Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
12706	2023-05-31 17:53	wall.exe 014b9db957bdbafe8a48ec5cd4004f0e RAT Gen2 Gen1 Malicious Library Malicious Packer .NET EXE PE File PE32 PE64 VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself ComputerName				3.4	M	50	ZeroCERT

12707	2023-05-31 17:52	d9ff4ed3.exe 1313175470e5c024f9d74e38a4c9ceb2 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself				2.0	M	34	ZeroCERT

12708	2023-05-31 17:51	TelexCopy.png c332f541894866c101840b77191efaa8 PWS .NET framework SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1	11.6	M	18	ZeroCERT

12709	2023-05-31 17:50	cache.exe b38f30630c599a64feface7bdd4e2040 PWS .NET framework SMTP Code injection PWS[m] KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName Cryptographic key Software crashed				12.0	M	38	ZeroCERT

12710	2023-05-31 17:48	tititiitititiiti%23%23%23%23%2... 15d6c18e34ad68f0907981c8850ba29f MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware buffers extracted RWX flags setting exploit crash Exploit crashed				3.6	M	35	ZeroCERT

12711	2023-05-31 17:48	Government%20policy%20Updated%... 975ea012aff8d8dcc37638be840684e5 ZIP Format Word 2007 file format(docx) Vulnerability VirusTotal Malware unpack itself DNS		1		5.0	M	38	ZeroCERT

12712	2023-05-31 15:18	2374471 cd87249ec679ff1579688eff5cafc8df AntiDebug AntiVM Email Client Info Stealer Code Injection Check memory Checks debugger unpack itself installed browsers check Browser Email				3.2			Kim.GS

12713	2023-05-31 13:44	doc_A841_May_30.js 10db452f997c16bb199730993f84443c VirusTotal Malware crashed				0.6		1	ZeroCERT

12714	2023-05-31 13:42	doc_A839_May_30.js 4f02c3deeb748ef553239cea3e049049 VirusTotal Malware crashed				0.6		1	ZeroCERT

12715	2023-05-31 13:42	doc_A814_May_30.js 42d07972175080527ff2d3114d076da4 VirusTotal Malware unpack itself crashed				1.0		1	ZeroCERT

12716	2023-05-31 13:41	doc_A804_May_30.js 2413e2e7cbb781e5ddd8d0c8bed5fea3 VirusTotal Malware crashed				0.6		2	ZeroCERT

12717	2023-05-31 09:31	tcpupdate.exe fc370061296aefef63818d1a9069f21e RAT UPX PWS[m] AntiDebug AntiVM PE64 PE File Browser Info Stealer Malware download VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities Collect installed applications suspicious process installed browsers check SectopRAT Windows Browser Backdoor ComputerName DNS Cryptographic key crashed		1	1	12.0	M	36	ZeroCERT

12718	2023-05-31 09:29	1.exe 3f005ce85f08a09e93679254e35df782 Generic Malware UPX Malicious Library Malicious Packer Antivirus OS Processor Check PE64 PE File VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName Cryptographic key				7.2	M	49	ZeroCERT

12719	2023-05-31 09:28	smss.exe 2245ba729d9b9cb1ee2be35a736ddc41 AntiDebug AntiVM PE64 PE File FormBook Malware download VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Windows DNS Cryptographic key	14 Keyword trend analysis Info http://www.gnhxxiazai03.com/ogeb/ http://www.nicejunq.com/ogeb/ http://www.r1146.xyz/ogeb/?2c=hQC9FzST15eBXJ4J4T0DlrZN3V4nndOGJI8rCOq0KQaVihaPabvY2aUaE4N/PK/Cku54qUwIUhcWHwQfhhinhH5BJGjDnxoo3iDp4OU=&ipmy8=K6AhV2U0GTlEYJ http://www.fb99vn.com/ogeb/?2c=OXN+k+OlhXjl96bKh2NTgPCFs15ire34/TTevHac9SK8WXddN+80UbpDpODSd5z2qlIY7v82+nyluTO39li1mIxMKX8Jb/R8tbta/VI=&ipmy8=K6AhV2U0GTlEYJ http://www.poshkits.info/ogeb/ http://www.drstephaniebest.com/ogeb/ http://www.ketocanadmqy.cloud/ogeb/ http://www.nicejunq.com/ogeb/?2c=61GncP3LZGSS1NuGOhw0w9YAjVqrgaXoImnMpoqiHfpClz+VkHF1OaSSbCiQjyR+WlMAeIDV0LjpJ/XsdXKhboCqPvNVkna3o/MBoBk=&ipmy8=K6AhV2U0GTlEYJ http://www.sqlite.org/2018/sqlite-dll-win32-x86-3230000.zip http://www.drstephaniebest.com/ogeb/?2c=+v0OuBHGG6cw5ZwrQCjmtsYbU4xaGL5HoMfXaXw9oSi2F/e6KL+7wkfrHW9mkq7nBIGbSiwCyL8lMMQd9mW+kFWaqBx5WK5Isw5ml80=&ipmy8=K6AhV2U0GTlEYJ http://www.gnhxxiazai03.com/ogeb/?2c=wBih4ktWfPNsySsqn3uI1HmQOkxE78XnlLTDvxJFz8Ksfyo9cnxjh72KIWiVUUXAXHwdyJ5YpLQGYf4Z+A02Vjn9hAcAu81BvwPbwlI=&ipmy8=K6AhV2U0GTlEYJ http://www.r1146.xyz/ogeb/ http://www.ketocanadmqy.cloud/ogeb/?2c=JCW7LwLHnn7ptjGjE5oXohZmdFlQQ26ARwAmaoNxO6ijvQN7ubUT60jiWusc3p3YeBdlnORuW+NtBTBOf6MBl7CRUR/NRW0MRl+FZL4=&ipmy8=K6AhV2U0GTlEYJ http://www.fb99vn.com/ogeb/	16 Info www.r1146.xyz(104.21.44.192) www.gnhxxiazai03.com(20.255.200.185) www.ketocanadmqy.cloud(195.161.62.100) www.nicejunq.com(91.195.240.123) www.drstephaniebest.com(198.185.159.145) www.fb99vn.com(172.67.153.64) www.poshkits.info(162.0.231.6) www.pymhn.top() 20.255.200.185 198.49.23.145 - mailcious 91.195.240.123 162.0.231.6 172.67.153.64 45.33.6.223 195.161.62.100 104.21.44.192	4	8.4	M	40	ZeroCERT

12720	2023-05-31 09:25	ilililililililil%23%23%23%23%2... 37da8e8fb8400046aa010dd182aa28f7 MS_RTF_Obfuscation_Objects RTF File doc LokiBot Malware download VirusTotal Malware c&c Malicious Traffic buffers extracted RWX flags setting exploit crash Windows Exploit DNS crashed	2 Keyword trend analysis	2	12 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5.0	M	12	ZeroCERT