Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
11611	2023-07-12 07:38	pablozx.exe ca24c99f8463d5c9a7b696bd364e7547 LokiBot Generic Malware .NET framework(MSIL) Antivirus Socket PWS DNS AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response		15.4		32	ZeroCERT

11612	2023-07-12 07:35	mpomzx.exe 23d9fbc39ec74f969e07953b833a1679 AgentTesla Generic Malware Antivirus PWS SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed					12.6	M	50	ZeroCERT

11613	2023-07-12 07:33	win.exe 4db28116d59c1667b312039549196abb UPX Malicious Library PE File PE32 DLL PNG Format VirusTotal Malware Check memory Creates executable files unpack itself AppData folder					2.4	M	22	ZeroCERT

11614	2023-07-12 07:33	KHW.exe 9fba2532f5509e75359b0b5adbad9da6 PWS SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed		4	4		14.0		38	ZeroCERT

11615	2023-07-12 07:32	wins.exe 5ee9e77231b275cafb560643b6254ef2 Generic Malware Antivirus .NET EXE PE File PE32 VirusTotal Malware powershell PDB suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					8.0		20	ZeroCERT

11616	2023-07-12 07:29	lt2.1.exe 86faedbcbc10593066fe8bfe81eecb0a .NET framework(MSIL) .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself					2.2		33	ZeroCERT

11617	2023-07-11 18:54	USDT.exe b9ade4e25308a1bfe4a8e4d9433937ba AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed		3	2		3.8			ZeroCERT

11618	2023-07-11 18:51	worldperform.exe 5b5fd4b5ce374372b49e7cc0da6f0e4c Gen1 Emotet Malicious Library UPX Malicious Packer .NET framework(MSIL) CAB PE64 PE File OS Processor Check .NET EXE PE32 VirusTotal Malware AutoRuns PDB Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder Tofsee Windows Remote Code Execution Cryptographic key		2	2		5.6	M	21	ZeroCERT

11619	2023-07-11 18:45	fub23489bgf8uy32bf23%27r.exe 909570c37d5cd3165461458d9cd60c4b UPX Malicious Library PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself crashed					2.0	M	24	ZeroCERT

11620	2023-07-11 18:43	MGH.exe 2ca0fd657c122f59abb813053a610478 .NET framework(MSIL) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed		4	4		12.8	M	22	ZeroCERT

11621	2023-07-11 15:02	Apppdfread.msi c328b1c0c6809ae49d020d353bcc843a Generic Malware Malicious Library Antivirus OS Processor Check CAB MSOffice File Malware download NetWireRC VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check human activity check BitRAT ComputerName DNS		1	2		3.2		2	ZeroCERT

11622	2023-07-11 10:06	Lst.exe 163d4e2d75f8ce6c838bab888bf9629c Gen1 UPX Malicious Library Malicious Packer Anti_VM OS Processor Check PE64 PE File DLL ZIP Format VirusTotal Malware Check memory Creates executable files crashed					2.6		44	ZeroCERT

11623	2023-07-11 10:05	into.txt.vbs 77b99c19d7f1d83eba555f7415a70986 Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	2	2		8.0	M	4	ZeroCERT

11624	2023-07-11 10:05	rev.bat 4986cda33d79aa6d6034cd666895dd09 Generic Malware Downloader Antivirus Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API FTP KeyLogger AntiDebug AntiVM Malware download NetWireRC VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Tofsee BitRAT Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	3	3	1	7.6		3	ZeroCERT

11625	2023-07-11 10:04	SysdiagHelp.bat f4987b97440b898fd438b292a5fdab17 Generic Malware Downloader Antivirus Create Service Escalate priviledges Socket P2P DGA Steal credential Http API PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API FTP KeyLogger AntiDebug AntiVM Malware download NetWireRC VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Tofsee BitRAT Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	3	3	1	7.0		9	ZeroCERT