Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12676	2021-09-23 08:25	vbc.exe 23435288fa91ce5561bdc28531154c07 PWS Loki[b] Loki.m .NET framework Generic Malware DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		12.6	M	27	ZeroCERT

12677	2021-09-23 08:27	loader3.exe aa53fa17f4a2fbed593979efd1c41a17 NSIS Malicious Library PE File PE32 DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	1	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	1	9.8	M	32	ZeroCERT

12678	2021-09-23 08:27	24.exe 8db72b47d0e9b71bd08f6adf47818291 Lazarus Family Generic Malware Themida Packer Anti_VM Malicious Library PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Checks Bios Detects VMWare VMware anti-virtualization Windows Firmware Cryptographic key crashed		3			7.4	M	25	ZeroCERT

12679	2021-09-23 08:29	effot.exe 2aea6536bef3a2c24c770a59b9ee696f PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					11.8	M		ZeroCERT

12680	2021-09-23 08:30	DownFlSetup999.exe ecb887b80ecdd78f0d5c3d93e77fe21c RAT Generic Malware Themida Packer Anti_VM Malicious Library PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces AppData folder suspicious TLD VMware anti-virtualization installed browsers check Tofsee Ransomware Windows Browser Email ComputerName Firmware DNS Cryptographic key Software crashed	9 Keyword trend analysis Info https://guidereviews.bar/?username=p9_1 https://guidereviews.bar/?username=p9_2 https://guidereviews.bar/?username=p9_3 https://guidereviews.bar/?username=p9_4 https://guidereviews.bar/?username=p9_7 https://all-design-space.top/ https://api.ip.sb/geoip https://iplogger.org/1aNhd7 https://iplogger.org/1aBhd7	11	2		15.4	M	32	ZeroCERT

12681	2021-09-23 08:31	file6.exe a92ecf7fef1451c1ebd6f7886a9e22d5 PE File PE32 VirusTotal Malware Malicious Traffic unpack itself Checks Bios Detects VirtualBox Detects VMWare VMware anti-virtualization Tofsee Windows Firmware crashed	1 Keyword trend analysis	2	1		6.8	M	31	ZeroCERT

12682	2021-09-23 08:32	rundll32.exe c40d259a0b4e4747b0f621a68fc6c1e7 PWS .NET framework Generic Malware PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself					2.0		23	ZeroCERT

12683	2021-09-23 08:33	msmsmsmsm.exe f1605eda6ee89c9d60fc6f3ce0d91724 RAT Generic Malware Malicious Packer UPX AntiDebug AntiVM PE File OS Processor Check .NET EXE PE32 VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows DNS Cryptographic key		2			11.6	M	42	ZeroCERT

12684	2021-09-23 08:35	.winlogon.exe a6b0ff3aaa1b4989b5814c6c179679dd PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed					9.8		27	ZeroCERT

12685	2021-09-23 08:38	okito.exe ee63641e45cd39a27512828a6d5de7b3 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName crashed					13.4	M	27	ZeroCERT

12686	2021-09-23 08:40	princezx.exe b80aee6108833308db15c2b4dda4a3de Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					10.6	M	21	ZeroCERT

12687	2021-09-23 08:43	vbc.exe 7a23da05dfbd236cb33b6d7a2a1f262d PWS .NET framework Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself ComputerName	8 Keyword trend analysis Info http://www.bebo.xyz/n90q/?nH=Dro1KrF0gyNlcbSU541z19qzrfyzXKuAHParq6y5Eexi213YrSW+4q3W+dE4BNn0Eap4e/tW&GF=6l8lMtkXCnqDR4j http://www.createreleaserepeat.com/n90q/?nH=SsuzvQ6HV6taaD+W8X3ly66BXMf4dXdtK5LrBFfasaPP85NssPTn5/qtxMT4ZatflkGo0SY1&GF=6l8lMtkXCnqDR4j http://www.lamarfish.com/n90q/?nH=oLp1INRQcYlCIwnKN0Njm6Xoc+cRt/X9prI3xjM3Ww6ORPuYc4D5wUV8peSbJSvq5hgWAqN2&GF=6l8lMtkXCnqDR4j http://www.centrounac.com/n90q/?nH=4AF0SqrcHbMbXHT29t0gKs+41/yAIXWaLUNVn/nIRBk+MAbhn5ZCt0buIkQBoGEu5wc0Q/41&GF=6l8lMtkXCnqDR4j http://www.mammutphilippines.com/n90q/?nH=GiWrvS//gQ2q/hIV6Zy/o5YW6c6VukN0OH9ROBeGDhiEQY+72LoQ1NiOAxiqbd0Y0wIFk2Ut&GF=6l8lMtkXCnqDR4j http://www.ord9route.art/n90q/?nH=m4pl3ok5EqTqfLMyT/hFtIlAKU9zniQdbH9l3O+ovtt51rXL7aP0rtbmfw7iHYfUW+rGLckW&GF=6l8lMtkXCnqDR4j http://www.adorotudoisso.club/n90q/?nH=+AznKtSaeUwG4Xhx64dkxKeTbLa++kdbf8CsCGDIfyM3i3hWyBe26u1HjGAigACJ/I2g9jsl&GF=6l8lMtkXCnqDR4j http://www.nnvv942.com/n90q/?nH=8fnm1kg073ztZrdYEgPG88qlh15erAvqUZr4iV0Eq8UimOtZmlwKxqbhgxKQuef6PrzJkwXT&GF=6l8lMtkXCnqDR4j	17 Info www.nnvv942.com(199.241.1.183) www.kjslink.com() www.adorotudoisso.club(208.113.216.170) www.bebo.xyz(86.105.245.69) www.ord9route.art(202.165.66.108) www.createreleaserepeat.com(75.126.100.9) www.centrounac.com(34.98.99.30) www.lamarfish.com(204.11.56.48) www.mammutphilippines.com(199.59.242.153) 75.126.100.9 86.105.245.69 - mailcious 199.59.242.153 - mailcious 199.241.1.183 202.165.66.108 204.11.56.48 - phishing 208.113.216.170 34.98.99.30 - phishing	3		8.8	M	22	ZeroCERT

12688	2021-09-23 08:44	obizx.exe 9e3d48d47e6370c4cd6ca03ef3c58cd5 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed					9.8	M	23	ZeroCERT

12689	2021-09-23 08:47	vbc.exe c5b8eff1e9f73c6c365876188326f2e4 RAT PWS .NET framework Generic Malware UPX Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1	1	12.0	M	20	ZeroCERT

12690	2021-09-23 08:47	valman.exe e39c6db1274a46576cfb2cc4db22423e PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					12.8		36	ZeroCERT