Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
11401	2021-08-17 14:44	2.dll 37e26534b70abd664cfed4961ad6ecbf TA551 BazarLoader UPX PE File OS Processor Check DLL PE32 VirusTotal Malware Checks debugger unpack itself					1.4	M	6	r0d

11402	2021-08-17 16:17	out.pdf 34d276c510abbf0cc876c261b0521236 PDF								JYC

11403	2021-08-17 17:11	http://edgedl.me.gvt1.com/edge... 1c8529a4577541f11238a25ce76c343e DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug AntiVM MSOffice File Code Injection exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	2	2		3.8			guest

11404	2021-08-17 17:34	vbc.exe ed42831e07a3c0a9f2240b6475f4ba3c UPX Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					1.8		15	ZeroCERT

11405	2021-08-17 17:39	kl.exe 78ce66dca7949aa8182c81b20ae321a0 RAT Generic Malware Themida Packer UPX PE File OS Processor Check .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	1		10.6		35	ZeroCERT

11406	2021-08-17 17:39	b.exe bfa3677a1d68a0b2bec0f0cba4c34416 Malicious Library Admin Tool (Sysinternals etc ...) UPX Malicious Packer PE File PE32 DLL OS Processor Check VirusTotal Malware AutoRuns Malicious Traffic Check memory Creates executable files Windows utilities suspicious process AppData folder Windows DNS DDNS	1 Keyword trend analysis	4	1		5.4		45	ZeroCERT

11407	2021-08-17 17:42	slock.exe bf7733075b871230f397db64e086783a RAT PWS .NET framework Generic Malware UPX PE File OS Processor Check .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Windows DNS Cryptographic key		1			4.0		36	ZeroCERT

11408	2021-08-17 17:42	file2.exe a59ca1678fc13f5d50ca9f90dbd61b47 RAT Generic Malware Themida Packer UPX PE File OS Processor Check .NET EXE PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key crashed	2 Keyword trend analysis	3	2	1	9.4	M	21	ZeroCERT

11409	2021-08-17 17:45	03da82f27a042bb21948e80c788097... ff2d2b1250ae2706f6550893e12a25f8 UPX Malicious Library PE File OS Processor Check PE32 VirusTotal Malware Check memory Windows crashed					2.0		27	ZeroCERT

11410	2021-08-17 17:46	Informe-NF.e.html fd2058abd94d8f368866bdfbe81bb264 AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	4 Keyword trend analysis Info https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/FileSaver.js/2.0.5/FileSaver.min.js https://cdnjs.cloudflare.com/ajax/libs/jszip/3.6.0/jszip.min.js https://cdnjs.cloudflare.com/ajax/libs/jszip-utils/0.1.0/jszip-utils.min.js	2	2		4.8	M	14	ZeroCERT

11411	2021-08-17 17:46	vbc.exe a5082cf7d178e6ecdff4b46002ab3347 UPX Malicious Library PE File OS Processor Check PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Malicious Traffic Check memory unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	10 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious .ga Domain ET INFO HTTP Request to a .ga domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET INFO DNS Query for Suspicious .ga Domain		8.2	M	20	ZeroCERT

11412	2021-08-17 17:49	emissor.NF-e2021.html bf374c1c15c6b220e02197c90c13eb7c AntiDebug AntiVM MSOffice File Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	4 Keyword trend analysis Info https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/FileSaver.js/2.0.5/FileSaver.min.js https://cdnjs.cloudflare.com/ajax/libs/jszip/3.6.0/jszip.min.js https://cdnjs.cloudflare.com/ajax/libs/jszip-utils/0.1.0/jszip-utils.min.js	2	2		4.2	M		ZeroCERT

11413	2021-08-17 17:51	uni.exe e557e609d2dddcf4ddb28062d142a5fc RAT Generic Malware Antivirus PE File PE64 VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key					6.6	M	23	ZeroCERT

11414	2021-08-17 17:53	steammaa.dll edd1183d9e947e35574ae65441444e99 RAT Generic Malware PE File .NET DLL DLL PE32 VirusTotal Malware PDB					0.8		3	ZeroCERT

11415	2021-08-17 17:53	wire_transfer_document.pdf.exe b946cbd394d1a81712df966b92439dfd PWS .NET framework Generic Malware Malicious Packer AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself					9.0	M	36	ZeroCERT