Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12496	2021-09-17 09:47	aje.exe e4ddcfa1589fd52face01d5c9d76a527 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed					8.8	M	24	ZeroCERT

12497	2021-09-17 09:47	11.html f0afc8b55366e5ef6483bfb76429b44b Antivirus AntiDebug AntiVM MSOffice File PNG Format Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	22 Keyword trend analysis Info https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png https://www.blogger.com/static/v1/jsbin/403901366-ieretrofit.js https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png https://fonts.googleapis.com/css?family=Open+Sans:300 https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff https://www.google-analytics.com/analytics.js https://www.blogger.com/img/share_buttons_20_3.png https://www.blogger.com/static/v1/v-css/281434096-static_pages.css https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Ftupalamagaytalullamyra.blogspot.com%2Fp%2F11.html&type=blog&bpli=1 https://www.blogger.com/static/v1/widgets/1667664774-css_bundle_v2.css https://www.google.com/css/maia.css https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg https://fonts.googleapis.com/css?lang=ko&family=Product+Sans\|Roboto:400,700 https://www.blogger.com/img/blogger-logotype-color-black-1x.png https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://tupalamagaytalullamyra.blogspot.com/p/11.html%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://tupalamagaytalullamyra.blogspot.com/p/11.html%26type%3Dblog%26bpli%3D1&passive=true&go=true https://fonts.gstatic.com/s/opensans/v23/mem5YaGs126MiZpBA-UN_r8OUuhv.woff https://www.blogger.com/dyn-css/authorization.css?targetBlogID=6774392999284712153&zx=925ee028-4325-412f-b69e-173d5765dd73 https://www.blogger.com/blogin.g?blogspotURL=https://tupalamagaytalullamyra.blogspot.com/p/11.html&type=blog https://www.blogger.com/static/v1/widgets/4164007864-widgets.js https://resources.blogblog.com/img/icon18_edit_allbkg.gif https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js	16 Info resources.blogblog.com(172.217.175.41) www.google.com(142.250.199.100) www.gstatic.com(172.217.175.35) fonts.googleapis.com(216.58.197.234) accounts.google.com(142.250.196.109) www.google-analytics.com(142.250.196.142) fonts.gstatic.com(216.58.220.99) www.blogger.com(172.217.175.41) 142.250.204.141 216.58.200.78 216.58.200.68 142.250.204.105 142.250.66.35 142.250.66.74 142.250.66.73 142.250.66.67	2		4.2			ZeroCERT

12498	2021-09-17 09:47	SJFIIEESD-6.exe efa7b4d2183d6e526cf2b9bc57e4fda5 RAT Generic Malware PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Check virtual network interfaces suspicious TLD Tofsee DNS		2	2		4.0	M	48	ZeroCERT

12499	2021-09-17 09:50	vbc.exe 50f9407000cb612b401aaddd94cfda0b Loki PWS Loki[b] Loki.m .NET framework Generic Malware DNS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	11.8	M		ZeroCERT

12500	2021-09-17 09:51	Anye.exe 16e153201be41825d56aaeac47183efd Gen1 UPX Admin Tool (Sysinternals etc ...) Malicious Library Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiV Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check Tofsee OskiStealer Stealer Windows Browser Email ComputerName Remote Code Execution DNS crashed Password	10 Keyword trend analysis Info http://103.141.138.110/p2//1.jpg http://103.141.138.110/p2//3.jpg http://103.141.138.110/p2/ http://103.141.138.110/p2//4.jpg http://103.141.138.110/p2//6.jpg http://103.141.138.110/p2//main.php http://103.141.138.110/p2//2.jpg http://103.141.138.110/p2//5.jpg http://103.141.138.110/p2//7.jpg https://cdn.discordapp.com/attachments/780223158832988201/887956878448005120/Ymwqrsxzevnppmpppdsvbqpnbpgrjoj	3	6 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Data POST to an image file (jpg) ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)		18.0	M	23	ZeroCERT

12501	2021-09-17 09:52	dsf.wbk b173278a101f7c26ea90d923613fcbba Lokibot RTF File doc AntiDebug AntiVM LokiBot Malware download VirusTotal Malware c&c MachineGuid Malicious Traffic Check memory Checks debugger exploit crash unpack itself Windows Exploit DNS Cryptographic key crashed Downloader	2 Keyword trend analysis	3	13 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	1	5.6	M	26	ZeroCERT

12502	2021-09-17 09:53	VHGVC-4.exe 422280cacdf29241ea5342cbf43721d5 PWS .NET framework Generic Malware Antivirus PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger WMI Creates shortcut ICMP traffic unpack itself powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows ComputerName Cryptographic key crashed		2			8.6	M	53	ZeroCERT

12503	2021-09-17 09:54	lmao.exe f8fdcd124427dfb121cc885083977607 RAT Generic Malware PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee ComputerName		2	1		3.0	M	41	ZeroCERT

12504	2021-09-17 09:54	invoice.wbk dba69da87a497561022dff1ec7b1631c Lokibot RTF File doc AntiDebug AntiVM LokiBot Malware download VirusTotal Malware c&c MachineGuid Malicious Traffic Check memory exploit crash unpack itself Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	3	13 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	5.2	M	25	ZeroCERT

12505	2021-09-17 09:56	vbc.exe be72c9c102de48a6b9158380af41e609 Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself					2.2	M	45	ZeroCERT

12506	2021-09-17 09:57	.audiodg.exe b89f8038f53ffc8982d8e25a420dd29e PWS Loki[b] Loki.m .NET framework Generic Malware DNS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	2	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	1	13.4	M	24	ZeroCERT

12507	2021-09-17 09:59	MVTT.exe 7bc69f6fac0d853781b1a72cba8c770f Generic Malware Antivirus PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process AppData folder Windows ComputerName Cryptographic key					6.0	M	52	ZeroCERT

12508	2021-09-17 10:00	ftp.exe 6e50112832160134bc11782d9fe9cadc Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					2.4	M	41	ZeroCERT

12509	2021-09-17 10:03	SJFIIEESD-7.exe ea3e64c8d0945a81842d2a3a925949d7 RAT Generic Malware Antivirus PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process AppData folder Windows ComputerName Cryptographic key crashed					6.8	M	48	ZeroCERT

12510	2021-09-17 10:05	vbc.exe c1035f9cbed8afef93eae63e9a00bdb9 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed					8.8	M	21	ZeroCERT