Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9451	2021-06-28 09:24	newklip.exe 4c5c64ef5b3f94f1cafd072f1989fbc7 RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key					9.4		25	ZeroCERT

9452	2021-06-28 09:29	document.xlsm d28b88bb3820849bf9a7bdc3274d021d MSOffice File unpack itself DNS					1.8			ZeroCERT

9453	2021-06-28 18:02	file.exe 0f4373a2198c5c3f6c551271ce7c2131 UPX Malicious Library OS Processor Check PE32 PE File PDB unpack itself Windows Remote Code Execution crashed					2.0			ZeroCERT

9454	2021-06-28 18:02	lv.exe d6b881d9850c06b8a003079c7f6c0727 Darkside Ransomware Cobalt Strike Gen1 Gen2 UPX Malicious Library DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows DNS crashed		1			8.4		36	ZeroCERT

9455	2021-06-28 18:11	vshosts.exe fa0b6d3c4c059a046944771a8d6fe7ca PE32 PE File VirusTotal Malware suspicious privilege unpack itself Windows DNS keylogger		1			6.6		15	ZeroCERT

9456	2021-06-28 18:11	chromium_.exe 8f584186277856e76a67c56cd018ae24 PWS .NET framework BitCoin Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	2		12.4		36	ZeroCERT

9457	2021-06-29 08:00	file.exe 1377082a9426aad3c55bcc506cdce14a PWS Loki[b] Loki[m] Generic Malware Malicious Library DNS Socket AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	1	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	1	13.8	M	20	ZeroCERT

9458	2021-06-29 08:03	new.xlsx da750029bfc8d0fd52d52b10812d8cfc Generic Malware MSOffice File Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Windows Exploit Advertising Google DNS DDNS crashed Downloader	5 Keyword trend analysis Info http://maizefucanism.hopto.org/new.exe - rule_id: 2194 http://maizefucanism.hopto.org/new.exe https://tttttt.me/hapikmalabar https://doc-0k-1c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/s35ld29ina6idkdjn1t1gk34h7rrdnv3/1624921275000/03218554075115761390/*/1V8t6cBYUxfu3nP2JKKKyCtxGO5SylImh?e=download https://drive.google.com/uc?export=download&id=1V8t6cBYUxfu3nP2JKKKyCtxGO5SylImh	8	5 Info ET POLICY DNS Query to DynDNS Domain *.hopto .org SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO HTTP Connection To DDNS Domain Hopto.org ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP	1	4.6		19	ZeroCERT

9459	2021-06-29 08:03	new.exe 5edcc4f8fb881b391e4eb258b6422fdb PE32 PE File VirusTotal Malware					0.8		23	ZeroCERT

9460	2021-06-29 08:05	file.xlsx cf1b7323f6f45ba667b189db9ff26142 Generic Malware MSOffice File LokiBot Malware download VirusTotal Malware c&c Malicious Traffic exploit crash unpack itself Windows Exploit DNS DDNS crashed	2 Keyword trend analysis	4	9 Info ET POLICY DNS Query to DynDNS Domain *.hopto .org ET INFO HTTP Connection To DDNS Domain Hopto.org ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	1	4.8	M	22	ZeroCERT

9461	2021-06-29 08:43	NVIDIA GeForce Experience.exe 78a1d9be6624b35fed084b91dc08fbbc PE64 OS Processor Check PE File PDB Remote Code Execution					0.6			guest

9462	2021-06-29 09:20	qwhIiV32COOeqWb.exe a010180ec459f5a24c4840eed0459b99 Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed					10.8		16	ZeroCERT

9463	2021-06-29 09:23	lv.exe d276b0774108e48fa5b544e11f55d5ac Gen1 Gen2 UPX Malicious Library DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM PE32 PE File OS P VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows DNS crashed		1			8.6		43	ZeroCERT

9464	2021-06-29 09:24	2.txt.ps1 84ae8a56c14f7ac3db8439067dfe6812 Anti_VM Antivirus AntiDebug AntiVM GIF Format Malware download njRAT VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows ComputerName DNS DDNS crashed		2	2		10.6		5	ZeroCERT

9465	2021-06-29 09:27	filename.exe fc923a62cc83baa86387b3bb92fcb5ed Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself Windows Remote Code Execution DNS crashed		1			3.4		23	ZeroCERT