Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
11176	2021-08-10 17:53	5674d7511aa1fce0a68969dc57375b... 69175b19d2a89f83fa324703eebb755b UPX Malicious Library OS Processor Check PE File PE32 PDB unpack itself DNS		1			1.6	M		ZeroCERT

11177	2021-08-10 17:56	dcc7975c8a99514da06323f0994cd7... 506695f323a3e831b28cf194e14d572a UPX Malicious Library OS Processor Check PE File PE32 PDB unpack itself					1.0	M		ZeroCERT

11178	2021-08-10 17:58	vbc.exe 2d66bba47e64a05860e1cc38ef60eefe PWS Loki[b] Loki[m] .NET framework Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Cryptographic key Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		13.0	M	30	ZeroCERT

11179	2021-08-10 17:59	askinstall5.exe baa553f1e49ce769cdece59801cf1922 Gen2 Trojan_PWS_Stealer NPKI BitCoin Credential User Data Generic Malware UPX Malicious Packer Malicious Library SQLite Cookie Anti_VM DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenS Browser Info Stealer VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Checks debugger WMI Creates executable files exploit crash unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW installed browsers check Tofsee Windows Exploit Browser ComputerName Remote Code Execution crashed	4 Keyword trend analysis	8	1	3	11.4	M	40	ZeroCERT

11180	2021-08-10 21:32	611237846402f.dll 07684da40ad79495b5db6ddcf723bd8e Generic Malware UPX Malicious Library OS Processor Check DLL PE File PE32 VirusTotal Malware PDB Check memory unpack itself Tofsee Interception ComputerName	1 Keyword trend analysis Info https://outlook.office365.com/tragli/JeFN0YgrW/72ge1K57HPfLT0V_2Bo2/xNEOvkt0nPz6Ld7W0_2/Fd5A_2B38SD5K_2BrZkIXO/vP1DDaBsBEZpi/nFFIjr82/y_2FpXXpoKGFESITR_2Fbcm/9Vmg9EPw3x/ujr996BAGYcBkxQRw/j9PzAGSA_2Fi/saoRPZU5DzQ/6Ey0JNKMyQmnwR/jwKTh1VHAc24Sc3kanHWr/oUw1lPv4pD6iqRdX/MKOFAVIzbW/Mfr.brw	7	1		2.4		7	ZeroCERT

11181	2021-08-11 09:25	us.exe 78f998a3e27a3a76480d4bc25cd37286 RAT PWS .NET framework Generic Malware AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows Cryptographic key crashed	5 Keyword trend analysis Info http://www.sabortradicion.com/glgd/?RR=RWZUdDZM2vWJGNyKWyakMM1rPTQtzSNU3Jzm3LUz16xspXtvwrI+PBSJlVTsPv0xAjpy10DH&sPX4gJ=lnRlMNFPWfi0 http://www.danielsdonuteria.com/glgd/?RR=IpIqRkOeyywi3K8x4XdnqdH9Qx+aXhYHwHTGsqzrpTB78CdxIABDUEXezTmookMwz0BXydeD&sPX4gJ=lnRlMNFPWfi0 http://www.soilhelp.com/glgd/?RR=asBy0YopPjG4dHaqcidLxAgpRjeYKvHFAx/LEx9W68MuHxQADtJpsJBj24UwIzZQ8AGX6ju+&sPX4gJ=lnRlMNFPWfi0 http://www.farendofthebench.com/glgd/?RR=svcqGWQO7MOM0XfFk+NDKL2Ww32z3qceQtZ1u2oY7ETYeE8QmVUYaDfZDsJbMwTSbwYX1aU8&sPX4gJ=lnRlMNFPWfi0 https://www.bing.com/	10	2		10.0	M		ZeroCERT

11182	2021-08-11 09:27	sunnyzx.exe 64c96d9482e68988007c36ff8d3764b1 RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	3		11.8	M		ZeroCERT

11183	2021-08-11 09:27	bigshoezx.exe ee3071fbf7d91381442734c6145a11fa RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	3		13.6	M	24	ZeroCERT

