Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9421	2021-06-25 15:29	download.aspx 465403a9d41d410ba34e029b0831f5d8 Gen1 Gen2 Emotet Generic Malware UPX Anti_VM ASPack OS Processor Check PE32 PE File DLL PE64 VirusTotal Malware Check memory buffers extracted WMI Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Windows ComputerName Remote Code Execution Firmware keylogger	1 Keyword trend analysis	2			7.2		13	ZeroCERT

9422	2021-06-25 17:57	doc75843.exe 765b1bb3690c9bacdfa38e18d788efbf PE32 PE File DLL FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself AppData folder DNS	5 Keyword trend analysis Info http://www.employeerelationships.com/bk2s/?GvIHh=dcjCEh6U4DG05TmrBIpig/weXqoRmmYqraj/720r9rrJCymvS/GI53YTvStHeY5pPKbLU/RG&TjPx=DVld22s0z http://www.festeringuncle.com/bk2s/?GvIHh=Qb5HWBMFA6UFKvja9tJUNmX2XizwcVqb3HYLuqbhAVeW9x/0+FsX1qcgjPTJOQT3x8z1BApP&TjPx=DVld22s0z http://www.platinumortho.net/bk2s/?GvIHh=P45cDY/oIgPiwv30dNsxlanwSnM83F/c7OYaOeP9n45pqzpfYSS6dxpapG9dw9/YEFt+/uf6&TjPx=DVld22s0z http://www.pemeroth.com/bk2s/?GvIHh=GDb36sDDKEmkr/XzzySS2pulrkx4ABgigOxBbij1Vs0CF/tMuPSs7pKiKX8WQ2ZP9TLrDc99&TjPx=DVld22s0z http://www.stainedglasshockessinde.com/bk2s/?GvIHh=cxiJxLkjyWZsbOBww6KRXkK88nBaN4xk1ZFGxJ6Yim0FRHKSsyrEsX1S0KwTxsxMQ32yo6Wi&TjPx=DVld22s0z	10 Info www.stainedglasshockessinde.com(100.24.208.97) www.platinumortho.net(162.241.24.164) www.festeringuncle.com(74.220.199.6) www.employeerelationships.com(3.223.115.185) www.pemeroth.com(172.67.152.124) 104.21.56.140 35.172.94.1 - phishing 74.220.199.6 - mailcious 3.223.115.185 - mailcious 162.241.24.164	1		4.8		20	ZeroCERT

9423	2021-06-25 18:18	b75k.msi c37a412f93afb56310b4d54d5d193d12 MSOffice File PE32 PE File VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows utilities AntiVM_Disk VM Disk Size Check Windows ComputerName					3.8		25	ZeroCERT

9424	2021-06-25 18:18	sai.msi 2220944d9985a6843374f41b835a9825 MSOffice File VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName DNS					4.2		26	ZeroCERT

9425	2021-06-25 18:21	r77o.msi 4ee86657631a3301348d222b5e8707ad MSOffice File PE32 PE File VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows utilities AntiVM_Disk VM Disk Size Check Windows ComputerName DNS	1 Keyword trend analysis	4			5.0		9	ZeroCERT

9426	2021-06-25 18:27	fileUS1.exe ca1a62feb27816580db61309ab443a61 RAT PWS .NET framework Generic Malware Anti_VM .NET EXE OS Processor Check PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	2 Keyword trend analysis	4	2		8.2		27	ZeroCERT

9427	2021-06-26 10:21	tasksmgr.exe fe72d7132c74d81c98dbd31543a00529 RAT PWS .NET framework Generic Malware Malicious Packer AntiDebug AntiVM .NET EXE PE32 PE File GIF Format Malware download njRAT VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS DDNS crashed		2	2		11.6		30	ZeroCERT

9428	2021-06-26 10:22	money.exe 67fa8a579c4b6fa26f6b39b63089631f Gen1 NPKI ScreenShot AntiDebug AntiVM PE32 PE File DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Check memory buffers extracted Creates executable files RWX flags setting unpack itself AppData folder WriteConsoleW Ransomware BitRAT Windows Browser Email ComputerName Software crashed keylogger Password		4	2		17.8	M	36	ZeroCERT

9429	2021-06-26 10:23	office.exe 8c6a35e37444863b7c0c82af127aa30d RAT PWS .NET framework Generic Malware Malicious Packer SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS crashed		1			12.2		26	ZeroCERT

9430	2021-06-26 10:24	excel.exe 608a964fa8429da12d23c71c5c88bbbc AgentTesla RAT PWS .NET framework browser info stealer Generic Malware Google Chrome User Data Malicious Packer Socket Sniff Audio Escalate priviledges KeyLogger Code injection Internet API Downloader persistence DGA DNS Create Service HTTP FTP Http API S VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS	1 Keyword trend analysis	5			15.0		26	ZeroCERT

9431	2021-06-26 10:26	wininit.exe c93242e49da5472c96ab4d38da2db2c7 PWS Loki[b] Loki[m] RAT .NET framework Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library DNS Socket AntiDebug AntiVM .NET EXE OS Processor Check PE32 PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	1	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2	1	13.4	M		ZeroCERT

9432	2021-06-26 10:28	chrome.exe bc04d972c194799efbfe868cc0638483 RAT PWS .NET framework Generic Malware Malicious Packer SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File suspicious privilege Code Injection Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows Exploit ComputerName crashed					12.6			ZeroCERT

9433	2021-06-26 10:30	adopepdf.exe f930fed502910c89267677b84e2ad7da Gen2 Emotet Gen1 Generic Malware NSIS Malicious Packer Anti_VM Admin Tool (Sysinternals etc ...) UPX KeyLogger ScreenShot AntiDebug AntiVM .NET EXE PE32 PE File OS Processor Check Browser Info Stealer VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder installed browsers check Windows Browser DNS	1 Keyword trend analysis	4			10.8		32	ZeroCERT

9434	2021-06-26 10:31	ooo.exe 906ba239b210353bc1b8d052af431f99 Generic Malware SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName DNS Cryptographic key Software crashed					12.6		44	ZeroCERT

9435	2021-06-26 10:31	last.exe 62c8f28baca7b69711b213e35d316173 Generic Malware SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed					10.0		39	ZeroCERT