Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
11476	2021-08-18 18:51	file10.exe c106958e5fba3a3eb8c94656bc6dedf6 RAT PWS .NET framework Generic Malware UPX PE File OS Processor Check .NET EXE PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key crashed	2 Keyword trend analysis	3	1		6.8	M	47	ZeroCERT

11477	2021-08-18 18:56	file3n.exe 4d2881108d102f5bdc0fc292f0d123c0 NPKI Gen2 Gen1 UPX Malicious Library AntiDebug AntiVM PE File OS Processor Check PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces WriteConsoleW installed browsers check Tofsee Windows Browser ComputerName Cryptographic key Software crashed	2 Keyword trend analysis	4	2		15.4	M	20	ZeroCERT

11478	2021-08-18 18:58	35d427_02df7f9ae2d74130872a6c4... e61641b2f563a8a0e2866300c18b5864 Anti_VM ScreenShot AntiDebug AntiVM VirusTotal Malware Check memory unpack itself					1.4	M	4	ZeroCERT

11479	2021-08-18 18:59	bsnaw83e8cf2a243447619488f24e8... 296686ae5812e910d79d472f6db4f00d Emotet Gen1 UPX Malicious Library AntiDebug AntiVM PE File OS Processor Check DLL PE32 Dridex TrickBot VirusTotal Malware Report suspicious privilege Code Injection Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself Check virtual network interfaces suspicious process IP Check Kovter ComputerName DNS crashed	24 Keyword trend analysis Info http://api.ipify.org/?format=text https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/14/pwgrabc/sTart%20Run%20D%20failed/0/ - rule_id: 4163 https://179.189.229.254/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/zF5zHLV9nBzvVHjFPdZjvLx/ https://221.147.172.5/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/5/pwgrabc64/ https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/10/62/ZVNJTVDPHZFVJVT/7/ - rule_id: 4163 https://24.162.214.166/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/h8zlsX8sa38PHhoy/ https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/23/100019/ - rule_id: 4163 https://179.189.229.254/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/14/path/C:%5CUsers%5Ctest22%5CAppData%5CRoaming%5CArhCat73DPHX%5Cxbbsnaw83e8cf2a243447619488f24e84d65eb5nl.dmo/0/ https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/10/62/286902/0/ - rule_id: 4163 https://46.99.175.217/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/LK2c37b09qxNBUkpLCrYdxdkz7tfut6M/ https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/5/file/ - rule_id: 4163 https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/10/62/CVMRSJRCBP/7/ - rule_id: 4163 https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/hl9JBBpXZ7jPlvflrH1hT/ - rule_id: 4163 https://24.162.214.166/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/10/62/RYNKRQCNNCUY/7/ https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/1/7J3JXVPFjlzld5JHRlJjP3z/ - rule_id: 4163 https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/14/NAT%20status/client%20is%20behind%20NAT/0/ - rule_id: 4163 https://105.27.205.34/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/5/pwgrabb64/ - rule_id: 4162 https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/14/DNSBL/listed/0/ - rule_id: 4163 https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/14/exc/E:%200xc0000005%20A:%200x0000000077919A5A/0/ - rule_id: 4163 https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/WByrVNYXwVS0xvipEFhPw6UY5D/ - rule_id: 4163 https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/14/networkDll64/reload1/0/ - rule_id: 4163 https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/1/YkrUQD7ewgKNrHyiATlvSD2usH/ - rule_id: 4163 https://60.51.47.65/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/14/user/test22/0/ - rule_id: 4163 https://221.147.172.5/rob122/TEST22-PC_W617601.99307735BA11F0E33B6B5DD6287F4F23/5/networkDll64/	14 Info 150.134.208.175.b.barracudacentral.org(127.0.0.2) api.ipify.org(50.16.238.218) 150.134.208.175.cbl.abuseat.org() 150.134.208.175.zen.spamhaus.org() 105.27.205.34 - mailcious 46.99.175.217 - mailcious 179.189.229.254 - mailcious 50.16.238.218 5.152.175.57 - mailcious 221.147.172.5 65.152.201.203 - mailcious 60.51.47.65 - mailcious 79.106.115.107 - mailcious 24.162.214.166 - mailcious	5	16 Info https://60.51.47.65/rob122/ https://60.51.47.65/rob122/ https://60.51.47.65/rob122/ https://60.51.47.65/rob122/ https://60.51.47.65/rob122/ https://60.51.47.65/rob122/ https://60.51.47.65/rob122/ https://60.51.47.65/rob122/ https://60.51.47.65/rob122/ https://105.27.205.34/rob122/ https://60.51.47.65/rob122/ https://60.51.47.65/rob122/ https://60.51.47.65/rob122/ https://60.51.47.65/rob122/ https://60.51.47.65/rob122/ https://60.51.47.65/rob122/	12.2	M	22	ZeroCERT

