Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9751	2021-07-07 11:15	9663.exe de57b50ddeb32383574874af224b2a98 PE64 PE File OS Processor Check VirusTotal Malware unpack itself DNS					2.2		11	ZeroCERT

9752	2021-07-07 11:15	JoSetp.exe 1da63c9904ccd13401507d9726da8c00 Gen1 RAT BitCoin Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files ICMP traffic unpack itself Collect installed applications Check virtual network interfaces AppData folder installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key Software crashed	15 Keyword trend analysis Info http://135.181.221.121:46441/ http://netoterizi.xyz/ https://download-serv-632457.xyz/api.php https://videoconvert-download38.xyz/?user=bld - rule_id: 2241 https://download-serv-632457.xyz/ https://api.ip.sb/geoip https://iplogger.org/1vyFz7 https://iplogger.org/1p6br7 https://download-serv-632457.xyz/api.php?getusers https://videoconvert-download38.xyz/?user=bj2 - rule_id: 2241 https://videoconvert-download38.xyz/?user=bj3 - rule_id: 2241 https://videoconvert-download38.xyz/?user=bj1 - rule_id: 2241 https://videoconvert-download38.xyz/?user=bj6 - rule_id: 2241 https://videoconvert-download38.xyz/?user=bj4 - rule_id: 2241 https://videoconvert-download38.xyz/?user=bj5 - rule_id: 2241	11	2	7	19.0	M	28	ZeroCERT

9753	2021-07-07 11:18	chekwaz.exe 85522dedf93b183413387b60937ba822 Generic Malware Admin Tool (Sysinternals etc ...) Antivirus SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Checks Bios Detects VirtualBox powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW VMware anti-virtualization IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	4	4		19.2	M	24	ZeroCERT

9754	2021-07-07 11:19	PA.exe d034e4dba29e649f665666027eadd43a Malicious Library PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder					3.0	M	26	r0d

9755	2021-07-07 11:20	EXCEL.exe 135b625746c95837d281a18767310669 RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Checks debugger buffers extracted exploit crash unpack itself Check virtual network interfaces IP Check Tofsee Windows Exploit Browser Email DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	4	4		16.2	M	29	ZeroCERT

9756	2021-07-07 11:21	0706_2354713505898.doc cb09a047963adcee78e1e33e2fe2271f VBA_macro OS Processor Check MSOffice File Vulnerability VirusTotal Malware unpack itself					3.0		25	guest

9757	2021-07-07 11:24	0706_5212302001979.doc fd70a32ed976a9a2dd46a8569b043149 VBA_macro OS Processor Check MSOffice File Vulnerability unpack itself DNS		1			2.8			guest

9758	2021-07-07 11:29	svchost.exe 0909bde36854892a4a4a2f68489cb410 RAT Gen2 Emotet Gen1 PWS .NET framework Generic Malware NSIS UPX Admin Tool (Sysinternals etc ...) Anti_VM KeyLogger ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check Browser Info Stealer VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious process AppData folder installed browsers check Windows Browser DNS Cryptographic key crashed	1 Keyword trend analysis	4			11.6	M	16	ZeroCERT

9759	2021-07-07 15:36	7gfdg5egds.exe 270c3859591599642bd15167765246e3 Ficker Stealer PE File PE32 Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency MachineGuid Check memory ICMP traffic Collect installed applications sandbox evasion anti-virtualization IP Check installed browsers check Ransomware Stealer Browser ComputerName DNS Software	1 Keyword trend analysis	4	3		9.4	M	61	ZeroCERT

9760	2021-07-07 17:28	プロフォーマインボイス pdf.exe f0755c78d8a63473e9495e31197e3139 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) Antivirus PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key					5.6		17	guest

9761	2021-07-07 17:40	wininit.exe fb7b2bec96a0b729f4fa0c0034d133e7 PWS Loki[b] Loki[m] .NET framework Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	1	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2	1	15.0	M	15	ZeroCERT

9762	2021-07-07 17:41	clo.exe 4c786d5d8707fa659330847d7caabfd9 RAT Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key					9.0	M	36	ZeroCERT

9763	2021-07-07 17:43	Antihistaminerne.exe c0d19c0c4abc226521cb265d731a4427 UPX PE File PE32 VirusTotal Malware RWX flags setting unpack itself anti-virtualization DNS					2.4		8	guest

9764	2021-07-07 17:44	IMG_89133.exe cf88a7f5c3dfd0501d80e443827a44fe PWS .NET framework RAT Generic Malware PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself crashed					2.8	M	29	guest

9765	2021-07-07 17:44	.svchost.exe 775632e90c7efbdf87f1e2eba502461c Generic Malware PE File PE32 VirusTotal Malware RWX flags setting unpack itself					1.6	M	25	ZeroCERT