Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10261	2021-07-20 20:38	vbc.exe 7d9449743fa1c1388181e9c05b9425e1 Loki PWS Loki[b] Loki[m] Malicious Library UPX DNS AntiDebug AntiVM PE32 PE File OS Processor Check DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory buffers extracted Creates executable files AppData folder malicious URLs installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	11.0	M	32	ZeroCERT

10262	2021-07-20 20:40	jap.exe 47a34d84c74352e6d5eb9466cc15fd4c Generic Malware UPX PE32 .NET EXE PE File VirusTotal Malware Check memory Checks debugger unpack itself					2.2	M	30	ZeroCERT

10263	2021-07-20 20:43	neww.exe 928ec247e6f6cd246851bfab7a7154fb AntiDebug AntiVM PE32 OS Processor Check PE File VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself ComputerName crashed					5.0	M	28	ZeroCERT

10264	2021-07-20 20:45	file.exe 4b475a6d16ac0c8cc332710648807d1b UPX PE32 OS Processor Check PE File VirusTotal Malware PDB unpack itself					2.4	M	35	ZeroCERT

10265	2021-07-20 20:49	vbc.exe 12c0a846f4c2eec8f6c87a94cc10f305 UPX PE32 PE File FormBook Emotet Malware download VirusTotal Malware Buffer PE Code Injection Malicious Traffic buffers extracted RWX flags setting unpack itself Tofsee Remote Code Execution	17 Keyword trend analysis Info http://www.brightimewatches.com/bsk9/ http://www.mycupofteainnovations.com/bsk9/ http://www.brightimewatches.com/bsk9/?lZB=UFQL6bspOrB8cl2&mfsl7bH=kaXVI8mGssjTav/La5mnkdXKeQWIgX/VfzBlfkVGxIFVCgMTzil3/n4Sv05bj+iGu4kpHiKs http://www.sadilife.com/bsk9/?mfsl7bH=e7xbgmFucb3mdAvb4fSTdlOSkKtl9DU+7Qe1LIct23kRzCNm5wrZnz/YbkM+Dr2zouZgWplA&lZB=UFQL6bspOrB8cl2 http://www.bearbrickstore.com/bsk9/?lZB=UFQL6bspOrB8cl2&mfsl7bH=F8I0aIDGCGBq2whRgk2XMNl34uSRt0uGMjnhBei8AqXOzZlQETWPQNAMTWJDuI5RtHKplAfZ http://www.artstudio888.com/bsk9/ http://www.roofingcompanyinchattanooga.com/bsk9/?lZB=UFQL6bspOrB8cl2&mfsl7bH=nLXzO5PdSIbrwmRcbaBFCArbb+KwtybsjgwImfMqe3tK/h27Y3PH5/2IC1jLatmdAQANQwkU http://www.artstudio888.com/bsk9/?mfsl7bH=X84Ry8had4YxQ/T2QK5DBF/b7OIVfEo6YjoPwop5Iv2YOgMXp7ZjkoZU38GrqWivtnrSaPl1&lZB=UFQL6bspOrB8cl2 http://www.hptproof.com/bsk9/ http://www.mycupofteainnovations.com/bsk9/?lZB=UFQL6bspOrB8cl2&mfsl7bH=Si5ZJRft9DXQG2cDg3004meRUKMojHlA9AsgkzbvAOzWsE4N89OHu/2KBDAzoyeOENkp7ks8 http://www.66eebb.com/bsk9/?mfsl7bH=bUHdXy5wC8eyO+X16+6v1Mm+gl0juCFc0kDnmYHnf9TpzBxtxY2Y+jWJw/kfKOIqTQhzZbWz&lZB=UFQL6bspOrB8cl2 http://www.hptproof.com/bsk9/?lZB=UFQL6bspOrB8cl2&mfsl7bH=YFdrvYIjjYlcgmxiKpqmgps4nzJ8KKG+JPLtKtmBeTHFNnSnHUZzGEwBZ5uCZPZg0GHgKcfj http://www.66eebb.com/bsk9/ http://www.roofingcompanyinchattanooga.com/bsk9/ http://www.bearbrickstore.com/bsk9/ http://www.sadilife.com/bsk9/ https://cdn.discordapp.com/attachments/858233811639861291/865462995328696320/Acerirmidzgnrebaxvunjfwykhuislq	19 Info www.bearbrickstore.com(172.67.200.233) www.nandedzilla.com() www.mycupofteainnovations.com(182.50.132.242) www.artstudio888.com(34.102.136.180) www.hptproof.com(154.204.153.147) www.brightimewatches.com(64.34.75.141) www.sadilife.com(185.224.137.66) www.roofingcompanyinchattanooga.com(35.231.24.51) cdn.discordapp.com(162.159.135.233) - malware www.66eebb.com(104.165.140.36) 154.204.153.147 35.231.24.51 64.34.75.141 172.67.200.233 34.102.136.180 - mailcious 182.50.132.242 - mailcious 104.165.140.36 162.159.135.233 - malware 185.224.137.66	2		8.8	M	53	ZeroCERT

