Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
11731	2021-08-24 12:18	soul3ss.exe 411ca7ba89ae45e92f9ed4663f903335 RAT PWS .NET framework Generic Malware PE File OS Processor Check .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1		8.6	M	23	ZeroCERT

11732	2021-08-24 12:27	mb.exe 5c2f7d7c59e2651c57690c5e76ebf2a7 PE File PE32 VirusTotal Malware unpack itself					1.6	M	21	ZeroCERT

11733	2021-08-24 12:28	omozx.exe 76bb446dcf0629ec91c21cb40ca202d5 Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Disables Windows Security Checks Bios Detects VirtualBox powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW VMware anti-virtualization IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	6	4		21.2	M	35	ZeroCERT

11734	2021-08-24 12:29	pope.exe 36a443909fb713e12bfd996dde324f0b RAT Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows ComputerName DNS Cryptographic key		1			3.2	M	28	ZeroCERT

11735	2021-08-24 12:29	5.php da06f080170b823ad617874958f2fcaf Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					2.0	M	20	ZeroCERT

11736	2021-08-24 12:31	Mars.exe af93c6b29531289459db2cbe41a0cb1c Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					1.8	M	28	ZeroCERT

11737	2021-08-24 12:31	mn.exe 0bdd37b8a257b2c21b63508c9e53ac04 PE File PE32 VirusTotal Malware unpack itself					1.8	M	33	ZeroCERT

11738	2021-08-24 12:34	vbc.exe 8901adddca065dc397595e7d835171e2 Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					9.4	M	31	ZeroCERT

11739	2021-08-24 12:34	mine.exe abad27b663c16a7458ce9bf4e21b9989 RAT Gen2 Generic Malware Malicious Library Malicious Packer Antivirus PE File .NET EXE PE32 PE64 DLL VirusTotal Malware powershell PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process Tofsee Windows ComputerName DNS Cryptographic key Downloader	1 Keyword trend analysis	3	1		10.0	M	16	ZeroCERT

11740	2021-08-24 12:37	7215.exe aeac57103b3c82c0c09cc0521db58362 Gen2 Gen1 Themida Packer Malicious Library UPX Malicious Packer ASPack PE File OS Processor Check PE32 DLL VirusTotal Malware PDB Creates executable files unpack itself AppData folder					3.0		43	ZeroCERT

11741	2021-08-24 12:37	7213.exe b293c3038385e59e5fe7d851b53dc76b Generic Malware Themida Packer Malicious Library Anti_VM ASPack Malicious Packer PE File OS Processor Check PE32 DLL PDB Creates executable files unpack itself AppData folder					1.8			ZeroCERT

11742	2021-08-24 16:22	kbinzx.exe a365ed966a7852458e597021a10e5348 Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					10.2		20	Kim.GS

11743	2021-08-24 16:48	fileT2.exe 73ca4c10afa6a3f712facb40aa8254ae UPX Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					1.8	M	21	ZeroCERT

11744	2021-08-24 16:50	vbc.exe 252cae0537d8c3aa42d8e69ad802b966 PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	1	5 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2	1	8.6	M	25	ZeroCERT

11745	2021-08-24 16:51	dyno.exe 256876a198e1b3f8e579ab00a4615e73 UPX PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization Remote Code Execution DNS DDNS crashed	1 Keyword trend analysis	4	2		5.0	M	13	ZeroCERT