Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10216	2021-07-20 08:05	quote.exe 65cb21f74729427dcb7ddb1bb8cb762f Generic Malware UPX AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key crashed	8 Keyword trend analysis Info http://www.wawum.com/bx69/?uHux=dhRiPExq/xxiIUXB7EydO+mZJ5L4wqx2f1y8ESic3IGwnJv14LBXD811Daq7+oAhXJsqb1m5&VtxXE=FFQL6Rl0F4PxGNl http://www.juststarte.com/bx69/?uHux=m6o6e6d24SbCObKdpsbCp++8dyPjGsXbogDneN8beLsYxsHAKFyaaVf93Vl6CX3pHAonRwh5&VtxXE=FFQL6Rl0F4PxGNl http://www.carinsurancetraining.com/bx69/?uHux=0pxyoY42BHmH1V0vulRcyyznUlGh8pWOPtfB0YSlxS5GTZfj5HVyd7QvBPv1TFq8QeS+9nSd&VtxXE=FFQL6Rl0F4PxGNl http://www.queroquitarbv.net/bx69/?uHux=msad9L+TAqNXfJtKBl+9CT9pnFOGdhHX3sDl9QEgjHOX52YV2a3W8C8K7WMlB9dncdMhNT9u&VtxXE=FFQL6Rl0F4PxGNl http://www.over50sixpackclub.com/bx69/?uHux=LIWDW+1TEXV64kNxyqeu0DutEMfDnet+dyZ/ucKpnye0GvgzAR5HL6W3Tpwh8MynrnckMJtz&VtxXE=FFQL6Rl0F4PxGNl http://www.cielovr.com/bx69/?uHux=AZLYT5CnCxELaXue8uWtU0LGC7jPLJgkZQY2KrWqfs2c+lofYKH+Gt4AdLVaGaYFdzGyrm5L&VtxXE=FFQL6Rl0F4PxGNl http://www.texturaterrazzo.com/bx69/?uHux=t7oL27tBlKB5IylsuMQ2mBUNwYYPI9nKXn+pi/ro2YcXKywcjn9D7/nLpZwcvHden1Ndw1Mg&VtxXE=FFQL6Rl0F4PxGNl http://www.kingdomkeys.house/bx69/?uHux=jnGogQyYVKfhK0rWB5boY/u9s0pgg8p8us/bWVBBOYS/2a0nDIncbHi+FuLUuLriGv0CT7q8&VtxXE=FFQL6Rl0F4PxGNl	13 Info www.texturaterrazzo.com(184.168.131.241) www.over50sixpackclub.com(34.102.136.180) www.kingdomkeys.house(34.102.136.180) www.carinsurancetraining.com(167.172.124.248) www.juststarte.com(23.227.38.74) www.queroquitarbv.net(34.102.136.180) www.cielovr.com(34.102.136.180) www.wawum.com(3.223.115.185) 184.168.131.241 - mailcious 34.102.136.180 - mailcious 167.172.124.248 3.223.115.185 - mailcious 23.227.38.74 - mailcious	1		8.4	M	26	ZeroCERT

10217	2021-07-20 08:06	apines.exe 1db818edcd076f1410f95e7ca3242354 UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.2	M	28	ZeroCERT

10218	2021-07-20 08:07	lv.exe 68886f96b3223730b1e228f42aecc5cf Gen1 Gen2 UPX Malicious Library Malicious Packer DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows		1			7.2	M	41	ZeroCERT

10219	2021-07-20 08:09	jjroblox.exe 2308cedb77f66e4a821d57e8ee1e08a5 Gen2 njRAT backdoor Generic Malware UPX Malicious Packer PE File OS Processor Check PE32 .NET EXE DarkComet AutoRuns suspicious privilege Code Injection Check memory Creates executable files unpack itself Windows utilities Disables Windows Security suspicious process AppData folder WriteConsoleW human activity check Windows Remote Code Execution DNS DDNS keylogger		2	1		13.4	M		ZeroCERT

10220	2021-07-20 08:09	F-Launcher.exe 6c592736cf6ae24c1d7e5d051234fdbd njRAT backdoor Gen2 Generic Malware Malicious Packer UPX PE File PE32 .NET EXE OS Processor Check DarkComet VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Check virtual network interfaces suspicious process AppData folder WriteConsoleW human activity check Windows Java DNS DDNS crashed keylogger		2	1		17.4	M	64	ZeroCERT

