Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9586	2021-07-02 09:36	oga.exe 37e21c11f2b7b0033ecac9dc3a5232f9 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed					11.8		24	ZeroCERT

9587	2021-07-02 09:39	ikk.exe fa8b123cffb8ae462baa3bdd34ef0f7f PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed					11.8		36	ZeroCERT

9588	2021-07-02 09:42	0701_925053238747.doc 46c447f115f1e12890ce8e671674feab VBA_macro MSOffice File Vulnerability unpack itself DNS		1			2.8			guest

9589	2021-07-02 09:44	0701_2075124003972.doc 61ca7555863b9f01846b4a40f8627eaf VBA_macro MSOffice File Vulnerability unpack itself DNS					2.8			guest

9590	2021-07-02 09:44	0701_2330124503268.doc 439e9c076e326a3178bc628621d44279 VBA_macro MSOffice File Vulnerability unpack itself					2.2			guest

9591	2021-07-02 09:46	0701_9265199910485.doc 2ffa40982d5f13feea4d74f2009b808a VBA_macro MSOffice File Vulnerability VirusTotal Malware unpack itself DNS					3.4		13	guest

9592	2021-07-02 09:52	vbc.exe 7ee94644f9d6a3a9e45266faf8c8c526 PWS Loki[b] Loki[m] .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) Antivirus DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 MSOffice File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	1	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	1	16.4	M	39	ZeroCERT

9593	2021-07-02 09:54	jojojoj.exe 84db6d6d5b5934bb849939080ad4287a PWS .NET framework Generic Malware PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key					7.6	M	16	ZeroCERT

9594	2021-07-02 09:58	bilions.exe 2f0d92842e695782e1e011d670ad5766 PWS .NET framework Generic Malware PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key					7.8	M	29	ZeroCERT

9595	2021-07-02 10:01	putty.exe 126f3325cc10d8f1789d078d20f86277 PWS .NET framework RAT Generic Malware Malicious Packer PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS Cryptographic key crashed					8.4	M	39	ZeroCERT

9596	2021-07-02 10:03	moooor.exe 9f54a650ca6d4838ac02ac5b2c9f247f PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed					11.4	M	21	ZeroCERT

9597	2021-07-02 10:04	father.exe 330cd800ae02945a12fa8e99e06724ef PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					10.8	M	13	ZeroCERT

9598	2021-07-02 10:06	palls.exe d46423f6dd4836ad292e54d3583bd4ed PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed					12.2	M	14	ZeroCERT

9599	2021-07-02 10:07	AppData.exe ab8c37489dc40216f3246179d4289bb5 AgentTesla browser info stealer Generic Malware Google Chrome User Data Socket Sniff Audio Escalate priviledges KeyLogger Code injection Internet API Downloader persistence DGA DNS Create Service HTTP FTP Http API Steal credential ScreenShot P2P AntiDebug VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities WriteConsoleW Windows Cryptographic key crashed					11.0	M	22	ZeroCERT

9600	2021-07-02 10:08	62_283cleaner.exe 51ce1318c71a5a1ab1ed2314390d08c8 PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder crashed					3.2	M	23	ZeroCERT