Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10411	2021-07-23 09:26	pool.exe d71ee93843d5159da740a11e0944d987 PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	4 Keyword trend analysis Info http://www.gaigoilaocai.com/wufn/?zL08l=+cvcaH9t4IGOvfSH2s/pGQCzCoMlKLNX9S4pg+CdqO+ehvTRSw4m6C0WiIEOYf+cYXNRRXby&rDHph=0Rm8pfsh - rule_id: 2912 http://www.kingdomvets.com/wufn/?zL08l=o6NP/38pvTDlv+JV19NTB11bpLiuGI0dHMB5Vx/enan56b3Zy4geNSKYW/CwegZqLuXFQkxp&rDHph=0Rm8pfsh http://www.rsautoluxe.com/wufn/?zL08l=w5EnrSKap8oRy2zPlnddF8gTSk3mhpsg6+K+ZUM/zOnILWZ553OzJd1vgJ8iXK568zhVN9hj&rDHph=0Rm8pfsh http://www.prinothhusky.com/wufn/?zL08l=GFt2TzYQfdSiNG603WLL+Cz/jkuaKDaMw91O9Wlio7W/+JMlkABrabAp9DL5ExKj8sqeUNNS&rDHph=0Rm8pfsh	8	1	1	8.4	M		ZeroCERT

10412	2021-07-23 09:28	egdgh.exe 5d751931eb3477f5e7d340606b381db2 PWS Loki[b] Loki[m] .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket KeyLogger HTTP Internet API ScreenShot Http API AntiDebug AntiVM PE32 .NET EXE PE File Malware download Azorult VirusTotal Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1		9.0	M	19	ZeroCERT

10413	2021-07-23 09:28	Invoice_801658.xls 0e5fe8af64b1c5ead75e629b8afd34c0 Dridex VBA_macro Malicious Library MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows	1 Keyword trend analysis	2	1		3.6		17	ZeroCERT

10414	2021-07-23 09:29	faster4pc.exe b8371590264db62ecbba4b7f481a21a8 PE64 PE File VirusTotal Malware crashed					1.6	M	25	ZeroCERT

10415	2021-07-23 09:30	dllhost.exe f961d6f3eb82bc072a1c85287efb2ed4 PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows Cryptographic key					5.2	M	28	ZeroCERT

10416	2021-07-23 09:32	NoEscape.exe 989ae3d195203b323aa2b3adf04e9833 Malicious Packer PE32 PE File VirusTotal Malware					1.8	M	57	ZeroCERT

10417	2021-07-23 09:32	0722_7087881301.xls 1a78008b2f07c1a067c4d84fcc63c413 Generic Malware VBA_macro Malicious Library KeyLogger ScreenShot AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection unpack itself					2.6		18	guest

10418	2021-07-23 09:34	vbc.exe 4f71bce958bbbe6c82bde2df84e4d61e PE32 PE File VirusTotal Malware RWX flags setting unpack itself					1.4	M	19	ZeroCERT

10419	2021-07-23 09:34	bobbyzx.exe 7fd6bff5fc36687c58d1ac8f9f3a0c0e PWS Loki[b] Loki[m] .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Cryptographic key Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2		14.0	M	24	ZeroCERT

10420	2021-07-23 09:37	obi.exe f5041ec4ce468a07ecbfd076bc0f879b Gen2 Gen1 Antivirus Malicious Packer UPX Malicious Library KeyLogger ScreenShot AntiDebug AntiVM PE64 PE File PE32 FormBook Malware download VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut ICMP traffic unpack itself Windows utilities powershell.exe wrote suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis Info http://www.910portablestorage.com/pjje/?GPJ=1E2I7JoHvdI70zlyJUP47wtv7Dh3ZKuKkZTH8Pyg1+E0ALH7TJKdn5Z7YfOHaHfy4lnzl3gM&oX=Txo8nZfpMrz4 http://www.virtualtheaterlive.com/pjje/?GPJ=6Wbigwba73Ivpg80txDuveuG+BEOuPRPTnNbnDcrL/ql6Uyn3+aOReH08cRiULEL8ZXywzTc&oX=Txo8nZfpMrz4 https://cdn.discordapp.com/attachments/858793322087710753/863891857608015902/oad.jpg	7	2		15.4	M	38	ZeroCERT

10421	2021-07-23 09:37	Invoice_576113.xls a411479d9de4f5c8bcc364d6adad2854 Dridex VBA_macro Malicious Library MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows	1 Keyword trend analysis	2	1		3.8	M	20	ZeroCERT

10422	2021-07-23 09:38	Fbck.jpg ee991f2813337a82a3329f3e84b4c184 VirusTotal Malware					0.4	M	2	ZeroCERT

10423	2021-07-23 09:39	.wininit.exe 7ceecb14777497d950fef12be23cb30d PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows Cryptographic key	5 Keyword trend analysis Info http://www.indiasofannapolis.com/u6bi/?uZi0=hnwtVQD0+B+MQPZpcDE1NNpG3Nai+Nu6AThFwFNLL4lTXEwceySaeonWyTyDhXyHcy6CNZQD&Vnt48=GTd0sn7PSL8h7XY http://www.tiltyi.com/u6bi/?uZi0=0lcolF/goa0wiSK9zn4wqSgLP7QiLxlxd0aymDwYqu6uvSn8m8r2waxqzS3OeY9qdFguZpFc&Vnt48=GTd0sn7PSL8h7XY http://www.2021cacondo.com/u6bi/?uZi0=OCatVl/HxP9LSoxl3pI1zJ3If3DnqK1+RysL2U+jvU6gCDAnxqUdLaoRZ60A7ltEpEYQWsLq&Vnt48=GTd0sn7PSL8h7XY - rule_id: 2630 http://www.morganrealtyinc.net/u6bi/?uZi0=Ye3/aYwSGVSMqbEcyzTtjLRiM72zOrRvzjnFiBnjlTUjwTcTjYcMsnrzWJmQ5zMidmWLc8t+&Vnt48=GTd0sn7PSL8h7XY http://www.uluuclub.com/u6bi/?uZi0=14o2Zx8XrTHtbcw01fk3Ww5UUYjDZfSZMoRVLzjNmU7sqVPBG/wL8GxkrU1vvFuY/Bg1FPed&Vnt48=GTd0sn7PSL8h7XY - rule_id: 2651	11 Info www.itsoriente.com(159.69.59.11) www.uluuclub.com(34.102.136.180) - mailcious www.indiasofannapolis.com(35.163.94.115) www.2021cacondo.com(34.102.136.180) - mailcious www.tiltyi.com(104.21.37.201) www.morganrealtyinc.net(104.154.23.229) 159.69.59.11 172.67.212.227 34.102.136.180 - mailcious 104.154.23.229 35.163.94.115	1	2	10.0	M	21	ZeroCERT

10424	2021-07-23 09:41	0722_4622335706.xls 36602114154e804d08aeaa258f3c9b94 Generic Malware VBA_macro Malicious Library KeyLogger ScreenShot AntiDebug AntiVM MSOffice File Code Injection unpack itself					2.0			guest

10425	2021-07-23 09:42	.svchost.exe c937fc9ed4325e6ab24d49a3175f3a5c Generic Malware Malicious Packer UPX PE32 PE File VirusTotal Malware Check memory RWX flags setting unpack itself ComputerName					2.2	M	31	ZeroCERT