Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
12811	2023-05-29 13:45	77c43f7e_rd1.exe ea9775eca677ed8dea5646a7aa6b750e PE File PE32 VirusTotal Malware Checks debugger	1 Keyword trend analysis	20 Info translate.googleapis.com(142.250.206.234) www.google.com(142.250.207.100) www.gstatic.com(172.217.161.195) fonts.googleapis.com(142.250.206.202) curl.se(151.101.193.91) _googlecast._tcp.local() apis.google.com(142.250.76.142) fonts.gstatic.com(142.250.206.195) clientservices.googleapis.com(172.217.25.163) 142.251.222.195 142.251.130.10 142.250.204.106 142.250.206.195 121.254.136.27 142.250.66.99 151.101.1.91 142.251.220.35 142.251.220.36 142.250.66.68 172.217.24.78	2	2.2	M	42	ZeroCERT

12812	2023-05-29 13:44	debug2.ps1 071a89f94694990906a4c3aabeae4e7b Generic Malware Antivirus Malware powershell Malicious Traffic Check memory unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	1		4.6			ZeroCERT

12813	2023-05-29 13:43	108.61.117.130:3002 64806167a0e3b3d2b5bb3bd4d1b32f17 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB				1.6	M	33	ZeroCERT

12814	2023-05-29 13:29	a02.exe 820241820224a5c7eed0ca74b7420361 Raccoon Stealer Malicious Library Malicious Packer VMProtect AntiDebug AntiVM PE File PE32 PNG Format VirusTotal Malware Buffer PE AutoRuns MachineGuid Code Injection Check memory buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities AppData folder WriteConsoleW Tofsee Windows DNS	1 Keyword trend analysis	5	2	12.4	M	52	ZeroCERT

12815	2023-05-29 13:26	postmon.exe f3e968ba5b17cca9be62e5ca9c9b06f0 Generic Malware UPX Malicious Library Malicious Packer Antivirus OS Processor Check PE File PE32 PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName Remote Code Execution Cryptographic key	1 Keyword trend analysis	2	2	10.0	M	52	ZeroCERT

12816	2023-05-29 13:24	evhic3tm.9uob3.exe 6df739288df7e77eea4f6fd867d76707 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself				1.8	M	25	ZeroCERT

12817	2023-05-29 10:42	https://www.dropbox.com/s/3oyb... d8325c0af6f9618e5646da189c2f5469 Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		2	2	4.6			guest

12818	2023-05-29 02:03	https://blitzz.com.ar/wp-conte... 0d6f6b6bd8f63cb7ea5854d7fb265cb4 Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM MSOffice File PNG Format JPEG Format VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		2	2	4.8			guest

12819	2023-05-28 17:20	https://accounts.google.com/v3... Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	10 Keyword trend analysis Info https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.FB9bt3Boo_A.es5.O/am=BznH4QM_CP-pzj_jk8MAAAAAAAAAAAALw06C/d=1/excm=_b,_r,_tp,rejectedview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlF50LTc6xdo-R2TtLbFrnb79VTY7A/m=_b,_tp,_r https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff https://www.google.com/favicon.ico https://fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwA.woff https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmSU5fBBc-.woff https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff https://fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff https://accounts.google.com/v3/signin/rejected?continue=https://maps.google.com/maps/timeline?hl%3Den_US&dsh=S-200849221:1685261298961203&flowEntry=ServiceLogin&flowName=GlifWebSignIn&hl=en_US&ifkv=Af_xneFIIJtTRe58HPGFsWTtfrakqcje0cZ-433jdEP0BKZL7UPra1y0wP_zfCKeCiJgl8SSqbPJOQ&rhlk=js&rrk=47 https://fonts.gstatic.com/s/roboto/v18/KFOkCnqEu92Fr1MmgVxIIzQ.woff https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc-.woff	8	2	4.2			guest

12820	2023-05-28 14:41	Rebcoana.exe edfad6bc3bc4d075a440b49baf575f56 MPRESS PE File PE32 VirusTotal Malware suspicious privilege ComputerName				3.4	M	54	ZeroCERT

12821	2023-05-28 14:39	tmglobalzx.exe 924352885feaaa329d4ec33b6b914de0 Loki_b Loki_m Socket DNS PWS[m] AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	2	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	14.4	M	45	ZeroCERT

12822	2023-05-28 14:37	Client.exe c246e9024a70360607d9b4ac79a46b67 PWS .NET framework RAT UPX Malicious Library Malicious Packer Antivirus OS Processor Check .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself				2.0	M	55	ZeroCERT

12823	2023-05-28 14:35	SoundTune.exe 9619dc496ef114971a0a4fdd55355754 PE64 PE File VirusTotal Malware Malicious Traffic unpack itself DNS	2 Keyword trend analysis	1	1	3.6	M	11	ZeroCERT

12824	2023-05-28 14:33	toolspub3.exe 4cbbbf1e2c9eb59f3cded9ae490d83e8 UPX Malicious Library AntiDebug AntiVM OS Processor Check PE File PE32 VirusTotal Malware PDB Code Injection Checks debugger buffers extracted unpack itself				7.0	M	33	ZeroCERT

12825	2023-05-28 14:30	Azure_Cracked.exe 08419affda8d3d7d65ff3897e726a819 PWS .NET framework RAT Hide_EXE UPX Malicious Library OS Processor Check .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself WriteConsoleW ComputerName				2.6	M	35	ZeroCERT