Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12781	2021-09-24 17:15	etooltipred.png 1d7f42754d885cf2b61b683193b02708 Malicious Library PE File PE32 Dridex TrickBot Malware suspicious privilege Malicious Traffic buffers extracted unpack itself Check virtual network interfaces suspicious process Kovter ComputerName DNS crashed	1 Keyword trend analysis	5	2		6.8	M		ZeroCERT

12782	2021-09-25 10:31	BERN210819.exe 5bc6fa2221eed7444ea7d51dea3d1b4e NSIS Malicious Library PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder					2.4		24	ZeroCERT

12783	2021-09-25 10:36	Для руководства в работе.doc... 875f35ac7017ca6c572fdc3e40c0eec5 MSOffice File MachineGuid Check memory RWX flags setting unpack itself Tofsee GameoverP2P Zeus ComputerName Trojan Banking	2 Keyword trend analysis	2	1		5.0			ZeroCERT

12784	2021-09-25 10:47	file.exe cb2519c7618babe98a785cd7bd1485b4 Malicious Packer UPX Admin Tool (Sysinternals etc ...) Malicious Library PE File OS Processor Check PE32 VirusTotal Malware Malicious Traffic unpack itself suspicious process suspicious TLD ComputerName DNS crashed	1 Keyword trend analysis	2	2		4.0		4	ZeroCERT

12785	2021-09-25 10:57	9yub0of.ico b154189e0bcbf2556452a4d510d7043f VirusTotal Malware					0.4	M	3	ZeroCERT

12786	2021-09-25 10:57	vbc.exe a503bf5f5a7aefd063ad1ce5c0c244ed NSIS Malicious Library PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder					2.4	M	27	ZeroCERT

12787	2021-09-25 10:59	file8.exe 3146709a424c7546aa78d89159618da8 PE File PE32 VirusTotal Malware ICMP traffic unpack itself Tofsee DNS crashed		2	3		2.4	M	31	ZeroCERT

12788	2021-09-25 11:00	domandols.exe 8b5a980696f65c6fa9b46905f113a20e Loki NSIS Malicious Library PE File PE32 DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	10.4	M	29	ZeroCERT

12789	2021-09-25 11:02	a435gfhs109.cms e7ac180e8217a97505fee5b06709d331 Malicious Library PE File OS Processor Check DLL PE32 VirusTotal Malware PDB MachineGuid unpack itself Windows ComputerName					2.4	M	22	ZeroCERT

12790	2021-09-25 11:02	file9.exe 0005271e768f6e0b30f6a2c73fa84759 NPKI Themida Packer Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1		10.8	M	29	ZeroCERT

12791	2021-09-25 11:04	UnpackChrome2009.exe 9b1764b1cca5f1eb5946e182100681e4 Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself					2.2	M	51	ZeroCERT

12792	2021-09-25 11:04	raccon.exe c1d47389045438061a0fa52603ff25cb Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					2.4	M	21	ZeroCERT

12793	2021-09-25 11:07	file2.exe 2dae43f521e2684f2efdf0335f82ccf7 RAT Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1		13.4	M	44	ZeroCERT

12794	2021-09-25 11:07	file6.exe 6200236a6524e95a6636191b403a4f3d RAT PWS .NET framework Generic Malware Malicious Library persistence AntiDebug AntiVM PE File PE32 OS Processor Check .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder WriteConsoleW installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1		17.0	M	36	ZeroCERT

12795	2021-09-25 11:08	file4.exe efbdabf385c389aa1a08777fd1bc71d8 RAT PWS .NET framework Generic Malware Antivirus PE File .NET EXE PE32 VirusTotal Malware powershell PDB suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					7.6	M	23	ZeroCERT