Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
12841	2023-05-28 14:07	ss49.exe 891567deaac471357e8b75133ab42be4 Malicious Packer PE64 PE File VirusTotal Malware PDB Remote Code Execution				1.0	M	11	ZeroCERT

12842	2023-05-28 14:07	work.exe f3ea299f7271137cfecf96f4e5d95793 PWS .NET framework RAT UPX OS Processor Check .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Windows DNS Cryptographic key		1		4.8	M	65	ZeroCERT

12843	2023-05-28 14:06	nigguy_1.exe 25344f4f54ec2afff00c28ca9c2a1818 PWS .NET framework RAT Loki_b Generic Malware Antivirus UPX Malicious Library Malicious Packer PE File PE32 OS Processor Check .NET EXE VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself suspicious process AppData folder WriteConsoleW Windows Email ComputerName Cryptographic key crashed				6.8	M	53	ZeroCERT

12844	2023-05-28 14:05	Sniepriu.exe 2c178c417c3621ad0c7c17a03b56ce3f RAT .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows ComputerName Cryptographic key		2	1	3.2	M	41	ZeroCERT

12845	2023-05-28 14:03	sksKQissjAN.dll 8245d843cd4d3e90e9edec8ebc0278d4 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself				2.0	M	32	ZeroCERT

12846	2023-05-28 14:03	LummaC2_2023-05-26_18-46.exe 016341463c7fc28b5f760d3119525fa6 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself				2.0	M	33	ZeroCERT

12847	2023-05-28 14:02	botminhok.exe 81b67629e8ec6b301ca40f22dcf74bdb PWS .NET framework RAT UPX OS Processor Check .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	4	2	7.4	M	55	ZeroCERT

12848	2023-05-28 14:01	donpyzx.exe 6c8af0fbafdbfd92df073c0df1be2d56 Loki_b Loki_m PWS .NET framework Socket DNS PWS[m] AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	14.2	M	45	ZeroCERT

12849	2023-05-28 14:01	ogumbgejapxd.exe 5079d5992497325dd379996d819ef7ea Generic Malware UPX Malicious Library Malicious Packer OS Processor Check PE64 PE File VirusTotal Malware crashed				1.2	M	37	ZeroCERT

12850	2023-05-28 13:50	KRILL_YOURSELF.cmd 0502d1878cc372e6118bd37951132d6d Gen2 Gen1 Generic Malware Suspicious_Script_Bin Downloader UPX Malicious Library Malicious Packer Antivirus Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger VirusTotal Malware AutoRuns suspicious privilege Code Injection Creates executable files unpack itself sandbox evasion WriteConsoleW human activity check Windows Browser				5.6	M	20	ZeroCERT

12851	2023-05-28 13:44	kakazx.exe 1f3def51e0810dd7738c3bc6407d5228 PWS .NET framework SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger		2	2	11.4		33	ZeroCERT

12852	2023-05-28 04:13	secret_conversations.json 478b6a33ffb676add90e557000508d0a AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				3.4			guest

12853	2023-05-27 21:10	https://www.pornhub.com Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		2	2	4.2			guest

12854	2023-05-27 02:18	http://jrodriguez3113@gmail.co... 30080455ee0ea698c6c89361b13a863d Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.2			guest

12855	2023-05-26 20:14	BLNR1389.js d66279c46cb9a2e4d466c045d6f89bce WMI ComputerName				1.0			ZeroCERT