Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
12826	2023-05-28 14:28	obizx.exe 8419d459bb70661499d3d0e1e06c1c23 PWS .NET framework SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	1 Keyword trend analysis	3	1	13.4	M	31	ZeroCERT

12827	2023-05-28 14:26	kellyzx.exe 4f4f3e19a67c65345953ccc6fe8da506 Loki_b Loki_m Socket DNS PWS[m] AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2	14.2	M	46	ZeroCERT

12828	2023-05-28 14:24	unsecapp.exe 880cc09f6957f8eea513d876344ac5ba RAT UPX Malicious Packer .NET EXE PE File PE32 Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces ComputerName DNS	2 Keyword trend analysis	1	2	4.6	M	35	ZeroCERT

12829	2023-05-28 14:22	cred64.dll 076fcb9fd24a6fa50386d9e7cd8dd3cc Ave Maria WARZONE RAT UPX Malicious Library OS Processor Check DLL PE64 PE File VirusTotal Malware PDB Checks debugger installed browsers check Browser ComputerName crashed				2.4	M	48	ZeroCERT

12830	2023-05-28 14:21	77c43f7e.exe 20004dea61cdb68d6b89a9d0690434cd PE File PE32 VirusTotal Malware RWX flags setting unpack itself				3.0	M	40	ZeroCERT

12831	2023-05-28 14:19	p0aw25.exe 72fa10bd951a660d3b64696d0ce2398a UPX Malicious Library Malicious Packer PE64 PE File VirusTotal Malware PDB Remote Code Execution DNS		1		2.0	M	30	ZeroCERT

12832	2023-05-28 14:19	Loanid.hta e4724a4c6ff4dcd664e2ada4c110b2a9 Generic Malware Antivirus PowerShell powershell suspicious privilege Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key				5.2	M		ZeroCERT

12833	2023-05-28 14:18	BaldiTrojan-x64.exe e2c4c4dd8c6a357eca164955a8fe040c NSIS Downloader Malicious Library Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM PE File PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security malicious URLs WriteConsoleW Windows ComputerName crashed				9.2	M	53	ZeroCERT

12834	2023-05-28 14:16	clip64.dll 9ca64202badafeba42a962b080010eab UPX Malicious Library Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE File PE32 VirusTotal Malware PDB Checks debugger unpack itself				2.0	M	57	ZeroCERT

12835	2023-05-28 14:14	SoundTune.exe 9619dc496ef114971a0a4fdd55355754 PE64 PE File VirusTotal Malware Malicious Traffic unpack itself DNS	2 Keyword trend analysis	1	1	3.6	M	11	ZeroCERT

12836	2023-05-28 14:14	dd4add6r.s6xlt.exe 63d2ab075242a38f5c6240cb7eafbd35 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself				1.8	M	23	ZeroCERT

12837	2023-05-28 14:12	VGoogle.exe 2229a8fcdeb57f25fe2a2161be4964a1 RedLine stealer[m] AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1		11.8	M	41	ZeroCERT

12838	2023-05-28 14:12	fifififififiififififi%23%23%23... 76ace98cadbc3852258fd0f4737a5499 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed	1 Keyword trend analysis	1	1	4.6	M	33	ZeroCERT

12839	2023-05-28 14:10	toolspub1.exe 3862f7c67a51edbf6ff66e9d5956cac0 UPX Malicious Library AntiDebug AntiVM OS Processor Check PE File PE32 VirusTotal Malware PDB Code Injection Checks debugger buffers extracted unpack itself				7.0	M	32	ZeroCERT

12840	2023-05-28 14:09	1232.exe a1ce7b26712e1db177d86fa87d09c354 PWS .NET framework AntiDebug AntiVM .NET EXE PE File PE32 FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Ransomware Email Software				11.4	M	36	ZeroCERT