Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12436	2023-06-11 21:46	theme1.xml 7c846c1a3ca16765bede316a0b88981f AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		3.8			guest

12437	2023-06-11 21:44	theme1.xml 7c846c1a3ca16765bede316a0b88981f Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2		4.8			guest

12438	2023-06-11 21:44	[Content_Types].xml 7084b736cec7aca9dcd6448907d35fb2 Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2		4.2			guest

12439	2023-06-11 21:44	[Content_Types].xml 7084b736cec7aca9dcd6448907d35fb2 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed					3.8			guest

12440	2023-06-11 21:42	cleanmgr.exe 3315bdebdc17d6688165fd98c0c5209c UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself DNS		1			2.6		54	ZeroCERT

12441	2023-06-11 21:42	[Content_Types].xml 7084b736cec7aca9dcd6448907d35fb2 Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2		4.2			guest

12442	2023-06-11 21:42	theme1.xml 7c846c1a3ca16765bede316a0b88981f Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2		4.8			guest

12443	2023-06-11 21:41	foto164.exe cbb0bcb442a38af349af69ecb177738a Gen1 Emotet UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	5 Keyword trend analysis	2	11 Info ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Dotted Quad Host DLL Request	3	17.6	M		ZeroCERT

12444	2023-06-11 21:38	3-2.docx 6fb67455d9c2283abe7c422939a35ba6 ZIP Format Word 2007 file format(docx) exploit crash unpack itself Exploit crashed					1.8			guest

12445	2023-06-11 21:38	webSettings.xml 5c19a9426c8e3cf0150c9373b8e7f8e9 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed					3.8			guest

12446	2023-06-11 21:37	etetetetetetetetetetetetet%23%... ef5538a4f8523b8087a46a4f0319a2ff Loki MS_RTF_Obfuscation_Objects RTF File doc LokiBot Malware download VirusTotal Malware c&c Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed	2 Keyword trend analysis	2	11 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Fake 404 Response ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	1	5.4	M	35	ZeroCERT

12447	2023-06-11 21:36	webSettings.xml 5c19a9426c8e3cf0150c9373b8e7f8e9 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed		1	2		3.8			guest

12448	2023-06-11 21:35	3-2.docx 6fb67455d9c2283abe7c422939a35ba6 ZIP Format Word 2007 file format(docx) RWX flags setting exploit crash Exploit crashed					1.8			guest

12449	2023-06-11 21:35	ipipipipipipipipipipip%23%23%2... da4ee80c1cd71008a199b216b4f7dda3 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed	1 Keyword trend analysis	1	1		4.4	M	29	ZeroCERT

12450	2023-06-11 21:34	theme1.xml 7c846c1a3ca16765bede316a0b88981f Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2		4.8			guest