Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
12871	2021-09-28 15:57	ruzik.exe 2baefa0083d4c22f178dbd8805728ecc Generic Malware Themida Packer Anti_VM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1	11.0		16	ZeroCERT

12872	2021-09-28 15:57	new.exe c6285a23482e0420a096c10a6c245513 Themida Packer PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1	11.8		34	ZeroCERT

12873	2021-09-28 15:59	update.exe 4f103b3d193ab688e6595b09ca78c759 Malicious Library PE File PE32 VirusTotal Malware unpack itself Tofsee Remote Code Execution		2	2	2.2	M	37	ZeroCERT

12874	2021-09-28 16:00	es.exe 59a50d997d0b4a35bfacdea5d1ce1851 RAT Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows ComputerName DNS Downloader	4 Keyword trend analysis Info http://www.rlgbsuilds.com/hp6s/?CPG=Fw5YSRn6B6q7Vo6CTsfssUahdbXa4r2ZD7nmGGCHLkY8GDkOmUQxWePCsmLEOuwwrsL9h5YF&3f=Yn9ps0vxNLc http://www.fuyrew.online/hp6s/?CPG=2bYopOGPOIVcz7tJsXUx3GFEgu0QV8cVsQS3JlFK1exizYXGI9lPCJa/BJy6fy+FVLDUc5Qt&3f=Yn9ps0vxNLc http://www.sadguruenterprisesindia.com/hp6s/?CPG=dcOC7cI3oFnEfS9GsSVSHnbVWf/igqk97prd+XkG3EO6PgEaTghsJ+vTu1hjJo0Q2PG/bv5y&3f=Yn9ps0vxNLc https://cdn.discordapp.com/attachments/888348114673598475/890866414997635092/TNG.dll	9	8 Info ET MALWARE FormBook CnC Checkin (GET) ET INFO Executable Download from dotted-quad Host ET MALWARE Possible MalDoc Payload Download Nov 11 2014 ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	9.2	M	32	ZeroCERT

12875	2021-09-28 16:01	vbc.exe b397c9903b6967ddf77f6d484a4b4d4b RAT PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName crashed				10.0	M	11	ZeroCERT

12876	2021-09-28 16:01	vbc.exe d0a801b89e60cb6ccf654a9baa290783 NSIS Malicious Library PE File PE32 DLL Emotet VirusTotal Malware Code Injection Check memory Creates executable files unpack itself AppData folder				4.2	M	21	ZeroCERT

12877	2021-09-28 16:04	vbc.exe 5e11788d890d97045cd8d830b25527f6 NSIS Malicious Library PE File PE32 DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .gq Domain ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious .gq domain ET INFO HTTP Request to a .gq domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	10.4	M	29	ZeroCERT

12878	2021-09-28 16:04	soft.exe 82f7734fef8ee0789cf270f292651cbe Malicious Library PE File OS Processor Check PE32 VirusTotal Malware unpack itself Tofsee Remote Code Execution		2	2	1.8	M	16	ZeroCERT

12879	2021-09-28 16:06	mixxe.exe 7b1bc3c113a48b6ca69d427b0e1cfd24 Generic Malware Themida Packer Malicious Library PE File .NET EXE PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key crashed	1 Keyword trend analysis	3	1	10.4	M	16	ZeroCERT

12880	2021-09-28 16:07	lv.exe d0b364ad8cb0f526dabd281479270579 NPKI Emotet Gen1 Gen2 Themida Packer Generic Malware Malicious Library Anti_VM UPX Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal cred VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows crashed		1		7.4	M	26	ZeroCERT

12881	2021-09-28 16:08	sya.exe 13e41e7ab512d2d8b1818d15a24f262c NSIS Malicious Library PE File PE32 DLL Emotet VirusTotal Malware Code Injection Check memory Creates executable files unpack itself AppData folder				4.2	M	28	ZeroCERT

12882	2021-09-28 16:08	bobo.exe c203b85591cefe40d1f7ed64e2e6ff9c PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName crashed				11.4	M	38	ZeroCERT

12883	2021-09-28 16:10	gobro.exe 73fd366a5572fca7a981ed7a3f0b6150 Malicious Library PE File PE32 VirusTotal Malware unpack itself Tofsee Remote Code Execution		2	2	2.0	M	21	ZeroCERT

12884	2021-09-28 16:10	bin.exe 9f66d58c838608fdd0be51b576e7185d Formbook PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic unpack itself	5 Keyword trend analysis Info http://www.swoern.info/hp6s/?uTuD=4T5YGQUYHOUszNOY444hn7mmf6FrtM+AFTjOJC+Py6Ag/b5xU53y9DZCTZxlx39fr7jwKFEI&Kj6dY=ATxxQ4G http://www.rlgbsuilds.com/hp6s/?uTuD=Fw5YSRn6B6q7Vo6CTsfssUahdbXa4r2ZD7nmGGCHLkY8GDkOmUQxWePCsmLEOuwwrsL9h5YF&Kj6dY=ATxxQ4G http://www.usedtowels.com/hp6s/?uTuD=LFde+ie6fWvOLN7PGF70NwTYUX7Jm/JyGjPm4XWrD0fHhgM6rcivN6x0AQjvoX504Y/z8KH4&Kj6dY=ATxxQ4G http://www.digitalimmersioncg.com/hp6s/?uTuD=ecMUAiyMfvfWY8rzTadGuccx8GuXMB82GuQzWJgBWyxQ3c9DaRyVLVaaQhcCvX5nneSnIplK&Kj6dY=ATxxQ4G http://www.nsbeneae.com/hp6s/?uTuD=SHpD87a5Dg8Vmq/a7y609SjdXnsgQw3juNG92/8unMmD+3syTbnlJP5vOUTgSZV81y/Tfjod&Kj6dY=ATxxQ4G	10	1	3.2	M	41	ZeroCERT

12885	2021-09-28 16:13	ooo.exe 2465c0064588369df56b47c28e38aa7e RAT Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	3 Keyword trend analysis Info http://www.binoler.xyz/hp6s/?ChOhp=Y0r6UfnM38LgcpYKBlb0i50Dv2SvJNbcX2aAiW6VOnO1SbIPk0VLDMIEprqsED4g5ujfqFSw&Ez=ltH4x0I http://www.affordableapartmentssl.com/hp6s/?ChOhp=xduxBy0qZ+DufZSL/R2onClCL9XD8RA8qPy1IQZcPY/Pf+1IWUPWX/JY4Mf09a70XNWl6hDx&Ez=ltH4x0I http://www.plxcksd.xyz/hp6s/?ChOhp=nWxINci6IYVyUMacVxyy/VVZomVhI1dtr5KzNL0MsrLoy2oaJyhKJK8IAcZwTNRL2WaiPkpq&Ez=ltH4x0I	7	2	7.8	M	14	ZeroCERT