10221	2021-07-20 08:10	801.exe bc5d860da754c16a5e214a03b96d970b UPX AntiDebug AntiVM PE File OS Processor Check PE32 VirusTotal Malware Buffer PE PDB Code Injection buffers extracted unpack itself					7.6	M	47	ZeroCERT

10222	2021-07-20 08:11	vbc.exe 8cf5cb10708d0fea42106a1d31ba4248 UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.6	M	50	ZeroCERT

10223	2021-07-20 08:12	.csrss.exe 8f35517bd68bbe4d0d2362445172763a UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.6	M	46	ZeroCERT

10224	2021-07-20 08:14	quotation.exe 688a5cdda1ae1e75e3e84facfecf3fb4 Generic Malware Anti_VM UPX AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key crashed	10 Keyword trend analysis Info http://www.toughcookiemasks.store/a3ea/ http://www.toughcookiemasks.store/a3ea/?tVm4=C8AXzH85EW6bcksLHaxF/KT8Irp4AtcdmYJKzOvgBn+W3BKccZ5NKp4N2sSXLniiTrul85mh&U48Hj=NtetP010Fhk0eBmp http://www.partypacktv.net/a3ea/ http://www.buscosol.com/a3ea/?tVm4=lRsiICaqtm2zzUnhXLfpLD7Q/+UaV/rCUiwMIjEIEqTTgaJvQmAUsMmIJXJ+m6+joKtZimwp&U48Hj=NtetP010Fhk0eBmp http://www.njzhongqiang.com/a3ea/?tVm4=7B5Y82ijZowLi65LlrOdfRJrA23b3y8A1iFQ94gfFtk3rWCbyNy7KEk3A3Kfr610vJsDD0tA&U48Hj=NtetP010Fhk0eBmp http://www.californiatonashville.com/a3ea/ http://www.californiatonashville.com/a3ea/?tVm4=8H22mTWKiFm53ygv7BpxdD0DMJSQry+Qjl67+C0ZF0kPq5HYZo9BXDHD5wcfLRsUUtyCBRrI&U48Hj=NtetP010Fhk0eBmp http://www.buscosol.com/a3ea/ http://www.njzhongqiang.com/a3ea/ http://www.partypacktv.net/a3ea/?tVm4=mKo1Qg6HqSIcsN4zQXcvrJa2ES1RBdIFriO8tlFo7dt3X/kB1ulnY9q1GBPnIXxgJBBZKIeM&U48Hj=NtetP010Fhk0eBmp	11 Info www.toughcookiemasks.store(64.98.145.30) www.californiatonashville.com(34.102.136.180) www.partypacktv.net(198.57.247.186) www.roseymacy.com() www.njzhongqiang.com(154.94.101.170) www.buscosol.com(217.160.0.234) 64.98.145.30 - mailcious 34.102.136.180 - mailcious 154.94.101.170 198.57.247.186 217.160.0.234 - mailcious	1		8.8	M	23	ZeroCERT

10225	2021-07-20 08:15	update.exe 44b42e92ffe33907c539d1135bb05239 PE File PE32 Emotet VirusTotal Malware AutoRuns suspicious privilege Code Injection buffers extracted RWX flags setting unpack itself Disables Windows Security sandbox evasion Windows ComputerName crashed					8.6	M	57	ZeroCERT

10226	2021-07-20 08:15	ups.js 66cf8adae71b2d556f58371d937ba4b3 VirusTotal Malware VBScript wscript.exe payload download DNS Dropper		1			10.0		17	ZeroCERT

10227	2021-07-20 08:15	file.exe 3577889cdae96c45ac86d0fabe6723b0 UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.4	M	30	ZeroCERT

10228	2021-07-20 08:17	weads.exe c826a43b3cdb08fc06ddfa2e223a5710 UPX Malicious Library PE File PE32 VirusTotal Malware RWX flags setting unpack itself ComputerName DNS	2 Keyword trend analysis	1			3.8	M	58	ZeroCERT

10229	2021-07-20 08:17	cvhost.exe c65eb22434cbf550e158d45cf9a64470 UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.2	M	25	ZeroCERT

10230	2021-07-20 08:19	ugopoundx.exe 0c89a6ac4ceb310ad34dcf92ec3a77bb PWS Loki[b] Loki[m] .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM PE File OS Processor Check PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	1	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	1	14.0	M	21	ZeroCERT