Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
12481	2021-09-16 10:02	Invoice-report-23.docx 42761e128d32aea9f3e2c0473c25a32b Word 2007 file format(docx) VirusTotal Malware MachineGuid Check memory RWX flags setting unpack itself GameoverP2P Zeus ComputerName Trojan Banking	1 Keyword trend analysis	1		4.8		29	ZeroCERT

12482	2021-09-16 10:05	9_SensorsApi.dll.dll 0147d3e39ad4b2efb8e2dc2f860fe4ae Malicious Library PE File DLL PE32 VirusTotal Malware unpack itself Windows crashed				2.4	M	24	ZeroCERT

12483	2021-09-16 18:24	vbc.exe 1dfc311bef3cb1f3f02be2b9161b0633 PWS Loki[b] Loki.m Generic Malware DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	12.4		18	ZeroCERT

12484	2021-09-16 18:24	proli13go.exe 68b1fb5b76a54dd3df547675e525e059 Generic Malware Themida Packer Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1	11.0		40	ZeroCERT

12485	2021-09-16 18:27	proliv12go.exe 65e482feb7ccc578181af4f7f4d8f3eb Emotet Gen2 Themida Packer Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM Malicious Library PE File OS Processor Check .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1	11.2		45	ZeroCERT

12486	2021-09-16 18:27	remcoss.exe 0764105d28b8e3faae82e41a48f29577 AgentTesla RAT browser info stealer Generic Malware Google Chrome User Data Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection Downloader AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS		1		15.2		26	ZeroCERT

12487	2021-09-16 18:29	zaliv.exe 4e8154575f02945f44e4f2205553a80e Generic Malware Themida Packer Anti_VM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1	11.2	M	27	ZeroCERT

12488	2021-09-16 18:29	Enquiry_101352001209png.exe 334a47ca828db802167c63cd913c4ce7 RAT Generic Malware Malicious Library AntiDebug AntiVM PE File OS Processor Check .NET EXE PE32 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI RWX flags setting unpack itself Check virtual network interfaces ComputerName crashed				9.8	M	34	ZeroCERT

12489	2021-09-16 18:33	rust.exe bb7a55020d96e929f6c92ddd42e54c18 Malicious Library PE64 PE File VirusTotal Malware				1.0		9	ZeroCERT

12490	2021-09-16 18:35	enquiry_00207301020785png.exe 61095557481992f46fb393bbdbec000a RAT Generic Malware AntiDebug AntiVM PE File OS Processor Check .NET EXE PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName crashed				11.0	M	19	ZeroCERT

12491	2021-09-17 03:28	B05272D14D44D70715FA9530EB1573... 0c95d1be7371afcb78e9bc74a9836053 AntiDebug AntiVM VirusTotal Email Client Info Stealer Malware Code Injection Check memory Checks debugger unpack itself Browser Email				3.6		10	guest

12492	2021-09-17 09:20	current list of employees who ... f1680aa55c88220bcf83e24d89628cc9 VirusTotal Malware ComputerName				1.0		25	ZeroCERT

12493	2021-09-17 09:21	10.2021 - Current list of empl... f1680aa55c88220bcf83e24d89628cc9 VirusTotal Malware ComputerName				1.0		25	ZeroCERT

12494	2021-09-17 09:25	Проверка Сотрудников.docx... 41dacae2a33ee717abcc8011b705f2cb Word 2007 file format(docx) VirusTotal Malware MachineGuid Check memory RWX flags setting unpack itself GameoverP2P Zeus ComputerName Trojan Banking	1 Keyword trend analysis	1		4.6		10	ZeroCERT

12495	2021-09-17 09:45	vbc.exe 7789bd4d79ad897126a68bf3e74f4e1b Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution				2.4	M	47	ZeroCERT