11184	2021-08-11 09:29	.wininit.exe 4a18a824aecef26f86a454b0a568ed55 RAT PWS .NET framework Generic Malware UPX Admin Tool (Sysinternals etc ...) AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key	4 Keyword trend analysis Info http://www.stearmanestates.com/ixwn/?8pz0LDE8=PkY2LXPL09alOD3qGBEF3fMC5B3U3PtoZvxzIF6+qIzE93zt01O16VYh4KmIaOIucNOJ/xa8&RP=7nEhZ26 http://www.mercaderlatino.com/ixwn/?8pz0LDE8=L568g1mOp87NP80nQPt16c90tFYgM6io8WM3AutAI5iBx5aveoyLxujEnLfB3J/R2gp75EB5&RP=7nEhZ26 http://www.welcomehotelayodhya.com/ixwn/?8pz0LDE8=qjvzSjl7skD9Hg/8/n8Cjg31FU6b/JFZWSvkm31TtA5hAOK5pyCZait3i2aR747SMvjLcBRa&RP=7nEhZ26 http://www.ranchodelacruzvs.com/ixwn/?8pz0LDE8=/krYhVSoSpWYzjtDe6t1nk6sKYh5ZS2LRlcBEA7Sxn2y4uPoi5a4H6+Aay2be7O4TiE84hcX&RP=7nEhZ26	11 Info www.welcomehotelayodhya.com(34.102.136.180) www.ranchodelacruzvs.com(34.102.136.180) www.shmily.life(204.152.210.2) www.mercaderlatino.com(66.70.196.224) www.randomwebdeal.com() www.stearmanestates.com(23.82.12.29) www.clansix.xyz() 66.70.196.224 212.32.237.92 - mailcious 34.102.136.180 - mailcious 204.152.210.2	2		9.2	M	21	ZeroCERT

11185	2021-08-11 09:29	tooltipred.png 6ce7c1cb6f680530d26e6035c2adfaa9 Emotet UPX Malicious Library OS Processor Check PE File PE32 Dridex TrickBot Malware Report suspicious privilege Malicious Traffic buffers extracted unpack itself Check virtual network interfaces suspicious process Kovter ComputerName Remote Code Execution DNS crashed	1 Keyword trend analysis	5	3		5.0			ZeroCERT

11186	2021-08-11 09:31	Vidik.exe b28d42046580408265054e460886c110 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself					1.8	M	22	ZeroCERT

11187	2021-08-11 09:32	vbc.exe 7107c22585cca5ac62b9fe39dbd9daaa RAT Generic Malware Admin Tool (Sysinternals etc ...) Antivirus AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download VirusTotal Malware powershell Buffer PE PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process Windows ComputerName DNS Cryptographic key	10 Keyword trend analysis Info http://www.closingdesk.net/att3/?KthP4=GsT/GE4yQym50NkzpnDYpUFWFP0JBGMx2Io5jh4kUE+zUkmY0A2BqVjN4Z5OnoQKtrELn3gs&XvLHH=z8oHspOXAT http://www.eating4mentalhealth.com/att3/?KthP4=NGHqP/WmY43AEEmby83dM/CZnK2YQu/3UaoZMnoqWhU3VwpL/zIDj6H84r9j8abI7+jqJZ5f&XvLHH=z8oHspOXAT http://www.otherneeds.com/att3/?KthP4=2ckD7tohQe+TRCnFutacO/ftpwr3/NA0my0Fr3tbR8W2BRYcNOFAv3ITtYYvnQSOvtCCZiHB&XvLHH=z8oHspOXAT http://www.advancedrecyclinginc.com/att3/?KthP4=zLvVfZQvvpIAsaq9rSGGcBUvJapcJdtSr/7laRWsFiVuVy1Z5Gm9+7C9CH2noid3L+TUKmAb&XvLHH=z8oHspOXAT http://www.thameensa.com/att3/?KthP4=HafOlTTWHUE9rCc9yof1pQPG6Pw7b9BUglHuAcvcO1fyzne8j05tmsXHQP7egYr5eU/TT1lf&XvLHH=z8oHspOXAT http://www.travelscappadocia.com/att3/?KthP4=+5e0lDgeNLVRHwnIiwJ5eoDVaUzG8FsHDr0RYq+9Lz8oFts6A/WK7WX14JwcdZ8zKJMLh9gr&XvLHH=z8oHspOXAT http://www.seedmanusa.com/att3/?KthP4=bl1/oe+By879MNRbO0zvdm9HRh+Lq3wOy0iwYsoyTqoS2GCIFufS4ceb6qA2Lb+dYg0Ake5H&XvLHH=z8oHspOXAT http://www.arkhuman.com/att3/?KthP4=IrwlC2cb1N3pmdGXWpuqfoz51285d0czL0T3TYzestP/hjZ/V7YBRrtaH/VOTaIb23oo6eax&XvLHH=z8oHspOXAT http://www.womenshealthnewyork.com/att3/?KthP4=v+1cRGoWU9EaeIHTng3tsxrZlljsY6RwA5zikQjpgr7vKHCXQvUt7mc8QmtxbIQCe5o1gbTQ&XvLHH=z8oHspOXAT http://www.quisroyalfactory.com/att3/?KthP4=zWFlTFAKSu1EkaVo/5prGFM9KihehIlfEQ5DNKVrF5OhOZVRDFOZboyqEzXvzBtQqvNZrwvf&XvLHH=z8oHspOXAT	21 Info www.closingdesk.net(209.99.40.222) www.cnaiyouyue.com() www.advancedrecyclinginc.com(184.168.131.241) www.quisroyalfactory.com(23.227.38.74) www.eating4mentalhealth.com(184.168.131.241) www.seedmanusa.com(34.102.136.180) www.bifboawdq.icu() www.herobet147.com() www.arkhuman.com(199.59.242.153) www.womenshealthnewyork.com(54.185.178.6) www.travelscappadocia.com(182.50.132.242) www.thameensa.com(52.59.120.70) www.otherneeds.com(34.102.136.180) 184.168.131.241 - mailcious 18.197.248.23 209.99.40.222 - mailcious 34.102.136.180 - mailcious 199.59.242.153 - mailcious 182.50.132.242 - mailcious 23.227.38.74 - mailcious 54.185.178.6	2		11.0	M	28	ZeroCERT

