Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
9691	2023-10-11 07:52	ishost.exe f83a1ebac520b7deea9613aa2a7765c4 LokiBot .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS Software crashed		2	4	10.4	M	48	ZeroCERT

9692	2023-10-11 07:52	googluk.exe 07b8df6ee60cd20723ba20794e15d438 LokiBot .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS Software crashed		2	4	10.4	M	49	ZeroCERT

9693	2023-10-11 07:51	romankon2.1.exe f66044875f6dff90814d4b09be15bde7 NSIS Malicious Library UPX PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself	4 Keyword trend analysis Info http://www.seoulbeautytw.com/ge06/?cxlL6=Qc2b7R052BxaaIixZxZchyIrCtI6dOvdNg5lwCRd5bjXdsmVEtEF/rdDBYlFLrvTnx09Yrft&Tj=YBZ0 http://www.bowllywood.com/ge06/?cxlL6=uEJyp/LCRcqeyVkDqWXotAOO7ojlhdOeJwNXEXO62CdMmnp4nkE9E2jcl8Y9Q/hLDx6OjvQc&Tj=YBZ0 http://www.oneresi.com/ge06/?cxlL6=TxZz26qHBFBWLipdaFP8DXj847gFVWoG3E2dnld5pyULLNin+5TsGSuzug1CwjEl4T2LS/ZH&Tj=YBZ0 http://www.trailblazerbaby.com/ge06/?cxlL6=Vn36JpzNTKaSb0MTbSztLcrwH0nGOIWlPxp5C0tdRb7z35/kOAEpp28Rs4alwfkjtZwLX/a3&Tj=YBZ0	9	1	4.0	M	31	ZeroCERT

9694	2023-10-11 07:50	strim2.exe f43edef896d4995aa3c4b488bbc3dab2 UPX PE File PE64 OS Processor Check VirusTotal Malware Buffer PE MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key				3.4	M	23	ZeroCERT

9695	2023-10-11 06:49	build.exe 06aff89f42cf65991c1bbc67515786d1 Generic Malware Malicious Library UPX Malicious Packer PE File PE64 OS Processor Check VirusTotal Malware crashed				1.4		53	guest

9696	2023-10-11 01:52	deliver.exe 6d62f962f2d3fbb718452f1ee915d4d7 Generic Malware Malicious Library UPX Malicious Packer PE File PE64 OS Processor Check VirusTotal Malware PDB crashed				1.4		24	guest

9697	2023-10-11 01:41	invoice150.exe 4483a1b08653e49979c838757570e8d1 Emotet Gen1 Malicious Library UPX Anti_VM PE File PE32 ftp MZP Format OS Processor Check DLL PE64 VirusTotal Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself AppData folder sandbox evasion human activity check				5.2		23	guest

9698	2023-10-10 22:07	ac8077e64a8cd818f17039dd74c733... 8741a228fba24165aac6aac400aada40 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P Hide_URL AntiDebug AntiVM .NET DLL PE File DLL PE32 powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName Cryptographic key		2	2	9.8			guest

9699	2023-10-10 22:06	f8fc2445a9814ca8cf48a979bff7f1... a2b371eea0aee7cf57e23b5f0f4668c7 Suspicious_Script_Bin Malicious Library UPX Malicious Packer PE File PE64 VirusTotal Malware ICMP traffic WriteConsoleW DNS		1		5.0		55	guest

9700	2023-10-10 20:25	8600a593750580cee7240af4069685... 921aa3783644750890b9d30843253ec6 PE File PE32 VirusTotal Malware Checks debugger RWX flags setting ComputerName		6		5.0	M	57	guest

9701	2023-10-10 19:49	NMemo1Setp.exe f12aa4983f77ed85b3a618f7656807c2 Confuser .NET PE File PE32 .NET EXE VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Ransomware DNS		3	3	3.8	M	59	guest

9702	2023-10-10 18:46	ac8077e64a8cd818f17039dd74c733... 8741a228fba24165aac6aac400aada40 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P Hide_URL AntiDebug AntiVM .NET DLL PE File DLL PE32 powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	2	9.2			ZeroCERT

9703	2023-10-10 18:46	usrgroup.dat.dll 420a13202d271babc32bf8259cdaddf3 Malicious Library PE File DLL PE64 Checks debugger unpack itself				0.6			ZeroCERT

9704	2023-10-10 18:37	chrmap.exe e02a020b9184bc97405f337e6463fb8b Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check VirusTotal Malware				1.4		33	ZeroCERT

9705	2023-10-10 18:36	북한최고인민회의 결과.lnk cc96ba45dd2b6a6d7aa300d77e49c095 Generic Malware Downloader Antivirus HWP PS PostScript Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P Hide_URL AntiDebug AntiVM Lnk Format MSOffice VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	2	11.2		23	ZeroCERT