Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9151	2021-06-24 09:36	vbc.exe 357e95c47c4b8666b0fe33277a37f376 PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself Remote Code Execution crashed					3.0		41	ZeroCERT

9152	2021-06-24 09:37	wininit.exe 4bf8ae2c3571ff640b330e8c1597f28f PWS Loki[b] Loki[m] AsyncRAT backdoor .NET framework Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	1	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	1	14.8	M		ZeroCERT

9153	2021-06-24 09:38	nva.exe 4057325c09951e44b67ff0613a47bd97 Generic Malware DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Code injection Http API Internet API Steal credential ScreenShot Downloader P2P AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities WriteConsoleW Windows DNS DDNS crashed		2	1		10.4		39	ZeroCERT

9154	2021-06-24 09:39	Build.exe 4cbf838da15390d92f8adab776e440bf PE File PE32 VirusTotal Malware AutoRuns Check memory Windows DNS DDNS		2	1		5.0		66	ZeroCERT

9155	2021-06-24 09:39	3TRExkFGrlKGuTV8.txt.html c3b6ba282e363900c1f851a178e1ad0b VBScript PowerShell Obfuscated File VirusTotal Malware DNS crashed					1.4		13	ZeroCERT

9156	2021-06-24 09:42	Protected.exe c735ab1566d5ef0b24ab014db8852ea8 PE File PE32 VirusTotal Malware buffers extracted RWX flags setting unpack itself Windows Remote Code Execution crashed					3.6		37	ZeroCERT

9157	2021-06-24 09:42	csrss.exe 4a97041b159dda7634334d01619fac94 Generic Malware PE File PE32 VirusTotal Malware DNS					1.2		14	ZeroCERT

9158	2021-06-24 09:43	ipk.exe f17b3c3000d658c9b90ac9cace3b1ebf Malicious Packer PE File PE32 VirusTotal Malware RWX flags setting unpack itself crashed					2.2		50	ZeroCERT

9159	2021-06-24 09:46	vbc.exe fddbc5383fba3cf91507dc94f5270eae PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	3	1		13.4		35	ZeroCERT

9160	2021-06-24 09:46	New-Client.exe 7f6dae2e601ef2426f17d1e401be4ff9 AsyncRAT backdoor Generic Malware PE File .NET EXE PE32 GIF Format DLL .NET DLL VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder WriteConsoleW installed browsers check Windows Browser ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	1			12.2		42	ZeroCERT

9161	2021-06-24 09:47	new.exe 87874d44a956b5113c92d0f9c705ba65 Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed	3 Keyword trend analysis Info http://edgedl.me.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe https://update.googleapis.com/service/update2 https://update.googleapis.com/service/update2?cup2key=10:2687512598&cup2hreq=6021eb0becb6e1ae64015362e19c895d24b2ca46b17d88fe91121527a369a5d6	4	4		12.6		36	ZeroCERT

9162	2021-06-24 09:48	mbi.exe cc8b67bdd5abeb2b4fb8c6cdc990429c PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName Cryptographic key Software crashed					11.0		44	ZeroCERT

9163	2021-06-24 09:49	JyN.txt.html 9bfa44593d4ec1fbd06ee5051863ef7f VBScript PowerShell Obfuscated File Antivirus AntiDebug AntiVM powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName DNS Cryptographic key		1			7.2			ZeroCERT

9164	2021-06-24 09:50	AMD.exe a15b2ec99adc0f21b1ad7eb2eaa18ddf Generic Malware PE File PE64 MachineGuid Check memory Checks debugger unpack itself					1.4			ZeroCERT

9165	2021-06-24 09:51	08388E25.Png b53accbf466304e55d3abdda94c1fe5d MSOffice File VirusTotal Malware DNS					1.6		34	ZeroCERT