Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10876	2021-08-04 17:06	vbc.exe 37e56fd28b4cb77dfbe3164dd3a92cfa RAT Generic Malware UPX Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1		11.8		14	ZeroCERT

10877	2021-08-04 17:07	.svchost.exe 177cda5816d2c89f89a888d821b7cfdc Generic Malware Malicious Packer UPX PE File PE32 VirusTotal Malware RWX flags setting unpack itself					1.6		8	ZeroCERT

10878	2021-08-04 17:07	whesilox.exe 53aef228cd00d59916a1b375fe86e9cf Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Windows ComputerName DNS Cryptographic key DDNS	1 Keyword trend analysis	2	2		10.2		26	ZeroCERT

10879	2021-08-04 17:08	New_0228_02101111.exe 479de94fbadd83fce799ed3389da1ce5 RAT Generic Malware UPX AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI RWX flags setting unpack itself Windows ComputerName crashed					9.4		24	ZeroCERT

10880	2021-08-04 17:09	vbc.exe 6bcba75d52cd82860fab21de5e8f4360 UPX Malicious Library PE File PE32 PDB unpack itself					1.4			ZeroCERT

10881	2021-08-04 17:09	bypass.txt.ps1 439d01812f15c89cd8c5f5c9b9b9dbec Antivirus VirusTotal Malware unpack itself WriteConsoleW Windows Cryptographic key					1.2		2	ZeroCERT

10882	2021-08-04 17:10	vbc.exe c2bd160e08dec3da08a4af740f3c6d15 UPX Malicious Library PE File OS Processor Check PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Malicious Traffic Check memory unpack itself installed browsers check Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	1	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2	1	8.6	M	21	ZeroCERT

10883	2021-08-04 17:12	0408202100804.exe 59b8078b06f848735b12ef8b0467859a PWS .NET framework RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	3	1		11.8		33	ZeroCERT

10884	2021-08-04 17:14	virus.exe aca0004a4766b519594f96f0e6dd297c Malicious Packer UPX Malicious Library PE File PE32 VirusTotal Malware AutoRuns suspicious privilege Creates executable files unpack itself Windows utilities suspicious process Windows					5.8		63	ZeroCERT

10885	2021-08-04 17:25	nva.exe 9486fe80718f69b103e1166e32ca5621 PWS Loki[b] Loki[m] RAT Generic Malware DNS KeyLogger ScreenShot DGA Socket Create Service Sniff Audio Escalate priviledges Code injection HTTP Internet API FTP Http API Steal credential Downloader P2P AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities WriteConsoleW Windows DNS DDNS crashed		1	1		10.0		53	ZeroCERT

10886	2021-08-04 17:26	nva.exe d50c5edad1478a183e7216b0a94bd215 PWS Loki[b] Loki[m] RAT Generic Malware UPX DNS KeyLogger ScreenShot DGA Socket Create Service Sniff Audio Escalate priviledges Code injection HTTP Internet API FTP Http API Steal credential Downloader P2P AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities WriteConsoleW Windows DNS DDNS crashed		1	1		9.6		25	ZeroCERT

10887	2021-08-04 17:31	student-cctv-video(private).ex... dbd37b8c044a27ec8008c6489231075f AgentTesla email stealer browser info stealer Google Chrome User Data UPX Malicious Library DNS Socket KeyLogger Code injection ScreenShot persistence AntiDebug AntiVM PE File OS Processor Check PE32 VirusTotal Malware AutoRuns PDB Code Injection Check memory buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS		1			9.6		43	ZeroCERT

10888	2021-08-04 17:31	termination-letter-college.doc... 74fa8961827639d1b481a4eea50863e5 VBA_macro Vulnerability VirusTotal Malware unpack itself					2.6		26	ZeroCERT

10889	2021-08-04 17:51	termination-letter-college.doc... 74fa8961827639d1b481a4eea50863e5 VBA_macro GIF Format VirusTotal Malware Creates shortcut Creates executable files RWX flags setting unpack itself Tofsee	1 Keyword trend analysis	2	2		3.8		26	ZeroCERT

10890	2021-08-05 07:50	ongod.exe 2254a05b64b7f1b84739aa01888e1d0d PWS .NET framework RAT Generic Malware UPX Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key					2.6		42	ZeroCERT