Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12796	2021-09-25 11:09	file3.exe f4882ccc9606ea1207598439dde4c1df RAT Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	3	1		11.6	M	39	ZeroCERT

12797	2021-09-25 11:10	a58df1031.exe 436a9d01e4384a9be90339fa4c0c92ec Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					2.4	M	22	ZeroCERT

12798	2021-09-25 11:11	vida.exe f22c9479a75f069c121ca390b35d3541 Malicious Library MPRESS PE File PE32 VirusTotal Malware ICMP traffic unpack itself Checks Bios Detects VirtualBox Detects VMWare VMware anti-virtualization Tofsee Windows Remote Code Execution Firmware DNS crashed		2	3		6.4	M	22	ZeroCERT

12799	2021-09-25 11:13	vbc.exe 77370b802186f692c39b1c3c4883094e NSIS Malicious Library PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder					2.6	M	35	ZeroCERT

12800	2021-09-25 11:13	b1rj.exe ea7c4b1f0deb7d86c314e3e9592b7b44 Themida Packer Malicious Library PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Remote Code Execution Firmware Cryptographic key Software crashed	1 Keyword trend analysis	4	1		10.6	M	21	ZeroCERT

12801	2021-09-25 11:15	me.exe 8753a875d20d7ee5bc71c8d34f314c23 PWS Loki[b] Loki.m Generic Malware DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	1	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	1	14.0	M	34	ZeroCERT

12802	2021-09-25 11:17	vbc.exe 859a1a6574e4a09027f729908318b282 PWS .NET framework Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	14 Keyword trend analysis Info http://www.sakibotchi.com/arup/?ETYPCTH=Mvc3fTWMfEUu/hJGRB8Vpo7AngyGJqukIsCEA36EgUZmxx/V3r5r40WhFcDOzFRheeQperkl&VRfXC=00GP1JE0pzJtH07P http://www.azur-riviera-rental.com/arup/?ETYPCTH=5U1783QtuC0Bz0i23JIEbkPIiJHKV9ss1Vjx/owP5dSKhTyiL/UYC4drrg67ooFL+sZSTQRi&VRfXC=00GP1JE0pzJtH07P http://www.bluewinetours.com/arup/?ETYPCTH=7PqJqCZghG+ypoVFP7RJavJcukSULZ9xovwwwTa882pBqoNTfIjDpcv/7FzdkuK9miXhvjt/&VRfXC=00GP1JE0pzJtH07P http://www.sapphiretype.com/arup/?ETYPCTH=9WQg9dHIcuW4YkfTt4Mg6pnO/WJ56x4wIeILmi0slk+dZh2MACvfyqaF7lvzeXfvJhlREdkQ&VRfXC=00GP1JE0pzJtH07P http://www.azur-riviera-rental.com/arup/ http://www.ricartepinlac.com/arup/ http://www.jessicapets.com/arup/?ETYPCTH=EgNVIK57ZkGVVx/jttXBp19FXWTnr3BxO3OM0vEVfVnn3mprZmBwTpm4RYNxhQMHEbJUH8Io&VRfXC=00GP1JE0pzJtH07P http://www.bellapbd.com/arup/?ETYPCTH=DygWLLaHBMdL0xzXIIQDErATpFpfyLcRT4pInNWXfILAsokXZHc++OLWwcWCbG/tRp8OifRZ&VRfXC=00GP1JE0pzJtH07P http://www.jessicapets.com/arup/ http://www.sakibotchi.com/arup/ http://www.bluewinetours.com/arup/ http://www.bellapbd.com/arup/ http://www.ricartepinlac.com/arup/?ETYPCTH=XnzrGMJk6ywKx2jxse7wkW30YFqeVvQMXDYRS0h6WphrBN8VI8iOdrfcgrYbWs/qH4zEhANK&VRfXC=00GP1JE0pzJtH07P http://www.sapphiretype.com/arup/	16 Info www.sakibotchi.com(210.157.78.20) www.bellapbd.com(104.167.94.189) www.sapphiretype.com(44.227.76.166) www.bluewinetours.com(3.223.115.185) www.jessicapets.com(192.185.41.209) www.ricartepinlac.com(142.250.196.115) www.azur-riviera-rental.com(213.186.33.5) www.realisa.net() www.rapi-vet.com() 192.185.41.209 142.250.207.83 213.186.33.5 - mailcious 104.167.94.189 3.223.115.185 - mailcious 44.227.65.245 210.157.78.20	1		9.6	M	38	ZeroCERT

12803	2021-09-25 11:18	clr.exe 83d119a963e7050995f9bf6be8841b95 NPKI Generic Malware Malicious Packer UPX Anti_VM Malicious Library Antivirus PE64 PE File .NET DLL DLL PE32 VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Windows ComputerName Cryptographic key crashed					9.0	M	39	ZeroCERT

12804	2021-09-25 11:19	PPT_65084100000135.exe b952250a04254dae3756c54e681064ad NPKI Generic Malware Antivirus AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed					11.0	M	40	ZeroCERT

12805	2021-09-25 11:20	file5.exe d7dff13332a7b74ae92aff3fd073866f Themida Packer PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1		11.4	M	36	ZeroCERT

12806	2021-09-25 11:20	1NEW.exe 753e9e39697b50fba8a7d8d9d1fed16d Generic Malware Malicious Packer Admin Tool (Sysinternals etc ...) Malicious Library PE File OS Processor Check PE32 VirusTotal Malware suspicious privilege unpack itself Windows DNS keylogger		1			6.2	M	56	ZeroCERT

12807	2021-09-25 11:22	fari2021.pdf f23052e40d7b03ac4fec8fb66f6acdea RAT PWS .NET framework Generic Malware Malicious Packer Malicious Library PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	6	5		11.6	M	50	ZeroCERT

12808	2021-09-25 16:59	file8.exe 3146709a424c7546aa78d89159618da8 Malicious Packer Malicious Library PE File PE32 VirusTotal Malware unpack itself Tofsee DNS crashed		2	3		1.6	M	31	r0d

12809	2021-09-25 17:02	chart-1352129573.xls 3b0372de1f2116a802bc35e1000841d6 MSOffice File RWX flags setting unpack itself suspicious process Tofsee	3 Keyword trend analysis	5	4		3.6			guest

12810	2021-09-25 17:04	chart-1352261204.xls d63c9a2127af745020cf5570b72ce7a7 MSOffice File VirusTotal Malware RWX flags setting unpack itself suspicious process Tofsee	3 Keyword trend analysis	5	4		4.2		10	guest