Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10246	2021-07-20 20:21	vbc.exe 7bed25cd63b443f1c3c1e69c1cfcea84 Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					12.4	M	13	ZeroCERT

10247	2021-07-20 20:21	props.exe dcbab28c37e563f20d07e785a94376f4 PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE32 OS Processor Check .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows ComputerName Cryptographic key crashed	1 Keyword trend analysis	2			10.8	M	31	ZeroCERT

10248	2021-07-20 20:23	joboi.exe 8d34c106313988905b7554589048a99c Generic Malware UPX PE32 .NET EXE PE File VirusTotal Malware Check memory Checks debugger unpack itself					2.2	M	33	ZeroCERT

10249	2021-07-20 20:23	Gnwpizngkfaxnrdperkromddykwmea... 6331736d5de348e92aa8ac377de8275d PWS Loki[b] Loki[m] Admin Tool (Sysinternals etc ...) UPX DNS AntiDebug AntiVM PE32 PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory buffers extracted RWX flags setting unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Tofsee Browser Email ComputerName Software	3 Keyword trend analysis Info http://sspmoct.xyz/tkrr/T1/w2/fre.php https://onedrive.live.com/download?cid=DCD4F5588DB45110&resid=DCD4F5588DB45110%21117&authkey=ABNcDCFEJJwt5GE https://wpvs9g.dm.files.1drv.com/y4mc0N8aDVLbrOM0t-d4cLVzNXwptl4Op7AR8ROq--p8oHeGmWMXrT1GoIBzhmm87yiZqdmUnYbgfXiqPul9CKScrZdghDE1U3zTdf7kKOLcxsJQJxrRT4vQVgyRVBjk4ffhbnUHhZzb4UUF-Wa5kALGYrn2tnREsC6rxRuhBsPvRMwxounz2G7lp8IoMC2SSAq_moi14WCS2PtHLJdDnLspA/Gnwpizngkfaxnrdperkromddykwmeaa?download&psid=1	6	8 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		13.2	M	25	ZeroCERT

10250	2021-07-20 20:25	pl_installer.exe 23ae4478b174cda0679dd4c62fc782e6 UPX PE32 OS Processor Check PE File VirusTotal Malware PDB unpack itself					2.2	M	28	ZeroCERT

10251	2021-07-20 20:25	argent.exe 22b857320659f058de7f1337580934f3 BitCoin Generic Malware AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	2		11.8	M	37	ZeroCERT

10252	2021-07-20 20:27	jojo.exe 1e01e4862c37c060778cb23ef9cec416 Generic Malware UPX SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					11.4	M	42	ZeroCERT

10253	2021-07-20 20:27	ob.exe 211ea7546d0136d9a81411f33f65618a PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE32 OS Processor Check .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					11.0	M	21	ZeroCERT

10254	2021-07-20 20:29	pl_installer.exe aa6d6c9c89f483342c1de94ea192353f UPX PE32 OS Processor Check PE File VirusTotal Malware PDB unpack itself					2.2	M	27	ZeroCERT

10255	2021-07-20 20:30	dllhost.exe c7fac4adc96446c3ff1237f0ac0a373f PWS .NET framework RAT Generic Malware AntiDebug AntiVM PE32 OS Processor Check .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	1 Keyword trend analysis	2	1		9.2	M	22	ZeroCERT

10256	2021-07-20 20:32	crackers.exe 73c43ce3cb9de3a623f462ca7a4ade0b Generic Malware UPX SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					10.6	M	37	ZeroCERT

10257	2021-07-20 20:32	purchase.exe 4bb048890ed3a24cc65bf6eda4afbb72 PWS Loki[b] Loki[m] .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM PE32 OS Processor Check .NET EXE PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	1	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	1	13.8	M	35	ZeroCERT

10258	2021-07-20 20:34	ne.exe 963aa12c1d0427cb154d519f21358ab4 UPX PE32 OS Processor Check PE File VirusTotal Malware PDB					1.4	M	56	ZeroCERT

10259	2021-07-20 20:35	.svchost.exe 74ee7d7a3b3f72b77baf8752dd249511 Generic Malware UPX Malicious Packer PE32 PE File VirusTotal Malware Check memory RWX flags setting unpack itself ComputerName					1.8	M	18	ZeroCERT

10260	2021-07-20 20:36	iykemoney.exe 437fbdc5e75e71645975d343cedb023c PWS .NET framework RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM PE32 OS Processor Check .NET EXE PE File VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					10.6	M	27	ZeroCERT