73a614f3f5 AsyncRAT backdoor Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed					12.0		26	ZeroCERT

9113	2021-06-23 09:12	vbc-09.exe ff2e823d200a33909f4adaa63e41e5e9 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					10.2		30	ZeroCERT

9114	2021-06-23 09:14	new.xlsx 87b64dec6a53c93bde6a4e984e0d51c0 Generic Malware MSOffice File Malware download VirusTotal Malware exploit crash unpack itself Windows Exploit DNS DDNS crashed Downloader	1 Keyword trend analysis	5	4		5.6		20	ZeroCERT

9115	2021-06-23 09:14	wininit.exe ff5a7718e9f32b7332743f2b1b34d393 PWS Loki[b] Loki[m] AsyncRAT backdoor Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	1	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	1	15.2	M	23	ZeroCERT

9116	2021-06-23 09:16	OsB36TxkNFTkn1MKz.exe 61286518a4a98a17eb6f4e85391b3ee4 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					11.2		36	ZeroCERT

9117	2021-06-23 09:17	vbc-09.exe 4973f29c105dce3837d78fe291531f6b PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key crashed	11 Keyword trend analysis Info http://www.thesoulrevitalist.com/p2io/ - rule_id: 2157 http://www.trendbold.com/p2io/?jL0d00=ZJBXI2L0E8&hBZLH6X=YuHUVBROXCfg7aakNX6aejQt13LdGy2QNXOPqDJZQ0blgOG1Ou0e6o/Qymt+KddQAKm5B3Gq http://www.shopihy.com/p2io/?hBZLH6X=Ei6RqbmvJXwd1KhoWyb/BZtLNDk4B448l51n8Zz8P/g/u3IBdZc5bHR/QCXBboISRM182550&jL0d00=ZJBXI2L0E8 http://www.myfavbutik.com/p2io/ - rule_id: 1552 http://www.shopihy.com/p2io/ http://www.dmgt4m2g8y2uh.net/p2io/?jL0d00=ZJBXI2L0E8&hBZLH6X=QtqXFq7HS/X4MIE9GXms050Yi4WsLwGmbpvB1Cdjo9kEhb/cEuRUaHG+vgNP8VkCpLdNveMs - rule_id: 1571 http://www.trendbold.com/p2io/ http://www.myfavbutik.com/p2io/?hBZLH6X=dKp6rERBK113SD0GvHZ5ksFEU2G9ncFkpMVxqDe1xbP28bbT8N8SqFHc7ZWN2qvn1fWpyoOF&jL0d00=ZJBXI2L0E8 - rule_id: 1552 http://www.malcorinmobiliaria.com/p2io/ - rule_id: 1719 http://www.malcorinmobiliaria.com/p2io/?hBZLH6X=X0EtArFEUual2LrizL+JDvaaIJih4TPXrew0ftkRNgE5xhBEnMYnqlEM9Znbjzoaa6WF3j6b&jL0d00=ZJBXI2L0E8 - rule_id: 1719 http://www.thesoulrevitalist.com/p2io/?jL0d00=ZJBXI2L0E8&hBZLH6X=ywi4HDlC8ElSOMEyK6H+rd6B6cynTULkanOSXBUPYg06e2wPUHpv6wPun14JIO+5lIaxxIkr - rule_id: 2157	13 Info www.malcorinmobiliaria.com(160.121.176.84) www.shopihy.com(160.153.137.40) www.foxwaybrasil.com() - mailcious www.myfavbutik.com(172.67.161.4) www.trendbold.com(64.190.62.111) www.thesoulrevitalist.com(34.102.136.180) - mailcious www.dmgt4m2g8y2uh.net(103.120.12.5) 172.67.161.4 160.121.176.84 - mailcious 34.102.136.180 - mailcious 64.190.62.111 - mailcious 103.120.12.5 160.153.137.40 - mailcious	2	7	10.4	M	26	ZeroCERT

9118	2021-06-23 09:18	vbc.exe 7a6b5a0ec9d4c50b28100db6f480ec34 AsyncRAT backdoor Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows DNS Cryptographic key crashed					7.2		30	ZeroCERT

9119	2021-06-23 09:18	win32.exe e7ab6f20b9320cf5f2537f2e402bb106 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key		1			7.6		35	ZeroCERT

9120	2021-06-23 09:21	og8xVewoUaX18fJSZ.exe d2e8fb2414439f6059c18bc58144acb1 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed					12.0		27	ZeroCERT