11480	2021-08-18 19:00	savesHostPerfMonitorsvc.exe b0911330bf6db7b5d323cccda7457860 RAT Generic Malware UPX Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File OS Processor Check .NET EXE VirusTotal Malware AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName crashed					7.8	M	38	ZeroCERT

11481	2021-08-18 19:02	file2.exe 8f9c8dabd78ad4f06fe12596975e0db2 BitCoin Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName Cryptographic key Software crashed	2 Keyword trend analysis	4	2		11.6	M	12	ZeroCERT

11482	2021-08-18 19:04	sap.exe a8a72189040cc9fb13fec0abe1abc22f PWS .NET framework Generic Malware PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key					2.0	M	18	ZeroCERT

11483	2021-08-18 19:07	@lolmine4.exe 3865bb17034013ccddce607af7b2438b RAT PWS .NET framework Generic Malware UPX PE File OS Processor Check .NET EXE PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key crashed	2 Keyword trend analysis	3	2		6.8	M	41	ZeroCERT

11484	2021-08-18 19:09	tooltipred.png 2e5f350d80531e31ce105ea6a0b4fa0d Emotet Gen1 UPX Malicious Library PE File PE32 Dridex TrickBot Malware suspicious privilege Malicious Traffic buffers extracted unpack itself Check virtual network interfaces suspicious process Kovter ComputerName Remote Code Execution DNS crashed	1 Keyword trend analysis	5	2		6.0	M		ZeroCERT

11485	2021-08-18 19:11	file1.exe aab4176b379be4eda492afc8a3d0cee1 RAT PWS .NET framework BitCoin Generic Malware UPX SMTP AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key crashed	2 Keyword trend analysis	3	2		12.2	M	41	ZeroCERT

11486	2021-08-19 09:36	catzx.exe b0213584055176e6ce9a3650c73f8a68 Generic Malware Admin Tool (Sysinternals etc ...) DNS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS		1	1		14.6	M	35	ZeroCERT

11487	2021-08-19 09:38	fdthirteen.exe cb907717f5263c3a5f968f7f1e516b9e PWS Loki[b] Loki.m RAT .NET framework Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName Cryptographic key Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2		13.6	M	42	ZeroCERT

11488	2021-08-19 09:39	WARZONE.exe 56be1905fba872d1fc768ee8451f9155 Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName Cryptographic key Software crashed keylogger					12.0	M	36	ZeroCERT

11489	2021-08-19 09:41	CHARLES.exe e1ed5d36eee3e84e65577c3b139004c6 AgentTesla backdoor RemcosRAT browser info stealer Google Chrome User Data UPX Malicious Library Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http VirusTotal Malware AutoRuns Code Injection Check memory Creates executable files Windows utilities malicious URLs WriteConsoleW Windows DNS DDNS		2	1		8.0	M	60	ZeroCERT

11490	2021-08-19 09:41	StaggardGumminess_2021-08-18_1... 2a912094990f0e2d815c6171aa612f4a UPX Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					2.2	M	30	ZeroCERT