10266	2021-07-21 07:22	converter.dot 0ee305b1227290547ef61c8c1588e528 VBA_macro MSOffice File unpack itself					0.8			ZeroCERT

10267	2021-07-21 08:39	gut.exe af64a7df92d3f72407194dd17b013c86 UPX DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE32 PE File Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName	1 Keyword trend analysis	2	1		10.2		15	ZeroCERT

10268	2021-07-21 08:40	vbc.exe c8feb9d53b567cd1bfb0e59cf7d26bc2 PE32 PE File VirusTotal Malware RWX flags setting unpack itself					2.0	M	28	ZeroCERT

10269	2021-07-21 08:41	redik.exe ff361121c102c043c2c4b5c6a6b4410c Themida Packer PE32 .NET EXE PE File VirusTotal Malware Check memory Checks debugger unpack itself Checks Bios Detects VMWare Check virtual network interfaces VMware anti-virtualization Windows Firmware DNS Cryptographic key crashed	1 Keyword trend analysis	1		1	6.8	M	56	ZeroCERT

10270	2021-07-21 08:41	lovemetertok.png a7ae4c7ec052486bbaa04a21c00fe5b8 Emotet Gen1 UPX PE32 OS Processor Check DLL PE File Dridex TrickBot Malware Report suspicious privilege MachineGuid Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself Check virtual network interfaces suspicious process Kovter ComputerName Remote Code Execution DNS crashed	1 Keyword trend analysis	9	5		7.8			ZeroCERT

10271	2021-07-21 08:43	vbc.exe e0efe365b3b8e5bddf535420d2d50bf1 PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE32 OS Processor Check .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed		1			9.8	M	38	ZeroCERT

10272	2021-07-21 08:44	dmwa.jpg dc71ed81724056f7ee199d098356e155 UPX DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE32 PE File Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection buffers extracted Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName DNS DDNS	3 Keyword trend analysis Info https://onedrive.live.com/download?cid=D416D1B64F12090C&resid=D416D1B64F12090C%21117&authkey=APjyEsMkjUCRkZ0 https://76kepq.dm.files.1drv.com/y4mFTaP51U3rC0HJcbA2cI21raIOulHjXqxfH10b0w34Q1YOkvmGH9y7fEJeO9us7YjzJfhwKntULyFVxYkrxV1a6cQ6UpV2_Rrg5YW8cF8Wn4-hMhP3aVvkKgEtW-xJK6VTsiFgAr8Cpoc9Qx8JYgIfqeo_xT2cdBpNpliN_3dOcfiv7aCKrN4IPTSln-FMYW-Vk8ayZl_HcOFjLwGpBrLlA/Ouioeespyllwrovblhytdqoivltnmwm?download&psid=1 https://76kepq.dm.files.1drv.com/y4mVA-4T5BSRNr6EI3wX5yvZIcKR7593xArBkZIIWMjcax89V8byQvS1IIur9LidSZAxY8ta-ks_TmybV4m395RmQqYiEOkPhyg6LvZQlmJXs2H44Av-vGlThjLZDDQiHVjobgLdxX9xXZ_eQ-iAPYt10VFl5ifzVxhb4FFebSpYzHaKUGsTTWJZQM-s1YMitU0R6l_8ygKtNKct1mXLoPe0Q/Ouioeespyllwrovblhytdqoivltnmwm?download&psid=1	9 Info jahblessrtd4ever.home-webserver.de(79.134.225.104) - mailcious grace2021.duckdns.org(31.220.4.59) onedrive.live.com(13.107.42.13) - mailcious grace2020.home-webserver.de(31.220.4.59) 76kepq.dm.files.1drv.com(13.107.42.12) 79.134.225.104 - mailcious 13.107.42.13 - mailcious 13.107.42.12 - malware 31.220.4.59	2		12.8	M	21	ZeroCERT

10273	2021-07-21 08:46	Premiere_Pro_Set-Up.exe 24e83aecd38d651f87c6f4fe78b42e3e PE64 PE File Browser Info Stealer AutoRuns MachineGuid Check memory buffers extracted Creates executable files Windows Browser	1 Keyword trend analysis	4	1		4.0			ZeroCERT

10274	2021-07-21 08:48	can.exe 3763f091a074d72561b02c9c02e7bafc Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted WMI RWX flags setting unpack itself Windows ComputerName Cryptographic key crashed					8.6	M	21	ZeroCERT

10275	2021-07-21 08:53	Stolen Images Evidence.js 120099cbae988c35eca1c64668ea92ec Generic Malware UPX Malicious Packer Antivirus AntiDebug AntiVM PE64 DLL PE File VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process Windows ComputerName Cryptographic key crashed		2	3		10.0	M	2	ZeroCERT