Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
11356	2021-08-16 10:40	unknown.exe c82d1c3b051608e96dc6a2e08612080c RAT PWS .NET framework Generic Malware UPX PE File OS Processor Check .NET EXE PE32 Browser Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName Cryptographic key crashed	2 Keyword trend analysis	4	1	1	5.4	M		ZeroCERT

11357	2021-08-16 10:42	JoSetp.exe 93b71fada8f1a1d612ba00c5e32d76b1 RAT Generic Malware PE File .NET EXE PE32 PE64 AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName					4.8			ZeroCERT

11358	2021-08-16 10:42	AcrobatDC.exe aba32a475dcafdf4c6357205803e4cc0 Generic Malware Antivirus AntiDebug AntiVM PE File .NET EXE PE32 Malware download NetWireRC VirusTotal Malware powershell Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files ICMP traffic unpack itself Windows utilities suspicious process WriteConsoleW BitRAT Windows ComputerName Cryptographic key crashed keylogger		4	2		15.8	M	34	ZeroCERT

11359	2021-08-16 10:45	file.exe 7eb6505eaf18fd1b29a09f3c52a4f678 UPX Malicious Library AntiDebug AntiVM PE File OS Processor Check PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces WriteConsoleW installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	5	2		16.4	M	15	ZeroCERT

11360	2021-08-16 10:46	testingcrypta.exe 69ad94630f3e0bf328ddee4b54e3f057 RAT PWS .NET framework Generic Malware PE File .NET EXE PE32 VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself ComputerName					2.8	M	52	ZeroCERT

11361	2021-08-16 10:49	fw4.exe e3e9e202fbe8ddff674ab73c728a7c89 UPX Malicious Library PE File OS Processor Check PE32 VirusTotal Malware unpack itself					1.4	M	38	ZeroCERT

11362	2021-08-16 11:04	LabelTEXT.txt.html 4c5ef42b7b79c802e416448ded85c52b Generic Malware VirusTotal Malware crashed					0.8		15	ZeroCERT

11363	2021-08-16 11:32	LabelTEXT.txt.html 4c5ef42b7b79c802e416448ded85c52b Generic Malware Antivirus AntiDebug AntiVM VirusTotal Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process Windows ComputerName Cryptographic key	1 Keyword trend analysis	1			5.6		15	ZeroCERT

11364	2021-08-16 17:07	BattingsTruncate_2021-08-15_17... ed55b31cd1e8ce41e33d6fc8bd4540b7 UPX Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.2		24	ZeroCERT

11365	2021-08-16 17:07	clr.exe 508167b2c34732f05f11f2531b2498a2 NPKI Generic Malware Malicious Packer Anti_VM UPX Malicious Library PE File PE64 VirusTotal Malware unpack itself					1.8		13	ZeroCERT

11366	2021-08-16 17:10	vbc.exe e62d40e9bd1eeab66cb3c781d543b64f UPX Malicious Library PE File OS Processor Check PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory unpack itself installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .ml Domain ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious .ml Domain ET INFO HTTP Request to a .ml domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		7.4	M	29	ZeroCERT

11367	2021-08-16 17:10	louises.exe b73776df4ad9e9763950e26d35f35311 NPKI RAT Generic Malware Malicious Library UPX DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug AntiVM P Browser Info Stealer FTP Client Info Stealer VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	4	2	1	13.2	M	23	ZeroCERT

11368	2021-08-16 17:13	bin.exe c04f6348e7b59525aa07c2cff05891ce Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	16 Keyword trend analysis Info http://www.77k6tgikpbs39.net/n8ba/ http://www.revenueremedyintensive.com/n8ba/ http://www.backtothesimplethings.com/n8ba/?DbG=xPi5BDAtN164TC5fR/YHv5A7cLya1z2oKd7qTfbpeU/RmLs8x5l99M9VFgsqQjT/mjAeNsxH&QZ0=ehutZJ_xFDE4-J http://www.77k6tgikpbs39.net/n8ba/?DbG=RtTzTU3TYCJ9InQDD9LSAzrYY/u3W4uB/I26NcaQBFhoVTbvwK5wRjd6LNsy02kDp7Xu5STA&QZ0=ehutZJ_xFDE4-J http://www.jwpropertiestn.com/n8ba/ http://www.theredcymbalsco.com/n8ba/ http://www.narrowpathwc.com/n8ba/?DbG=RqoVB/kTevwYNrpQ68VGCKAD0SwVXhGBA25gncTDeHVSc/TtzgJJgXlZbrh2RaVrYM4D7bqC&QZ0=ehutZJ_xFDE4-J http://www.wintonplaceoh.com/n8ba/?DbG=AVTd1ZN4UWfa3pMJYW+9mBRbWrEnsObc4GxuOgTv+oU74bastT2cYQ1nQ05mxdjtjivpiZLt&QZ0=ehutZJ_xFDE4-J http://www.wintonplaceoh.com/n8ba/ http://www.lovebirdsgifts.com/n8ba/ http://www.narrowpathwc.com/n8ba/ http://www.theredcymbalsco.com/n8ba/?DbG=9vokcWjtebBvVvQIm09VADFSZD35cLZafvs2RAD44ecvqP5w34gv75tdUdLM9TjFHQmC7+ER&QZ0=ehutZJ_xFDE4-J http://www.revenueremedyintensive.com/n8ba/?DbG=fjeLxrlSEmxa2v6Iswzjwnp9Wxx3OUlSu0eu4rQFB14R0a5Bf9lkAiD4eJRBXMjz+ES00FjE&QZ0=ehutZJ_xFDE4-J http://www.jwpropertiestn.com/n8ba/?DbG=iMNnVuY89oKM10l9tPU+imZoGlggyOcz8eg49RCofBwHfpsW2i76gWArogbU3aUeVu/gQ7ID&QZ0=ehutZJ_xFDE4-J http://www.backtothesimplethings.com/n8ba/ http://www.lovebirdsgifts.com/n8ba/?DbG=oiX0BtPaohd4yUWgi2fqZtos1OZweULA7b8umTfs2FuW0w1nHJyzCnpMFCunVwxOw3eqbn8k&QZ0=ehutZJ_xFDE4-J	18 Info www.shopliyonamaaghin.net() www.lostbikeproject.com() www.wintonplaceoh.com(198.71.233.107) www.revenueremedyintensive.com(34.102.136.180) www.77k6tgikpbs39.net(103.120.14.249) www.lovebirdsgifts.com(23.227.38.74) www.jwpropertiestn.com(208.91.197.27) www.backtothesimplethings.com(47.245.33.84) www.theredcymbalsco.com(184.168.131.241) www.narrowpathwc.com(182.50.132.242) 198.71.233.107 - mailcious 47.245.33.84 184.168.131.241 - mailcious 208.91.197.27 - mailcious 34.102.136.180 - mailcious 182.50.132.242 - mailcious 23.227.38.74 - mailcious 103.120.14.249	1		7.8	M		ZeroCERT

11369	2021-08-16 17:14	se1.exe 30a64c61e75d116f706c23f451abaca5 Gen1 Gen2 Generic Malware UPX Malicious Library Malicious Packer PDF PE File PE32 PNG Format DLL .NET DLL OS Processor Check VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files ICMP traffic unpack itself AppData folder AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Tofsee Browser ComputerName	4 Keyword trend analysis	4	2		7.2		24	ZeroCERT

11370	2021-08-16 17:14	fileT.exe b5f49db3a9a421773d2eeade6f52bb33 UPX Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.4		37	ZeroCERT