Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
11011	2023-08-04 09:07	ohoyeczx.exe f3ba23553ad0411c937414c4de068c5b Gen1 email stealer Downloader UPX .NET framework(MSIL) Malicious Packer Malicious Library Escalate priviledges PWS DNS Code injection persistence KeyLogger AntiDebug AntiVM OS Processor Check .NET EXE PE File PE32 DLL Browser Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key crashed		1		14.4	M	15	ZeroCERT

11012	2023-08-04 09:06	012004040003030030%23%23%23%23... 9196f5d37dd1750c7ab2ea6becaddbb9 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed	6 Keyword trend analysis Info http://www.eturnum.org/et9t/?XFkk=oGB2a62R5hQvo2E9fBkXawOuNKj3Dek6/gk22RSM/jZ849uvwjkHsue2s///UvCqJC6xkWcBqYeWgpc71Q83w80Z1Wi48i4g+hNU7Ic=&25vCm=ziVcI1CGgxu http://www.sqlite.org/2020/sqlite-dll-win32-x86-3310000.zip http://www.eturnum.org/et9t/ http://23.94.148.61/800/ChromeSetup.exe http://www.sdrfgjf04.sbs/et9t/ http://www.sdrfgjf04.sbs/et9t/?XFkk=fyGICc5TieCCYxLA9A3YXfgdgdyUYVbgq7FJ/PFTCWHsrK2PzodQNgOuC22hjbDQxS9NYwBdAOx0BZ+otaqny3v5VddjKMYrJbXKRJI=&25vCm=ziVcI1CGgxu	8	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5.6	M	16	ZeroCERT

11013	2023-08-04 09:05	update_SC.bat 9d383592178e4a3170a1e8e4772749ba Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API FTP KeyLogger Anti_VM AntiDebug AntiVM VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key				4.4		3	ZeroCERT

11014	2023-08-04 09:04	ChromeSetup.exe 1ef8e255010d20c6343df3670cce06e6 Generic Malware .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed		2	2	13.4	M	29	ZeroCERT

11015	2023-08-04 09:03	a.bat e9da2dbc0577f419fcafa37a6b5a3faa Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API FTP KeyLogger Anti_VM AntiDebug AntiVM VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key				4.4		5	ZeroCERT

11016	2023-08-04 09:02	IB_iso.exe d27e13ce5271639c09cf59b9f6eaee10 NSIS UPX Malicious Library PE File PE32 DLL FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files ICMP traffic unpack itself AppData folder suspicious TLD DNS	2 Keyword trend analysis	7	2	5.8	M	41	ZeroCERT

11017	2023-08-04 09:02	ChromeSetup.exe 4bf3697cc2dc73c5a4f5e9d66444d87d NSIS Generic Malware UPX Malicious Library PE File PE32 DLL VirusTotal Malware AppData folder				1.4	M	21	ZeroCERT

11018	2023-08-04 09:00	000100000200003000004000050000... 4d3e4367bfd1e8e2adb2d90cd5f07399 MS_RTF_Obfuscation_Objects RTF File doc LokiBot Malware download VirusTotal Malware c&c Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed	2 Keyword trend analysis	2	12 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	4.8	M	29	ZeroCERT

11019	2023-08-04 08:59	ChromeSetups.exe 1892d8096709dd77655414e73ad6d25f UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself Remote Code Execution				2.2	M	44	ZeroCERT

11020	2023-08-04 08:58	IBS_Cortana.exe 9cd26ed910554ae5b86e53ef892e7117 UPX Malicious Library PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Windows crashed				3.4	M	30	ZeroCERT

11021	2023-08-04 08:57	utilsx.exe 413157ad1210bff496058fb2d23269c3 UPX Malicious Library PE64 PE File VirusTotal Malware Creates executable files Windows utilities WriteConsoleW Windows				3.0	M	29	ZeroCERT

11022	2023-08-03 16:52	mount_U (1).cmd 589178271568a61598725543f1d56d47 Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API FTP KeyLogger AntiDebug AntiVM Check memory Windows utilities Check virtual network interfaces WriteConsoleW Windows	1 Keyword trend analysis	2		3.0			guest

11023	2023-08-03 14:07	smss.exe 6308cc22d136d3cc309205ca43233bec Malicious Library PE64 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself				2.6	M	43	ZeroCERT

11024	2023-08-03 13:57	pablozx.doc 1ed1a3c75c699312d7ecffaf02f7cfb8 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed	1 Keyword trend analysis	2	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.6	M	32	ZeroCERT

11025	2023-08-03 13:53	000000000000232000000000%23%23... eb72c1d5f5426be6a2def8a3c9beed24 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed	1 Keyword trend analysis	2	1	4.2	M	33	ZeroCERT