Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12511	2021-09-17 10:07	sepcon.exe 8b932daa6b317c6baef47bf2a2646e38 UPX Malicious Library PE File PE32 VirusTotal Malware RWX flags setting unpack itself Tofsee Remote Code Execution crashed	1 Keyword trend analysis	2	1		3.2	M	42	ZeroCERT

12512	2021-09-17 10:50	instal.exe 3a00ac1d224382941045b8673a3b66a0 Themida Packer Admin Tool (Sysinternals etc ...) Malicious Library PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Checks Bios Detects VMWare VMware anti-virtualization Windows Remote Code Execution Firmware DNS Cryptographic key crashed		1			8.8	M	31	ZeroCERT

12513	2021-09-17 10:50	luboe.exe e8fd991862a9c88bab9e967992e572ae RAT PWS .NET framework Generic Malware PE File OS Processor Check .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key		1			3.4	M	27	ZeroCERT

12514	2021-09-17 10:50	zW22iRETmqE.dll c678bbd306d11244564339371a8136ae RAT Generic Malware PE File .NET DLL DLL PE32 VirusTotal Malware PDB					1.0	M	10	ZeroCERT

12515	2021-09-17 10:54	3_Microsoft.Office.Infopath.Cl... 1e057c393a8684cd569ad803edb08980 Malicious Library PE File DLL PE32 VirusTotal Malware unpack itself Windows crashed					2.4	M	26	ZeroCERT

12516	2021-09-17 10:54	newb.exe 31b923409d179c5e197785d13a17d9cb Generic Malware Themida Packer PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	2		10.8	M	31	ZeroCERT

12517	2021-09-17 10:54	2eeeewsf.exe 632ae2e6e4e1899f19b6b7ba36d3ee0e RAT PWS .NET framework Generic Malware PE File OS Processor Check .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key		1			3.6	M	36	ZeroCERT

12518	2021-09-17 10:54	Instruction.exe b86b5f5e6345e0b9184d34bde48772f2 RAT PWS .NET framework Generic Malware PE File OS Processor Check .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1		8.8	M	35	ZeroCERT

12519	2021-09-17 10:57	Setup12.exe e0ef2cfe575206c8a60ddba16c3be2f5 Gen2 Emotet UPX Malicious Library ASPack PE File PE32 OS Processor Check PE64 Browser Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself Check virtual network interfaces AntiVM_Disk IP Check VM Disk Size Check installed browsers check Tofsee Interception Browser ComputerName DNS crashed	5 Keyword trend analysis	7	2	1	9.6	M	51	ZeroCERT

12520	2021-09-17 10:59	HTM.exe ce5451bcdc0d951b27cb1f42d4f8a4f8 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process AntiVM_Disk WriteConsoleW IP Check VM Disk Size Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4		14.6	M	29	ZeroCERT

12521	2021-09-17 11:05	diagram-114.doc 876b64688a3e91ca83a24cbe82bc77b5 VBA_macro Generic Malware MSOffice File RWX flags setting unpack itself					1.6			guest

12522	2021-09-17 11:08	diagram-116.doc ed7013efeb9d004aba9b9a5daa757261 VBA_macro Generic Malware MSOffice File exploit crash unpack itself Exploit crashed					2.4			guest

12523	2021-09-17 11:08	diagram-118.doc 4cf2a06cb2d3e70ce6bf9cc716e0cbaf VBA_macro Generic Malware MSOffice File RWX flags setting unpack itself					1.6			guest

12524	2021-09-17 11:15	diagram-125.doc 7bfc3adf08b35a9f9316a2ede16bb297 VBA_macro Generic Malware MSOffice File RWX flags setting unpack itself					1.6			guest

12525	2021-09-17 11:50	vbc.exe d55b6609eed1ae9711bafb8959297660 Lokibot PWS Loki[b] Loki.m RAT .NET framework Generic Malware DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2	1	12.2	M		ZeroCERT