Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10621	2021-07-29 10:46	vbc.exe e9f578801e3b556fd931a599d38c58db Generic Malware Admin Tool (Sysinternals etc ...) PE32 .NET EXE PE File VirusTotal Malware Check memory Checks debugger unpack itself crashed					2.2	M	24	ZeroCERT

10622	2021-07-29 10:46	filler_oko5.png 4dfbcd7756a89d220cc8134c3c7f8352 Generic Malware Malicious Library PE32 DLL PE File VirusTotal Malware					1.2	M	24	ZeroCERT

10623	2021-07-29 10:47	.csrss.exe 1e54d071c3beac6dcd4347f0665b551b Lokibot PWS Loki[b] Loki[m] .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName Cryptographic key Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.4	M	27	ZeroCERT

10624	2021-07-29 10:48	.csrss.exe 1e54d071c3beac6dcd4347f0665b551b PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) PE32 .NET EXE PE File VirusTotal Malware Check memory Checks debugger unpack itself crashed					1.8	M	27	ZeroCERT

10625	2021-07-29 10:49	pmo-2.exe 6becb7e3e5c369e12bd11209a7e726ab PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	6 Keyword trend analysis Info http://www.rsautoluxe.com/wufn/?-Z=w5EnrSKap8oRy2zPlnddF8gTSk3mhpsg6+K+ZUM/zOnILWZ553OzJd1vgJ8iXK568zhVN9hj&2d=XnzpXRjp - rule_id: 3288 http://www.gaigoilaocai.com/wufn/?-Z=+cvcaH9t4IGOvfSH2s/pGQCzCoMlKLNX9S4pg+CdqO+ehvTRSw4m6C0WiIEOYf+cYXNRRXby&2d=XnzpXRjp - rule_id: 2912 http://www.organicdiscover.com/wufn/?-Z=BMyBOOK9IF1kQNL0q34PdNh4a9avsrhJmv5C6QJv11V5DUyIWoflkcvUJak2TdTEBQSZ7jHE&2d=XnzpXRjp http://www.brasilupshop.com/wufn/?-Z=59brRu9dLS77nFy0s50o1uJFUTMvI+fKw5ePYjcZBjdZ1DjOWYIxIDuCUckQyVdYQE+vfh4M&2d=XnzpXRjp http://www.cummingsforum.com/wufn/?-Z=PGuDT0srb8+GzzH8GojBu9jJOM86wXlCLaZQF9oyMbXQcbHCqOG6UzGQhd2hamBsdTomrrU0&2d=XnzpXRjp http://www.peak-valleyadvertising.com/wufn/?-Z=FgzG7Qx2bDHQRqzBshosqp2KyuZ4BKgjCPQpIPsUZT2saqt6xf80CxpLR0Dj1LrdceOnKHHp&2d=XnzpXRjp	13 Info www.rsautoluxe.com(103.48.133.134) - mailcious www.brasilupshop.com(34.98.99.30) www.peak-valleyadvertising.com(34.102.136.180) www.organicdiscover.com(3.136.2.34) www.gaigoilaocai.com(172.67.187.204) www.singnema.com() www.amsmapped.com() www.cummingsforum.com(34.102.136.180) 18.116.232.141 34.102.136.180 - mailcious 172.67.187.204 - mailcious 103.48.133.134 - mailcious 34.98.99.30 - phishing	1	2	8.4	M	39	ZeroCERT

10626	2021-07-29 10:51	kdotzx.exe 4bb71eeb1ef688efb7807a1c182691cb Generic Malware Admin Tool (Sysinternals etc ...) PE32 .NET EXE PE File VirusTotal Malware Check memory Checks debugger unpack itself					2.4	M	42	ZeroCERT

10627	2021-07-29 10:51	vbc.exe a279add023dd6a0fcbf1d5da05fbddeb Generic Malware Admin Tool (Sysinternals etc ...) PE32 .NET EXE PE File VirusTotal Malware Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key					2.4	M	24	ZeroCERT

10628	2021-07-29 10:53	3N6F9HYnez65WwY.exe e6264b60743e648233defe5dc124b9aa PWS Loki[b] Loki[m] Generic Malware UPX DNS AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Cryptographic key Software	1 Keyword trend analysis	2	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2		12.4	M	24	ZeroCERT

10629	2021-07-29 10:53	44389.jpg 781e6ea7ced126bc27d7a206f5651651 PE64 DLL PE File Malware download VirusTotal Malware PhotoLoader MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted unpack itself suspicious TLD Tofsee DNS	2 Keyword trend analysis	5	4		4.0	M	24	ZeroCERT

10630	2021-07-29 10:55	dwo-1.exe 718cb22d0b0711363390a647173f189f RAT Generic Malware Admin Tool (Sysinternals etc ...) PE32 .NET EXE PE File VirusTotal Malware Check memory Checks debugger unpack itself crashed					2.4	M	33	ZeroCERT

10631	2021-07-29 10:55	reestr.exe a69e12607d01237460808fa1709e5e86 PE32 PE File VirusTotal Malware RWX flags setting unpack itself crashed					2.2	M	45	ZeroCERT

10632	2021-07-29 10:55	icon_psn98.png f3895703410910aa0ef2f7da6a12dd49 Generic Malware Malicious Library PE32 DLL PE File VirusTotal Malware					1.4	M	31	ZeroCERT

10633	2021-07-29 10:57	payload.exe 3baeaa766ea7f31a9147208efd957c75 VirusTotal Malware					0.4	M	9	guest

10634	2021-07-29 10:57	pmo.exe 23962f311cb6016e8f5a84ceb3bab011 PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) PE32 .NET EXE PE File VirusTotal Malware Check memory Checks debugger unpack itself crashed					2.2	M	24	ZeroCERT

10635	2021-07-29 10:59	lv.exe e606e3bbeb846d4ef17eca787b09c728 Emotet Gen1 NPKI Gen2 Malicious Library UPX Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiD VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger Creates executable files unpack itself AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows crashed		1			6.6	M	20	ZeroCERT