11188	2021-08-11 09:34	vc.exe 5615be335807b5eb2d4c9f59f5f914dd RAT PWS .NET framework Generic Malware UPX AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows DNS Cryptographic key crashed	4 Keyword trend analysis Info http://www.startfortoday.com/glgd/?k2MHoV=0MHzMxpJH4rILertVw/6MkQ8XgJjg7Igm9BaWXqz5e9JsR+Gvn2wWzdV9N9x+I11yW/2pRBs&tXR=NZiHaP http://www.tiny-tobi.com/glgd/?k2MHoV=Tf3VOJhMPEKSFVG4lRUL1GzDFZ6CZBEdr5MR7bq2IBxaGKCn7xrLB1FW9dPQYXeSruzHPx7P&tXR=NZiHaP http://www.southernedgewaterdesigns.com/glgd/?k2MHoV=LmTpLul+ArKV8Uwki1jSQCkGp6Aq6ai3+ySGBIz1ozwHhyIBPM/T1rbH77EFyn0FPiGQCryP&tXR=NZiHaP https://www.bing.com/	8	2		11.4		29	ZeroCERT

11189	2021-08-11 09:35	vbc.exe 100c39652e8851d14fdb2a4996fa1341 UPX Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File PE32 FormBook Emotet Malware download VirusTotal Malware Buffer PE AutoRuns Code Injection Malicious Traffic buffers extracted Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName DNS	15 Keyword trend analysis Info http://www.besport24.com/6mam/?rN=G66iPt+xvrTiSrnWMSNY3jIG1auw/RAx4P7alq3BxDAHCc2pRDbTwTzLPU1dODy6kKEhnUhc&Tx=XXaL1 - rule_id: 3890 http://www.adenxsdesign.com/6mam/?rN=tU44klL44EKqmodFv/jg5nrIY8m9SPufik0gg789I5xKoKlf2FGRw1yhbPhqQNhokqqERcg/&Tx=XXaL1 http://www.riveraitc.com/6mam/?rN=SnhjisI499lOsf3YfO532EwcXneBDaw7KeLS1bDcRf/9DFIScc8FKAxpINBYBIfoUHjDmPpQ&Tx=XXaL1 http://www.amazebrowser.com/6mam/?rN=bdYiy4dFQ1FKdK0RHZb8AKGKI6CI94rlWbRWgupG1OIMQwt3tgAXT6Nv0jCitXCfOrToZzYc&Tx=XXaL1 http://www.aladinfarma.com/6mam/?rN=udSG7fe6GY9zo7ZKy45gsyroZuOYrS4qDm5Wf1a6lEkS7UZsR2SStIdy4f3tNkj1uIyko7Uw&Tx=XXaL1 - rule_id: 3892 http://www.mylifeinpark.com/6mam/?rN=djxA7LmKh1Tu4y37ItMqg4jKcWhO49sHA3kvexLhBIUDaV9dSBVXhkalQfoX2m3vAXrXaW3C&Tx=XXaL1 http://www.ilovemehoodie.com/6mam/?rN=WcJFy0FDyb1eQp1HHEDezlfsnB+bgSZ9M5sCd3/XEWVbVLaHwBgyDt5AxetLVNVTX35rQb0V&Tx=XXaL1 http://www.mobiessence.com/6mam/?rN=KE8gpfUGztMVNWKMFV5goIwNmc44LE6Oi+XDAS05rkp2RTHle1NPjBrPfhHuDJ31Wqk/Ne1S&Tx=XXaL1 - rule_id: 3578 http://www.elglink99.com/6mam/?rN=SLcUjScG5RnOVZMPBoDDz2hKjpXj+iqBcro/vPi5ifNBMfCnXfAsQjLgCQAIbn3ZI+l2ZT4E&Tx=XXaL1 http://www.microwgreens.com/6mam/?rN=spZCZghFvseg75dRXNIXCw7EhslI35bACWKDdbchv3V0SWgn9001kbyKAZoOQB4eJhmoZDU8&Tx=XXaL1 http://www.genesysshop.com/6mam/?rN=gbNVLwi1vO2ZsTKwdijolRE+nd+f4bOFGjLO6oLWdkpAXgcu19jDQ9iXEv77aHIk6xstCEEF&Tx=XXaL1 