Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
11191	2021-08-11 09:37	UPDATED-08102021.PDF.exe 83f58ecf0778e3b0acca8497df23ef23 RAT PWS .NET framework email stealer BitCoin Generic Malware UPX ScreenShot Steal credential DNS SMTP KeyLogger Code injection AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer Malware download Hawkeye VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs AntiVM_Disk IP Check VM Disk Size Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key crashed keylogger	2 Keyword trend analysis	7	3		16.2	M	32	ZeroCERT

11192	2021-08-11 09:37	.csrss.exe 30df8724718778ec0589b833c8a6c9c0 Loki PWS Loki[b] Loki[m] RAT .NET framework Generic Malware DNS Socket AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName Cryptographic key Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	14.2	M	44	ZeroCERT

11193	2021-08-11 09:38	6yyEyknf 9d7ba1e90162bf7bed6e1ee46f84d812 Generic Malware Malicious Library DLL PE File PE32					0.4	M		ZeroCERT

11194	2021-08-11 09:38	CoinbaseSecureAccess.jar 104def1bf7d2ec8840d2559f9acad2be VirusTotal Malware Check memory heapspray unpack itself Java					2.0	M	2	ZeroCERT

11195	2021-08-11 09:38	h.exe fff2931f6150ad787d2bd6c951019d0b PWS Loki[b] Loki[m] RAT .NET framework Gen1 Gen2 Generic Malware UPX Malicious Packer Malicious Library DNS Socket KeyLogger HTTP Internet API ScreenShot Http API AntiDebug AntiVM .NET EXE PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Azorult VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	4	3		20.6	M	23	ZeroCERT

11196	2021-08-11 09:40	ejikezx.exe 04eacebdb55557a3ebef76c5ef9b68c1 RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	3		12.8	M	34	ZeroCERT

11197	2021-08-11 09:41	eso.exe 86bf66df2acbb1fb88db9b38c4dea746 PWS Loki[b] Loki[m] RAT .NET framework Generic Malware UPX DNS Socket KeyLogger HTTP Internet API ScreenShot Http API AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Tofsee Windows Browser ComputerName DNS Cryptographic key crashed	2 Keyword trend analysis	4	2		13.0	M	25	ZeroCERT

11198	2021-08-11 09:43	arinzezx.exe 959d99e82bfcff242d4033435dd3ab32 RAT PWS .NET framework Generic Malware UPX Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	5	3		13.2	M	20	ZeroCERT

11199	2021-08-11 09:44	EZEf5XCLAiabbua b1c148d412a5374ab2792beefbc4dd35 Generic Malware Malicious Library DLL PE File PE32 Windows crashed					1.2			ZeroCERT

11200	2021-08-11 09:45	cleareddefencebooks.txt.ps1 703ee05b31a78bfda345fca295465315 VirusTotal Malware unpack itself WriteConsoleW Windows Cryptographic key					1.2		2	ZeroCERT

11201	2021-08-11 09:45	m6F2IWIMfps a42ee8522ad6f162411e30c96e0ce3cd Generic Malware Malicious Library DLL PE File PE32 Windows crashed					1.2			ZeroCERT

11202	2021-08-11 09:46	WnlDib2kn2fw 809afea3e2994a299141ee81c5e436c8 Generic Malware Malicious Library DLL PE File PE32 Windows crashed					1.2			ZeroCERT

11203	2021-08-11 09:48	kn.exe 85641d2dfcdec2026c1c861488f86c1f RAT PWS .NET framework Generic Malware AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows DNS Cryptographic key crashed	3 Keyword trend analysis	8	2		10.8	M	23	ZeroCERT

11204	2021-08-11 09:52	lv.exe f8420cad9886537d355d8f2712a7c8da Gen1 Emotet Gen2 Malicious Library UPX Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug AutoRuns Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows		1			5.8	M		ZeroCERT

11205	2021-08-11 10:00	www.exe 3e58adab7bb36200fde8294c1702c038 RAT Generic Malware Admin Tool (Sysinternals etc ...) .NET EXE PE File PE32 VirusTotal Malware AutoRuns PDB suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName					4.0		7	ZeroCERT