Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	VT	Player
9361	2021-06-25 10:14	s%CE%BDchost.exe 91e2c066da101bdb8cbfae83d90a15cf AntiDebug AntiVM PE File PE32 VirusTotal Malware AutoRuns Code Injection Check memory unpack itself Windows utilities suspicious process AppData folder Windows DNS		1		6.4	57	ZeroCERT

9362	2021-06-25 10:15	AsyncClient.exe 3f7843c6317684b42bd6950e02b637a6 AsyncRAT backdoor PWS .NET framework Generic Malware Malicious Library DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Code injection Http API Internet API Steal credential ScreenShot Downloader P2P AntiDebug AntiVM PE Fi VirusTotal Malware AutoRuns Code Injection Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS				5.4	55	ZeroCERT

9363	2021-06-25 10:17	test.exe e106e3b19607ed2c2cb2af0ac5d1b27d PE File PE32 unpack itself DNS				2.4		ZeroCERT

9364	2021-06-25 10:17	askinstall36.exe 09b950f451b5ea82a536f2b9792f8bf8 Trojan_PWS_Stealer Gen2 NPKI BitCoin Credential User Data Generic Malware SQLite Cookie Anti_VM DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Code injection Http API Internet API Steal credential ScreenShot Downloader P Browser Info Stealer VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Checks debugger WMI Creates executable files exploit crash unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW installed browsers check Tofsee Windows Exploit Browser ComputerName Remote Code Execution crashed	4 Keyword trend analysis	8	1	11.8	51	ZeroCERT

9365	2021-06-25 10:19	%E5%AF%86%E7%A0%81%E4%BF%9D%E6... 93340c5fe915ca0a843a38fb9d993e25 PE File PE32 VirusTotal Malware Check memory RWX flags setting sandbox evasion Browser Remote Code Execution DNS		1		3.6	22	ZeroCERT

9366	2021-06-25 10:19	proxy-IRXC-setup.exe 2a862b1187df98c5bdc36dabb514987a Malicious Packer PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows Remote Code Execution crashed				3.0	33	ZeroCERT

9367	2021-06-25 10:20	dsx.exe 1813f48198029c592e139bcd5ffc2194 PWS Loki[b] Loki[m] Gen1 Gen2 Generic Malware DNS Socket HTTP KeyLogger Http API Internet API ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Azorult VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Ransomware Windows Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	2	2	17.6	19	ZeroCERT

9368	2021-06-25 10:21	jy72m463w.exe b84d62b104964c04d937afce6d694078 AsyncRAT backdoor Generic Malware PE File PE64 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself				2.4	36	ZeroCERT

9369	2021-06-25 10:22	IMG_1081007003xls.exe 103ef5b9b04a1bb72a1feb10997e0ef0 Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces VMware IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	4 Keyword trend analysis Info http://checkip.dyndns.org/ http://edgedl.me.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe https://freegeoip.app/xml/175.208.134.150 https://update.googleapis.com/service/update2?cup2key=10:4055680196&cup2hreq=d9206ac742333072eb5a29220e514dad6a7d269e08380c5c785bdaabca934e1b	7	4	10.6	35	ZeroCERT

9370	2021-06-25 10:23	linkutq.exe 2f2662e80f8ef6f6b34fc776e865965f PE File PE32 DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files unpack itself AppData folder sandbox evasion installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	9.2	41	ZeroCERT

9371	2021-06-25 10:25	nj.exe c2655295212060ebffe2e90b4f85e7fe Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE OS Processor Check PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Remote Code Execution				3.6	41	ZeroCERT

9372	2021-06-25 10:28	sfx_123_701.exe ef3a953c9b8c6e64271a8dc164b3455e DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM PE File OS Processor Check PE32 DLL VirusTotal Malware PDB suspicious privilege Code Injection Check memory WMI unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS		1		6.8	19	ZeroCERT

9373	2021-06-25 10:28	ware.exe 71c085131fc413fa18480971805a06c3 PWS .NET framework Ave Maria WARZONE RAT Generic Malware Antivirus AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed keylogger		2		16.2	47	ZeroCERT

9374	2021-06-25 10:29	bg-kuwo.com 15f6e8aa6806ad6f33d61195c69159c5 Malicious Packer PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows Remote Code Execution DNS crashed		1		3.4	27	ZeroCERT

9375	2021-06-25 10:30	SVBN2.exe ddc374b71d64ae7354127b3074c4a56f njRAT backdoor Generic Malware PE File .NET EXE PE32 Malware download njRAT VirusTotal Malware Checks debugger Creates executable files unpack itself WriteConsoleW DNS		1	1	3.4	57	ZeroCERT