Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10801	2021-08-03 09:09	win32t.exe 2d8f78efd6acd9db2e87519616852cfa PWS .NET framework RAT Generic Malware UPX PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key					2.6	M	18	ZeroCERT

10802	2021-08-03 09:10	putty.exe 0cfe251e0b61bbc87656f52defad4c53 email stealer Generic Malware Admin Tool (Sysinternals etc ...) UPX Malicious Library Malicious Packer DNS Socket Escalate priviledges KeyLogger Code injection Downloader persistence AntiDebug AntiVM PE File .NET EXE PE32 PE64 OS Processor Check DLL VirusTotal Malware AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check human activity check Windows ComputerName		4	1		13.6	M	26	ZeroCERT

10803	2021-08-03 09:11	zzz.exe 560df81553f2ef8daf7019589f991c6d RAT Generic Malware Malicious Packer UPX Antivirus PE File OS Processor Check .NET EXE PE32 VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Disables Windows Security powershell.exe wrote Check virtual network interfaces suspicious process AntiVM_Disk VM Disk Size Check Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1			8.6	M	40	ZeroCERT

10804	2021-08-03 09:12	win32d.exe 5c8fdd6c67790256bda928d03cf524a9 AgentTesla PWS .NET framework RAT browser info stealer Generic Malware Google Chrome User Data UPX Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection Downloader AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key DDNS		3	1		12.2	M	36	ZeroCERT

10805	2021-08-03 09:19	ferra.exe fa92c189ee8cded4c7554b171bc2dc25 UPX Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.2		20	ZeroCERT

10806	2021-08-03 09:20	babkaaepta.exe 0a3a43c545b504fca1908688bbe661a4 PWS .NET framework RAT Generic Malware UPX PE File OS Processor Check .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Windows DNS Cryptographic key		1			4.8	M	48	ZeroCERT

10807	2021-08-03 09:21	#WUHD09.vbs 03e4a5b246180743a15aabbe28f2acb5 Antivirus VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis	1			5.2		6	ZeroCERT

10808	2021-08-03 09:22	microC.exe c8808ce7eae00e1bf51fd211a2275b4b Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName					8.6	M	35	ZeroCERT

10809	2021-08-03 09:24	download cd8f5f89a0d7a618a1c6b877bcb6424d Generic Malware UPX Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows crashed					3.4	M	53	ZeroCERT

10810	2021-08-03 09:25	RFQ 6020943651-FOR-ATENS.xls.x... 2344d5013ae84f4d70bf359575fba402 Generic Malware UPX Malicious Library PE64 PE File OS Processor Check DLL VirusTotal Malware PDB Remote Code Execution					1.8		22	ZeroCERT

10811	2021-08-03 09:26	vbc.exe 0051d352f44660bd6ff45ebcb806139d PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 Malware download AsyncRAT Dridex NetWireRC TrickBot VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Kovter Windows ComputerName DNS Cryptographic key		1	2		10.8	M	17	ZeroCERT

10812	2021-08-03 09:29	.csrss.exe 8894b0f72764e1754c1d415dcda7b7f9 Lokibot PWS Loki[b] Loki[m] .NET framework Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	3	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	14.4	M	20	ZeroCERT

10813	2021-08-03 09:30	PURCHASE ORDER AZAS112.xls.xll 4ebc548df517cae4c7e3122e9c75ede6 Generic Malware UPX Malicious Library PE64 PE File OS Processor Check DLL VirusTotal Malware PDB Remote Code Execution					1.8		21	ZeroCERT

10814	2021-08-03 09:30	boy.exe 3d4b1329fdcbc4efa3cebf3e0511a436 Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows Cryptographic key					5.2	M	21	ZeroCERT

10815	2021-08-03 09:34	facts.08.21.doc 97d717e44f8f2faf01af69a10886718a AntiDebug AntiVM VirusTotal Malware Code Injection Check memory RWX flags setting unpack itself suspicious process Interception	1 Keyword trend analysis Info http://camachovioling.com/bdfh/42817/nTaQuD3SzLsSBS6e12bKPSrNtt5cVpQkENVZDd2ykLqRI2N/8nAUDRaaEuSYL/O4x/9UCY8heIznFmAqMSL9VJcMVUuZ8RI2py/4tSZYzuPskqnmIhk3b8VlIASCLKpFkb/RZA5jM9CbEbkqanyvrX9o4Esy9FjYfJ47u3zVsm9UeR/q/H8RkWViGdVNkvH5Dfmoqq/3vcqms45GLbESn9NhL4NJT/vaq3?search=BCFNUolZx&q=4LjHCiNGLcfaBFuaIqT8eHh2H&id=fbT0sjjwqP6&user=AsvpDjipATdFg9S&id=lmJ5dJHdBeMU6BjCM2&page=gEwAwD8pu	2			6.2	M	20	ZeroCERT