http://www.hangrylocal.com/6mam/?rN=36qA+yJVADGSjIyrRZyWBcFzu3O8ymRgUV+yI2TLFgVmL4h8KOdnmVSSS6y/UW1rmq4ZtmEu&Tx=XXaL1 https://onedrive.live.com/download?cid=7AD84143EE0A85E3&resid=7AD84143EE0A85E3%21119&authkey=AHwDCm0rHA_Fdq0 https://pxq5zw.sn.files.1drv.com/y4myzjDL3Z-3YxdLKyKcGO-zUi33HcVwHpWr51jFLOPEYUTb9L0MeV0Q57O01geu8Y4UdFYfK507PGXsVnoxLf8UugUWnThmtUDbATUqz_CMUCzrkNL9zh4F9yrvRfCSP3jInFCjf3azhDWQ9Qo6wPJqr8pZZ6fijXRUPyE-fC-Z2AlLUb_6LO_TW14Ae7dwaS-QceiWUVgtNTphkg30A4OIA/Dxpdkclrjdrejcszbcdvtqsvfzlnpaa?download&psid=1 https://pxq5zw.sn.files.1drv.com/y4mcZwEs0Fkycahq9lyprkiGjz1qGCE-GcaPdlOrH38LMa-5PibJkjvGEh-ONPJYG0qLMLL1X07PhjqnFtLNDsO9zIJxpCDz7OgzTiNDP3W77yb6ShN2X4khXphOq41piagMu1AmGUQDMn7oUZQYZVkJ4s1RQdT4WCd0cpzqqvsxM4w6UGw6RRtOx_8qrTZPyUfC4GnP_sSq0bX8uXprvPkyQ/Dxpdkclrjdrejcszbcdvtqsvfzlnpaa?download&psid=1	29 Info www.opticatervisof.com() www.elglink99.com(199.59.242.153) onedrive.live.com(13.107.42.13) - mailcious www.mobiessence.com(52.58.78.16) www.adenxsdesign.com(217.160.0.46) www.mylifeinpark.com(35.186.238.101) www.uniamaa.com() www.amazebrowser.com(199.115.115.118) www.hangrylocal.com(52.58.78.16) www.aladinfarma.com(81.95.96.29) www.riveraitc.com(23.227.38.74) pxq5zw.sn.files.1drv.com(13.107.42.12) www.besport24.com(51.83.52.226) www.microwgreens.com(78.135.107.25) www.ilovemehoodie.com(23.227.38.74) www.genesysshop.com(34.102.136.180) 35.186.238.101 - mailcious 52.58.78.16 - mailcious 37.48.65.150 13.107.42.13 - mailcious 13.107.42.12 - malware 34.102.136.180 - mailcious 199.59.242.153 - mailcious 217.160.0.46 - mailcious 81.95.96.29 - mailcious 23.227.38.74 - mailcious 78.135.107.25 172.67.188.154 51.83.52.226 - mailcious	2	3	12.0	M	31	ZeroCERT

11190	2021-08-11 09:35	vbc.exe febb47ebfc843b8152c26ab3382ea059 AgentTesla RAT PWS .NET framework Gen2 Emotet Gen1 Formbook CryptBot browser info stealer Generic Malware NSIS Google Chrome User Data UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer Antivirus Anti_VM Socket Create Service Sniff A Browser Info Stealer VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Checks Bios Detects VirtualBox suspicious process AppData folder WriteConsoleW VMware anti-virtualization installed browsers check Windows Browser ComputerName DNS Cryptographic key Software		1			17.8	M	55	ZeroCERT