popup

Submissions

No Date Request Urls Hosts IDS Rule Score Zero VT Player Etc
10336 2021-07-22 10:36 LTBH9TA.png  

94b5a8d78982670fe04dfb37a9cdb81d


Dridex PE32 DLL PE File VirusTotal Malware 		1.0 M 16 ZeroCERT

10337 2021-07-22 10:37 Invoice_649169.xls  

07145e5d278eec8712e2d24f59aae259


Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows 		1 2 1 3.0 M 17 ZeroCERT

10338 2021-07-22 10:37 h8f6.png  

65638d179046f7caec06dc03e508b040


Dridex PE32 DLL PE File VirusTotal Malware 		1.2 M 26 ZeroCERT

10339 2021-07-22 10:37 EOIxmku.png  

397b799c357562c5a8061a39514d7785


Dridex PE32 DLL PE File VirusTotal Malware 		1.2 M 20 ZeroCERT

10340 2021-07-22 10:37 UuqDiHK.png  

145c6b9290b6cf598f4995a8a70da916


Dridex PE32 DLL PE File VirusTotal Malware 		1.0 M 17 ZeroCERT

10341 2021-07-22 10:37 Invoice_28960858.xls  

3d67b0c7d220a241c6eb2ed5660ac458


Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows 		1 2 1 3.6 M 18 ZeroCERT

10342 2021-07-22 10:37 SGSRZF.png  

8b16733dcb7b1477a70352b8b37893d8


Dridex PE32 DLL PE File VirusTotal Malware 		1.0 M 17 ZeroCERT

10343 2021-07-22 10:40 Invoice_555559.xls  

d620e11fcd186b1e9e8c921cee692289


VBA_macro MSOffice File VirusTotal Malware unpack itself 		1.6 M 15 ZeroCERT

10344 2021-07-22 10:44 h8f6.png  

65638d179046f7caec06dc03e508b040


Dridex PE32 DLL PE File VirusTotal Malware 		1.2 M 26 ZeroCERT

10345 2021-07-22 10:56 Kripted.exe  

79d863368e039ff567883368a5f041d0


VMProtect UPX PE32 PE File Malware download VirusTotal Malware AutoRuns Malicious Traffic unpack itself Checks Bios sandbox evasion anti-virtualization Windows DNS 		1 2 1 6.6 M 45 ZeroCERT

10346 2021-07-22 10:56 yad.exe  

4c8b20479e35b380a034faf7238f9ea2


NPKI RAT Generic Malware Malicious Library UPX DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug AntiVM PE VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows DNS Cryptographic key 		2 9.2 M 32 ZeroCERT

10347 2021-07-22 10:58 excludes2.dat  

b90adc3845ca490d93301b4934618787


UPX PE32 OS Processor Check PE File VirusTotal Malware PDB unpack itself Remote Code Execution 		1.8 M 25 ZeroCERT

10348 2021-07-22 10:58 .csrss.exe  

bd14c764ee43bda58dca34b77c472f95


Lokibot PWS Loki[b] Loki[m] .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM PE32 OS Processor Check .NET EXE PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName Cryptographic key Software 		1 2 7 1 14.0 M 33 ZeroCERT

10349 2021-07-22 11:01 csrss.exe  

0ddeb0b17f45b044ca999164550dd25c


NPKI Generic Malware Anti_VM UPX PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows Cryptographic key crashed 		5.6 M 31 ZeroCERT

10350 2021-07-22 11:01 Invoice_987741.xls  

5c8fcc9153a5f651d01db332d093e822


Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows 		2 1 3.6 M 15 ZeroCERT

keyword