Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12916	2021-09-29 10:18	ds.exe 1d29d6cd39010976adcb9fcba517f3bc Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself DNS		1			2.8	M	27	ZeroCERT

12917	2021-09-29 10:18	mpomzx.exe 132e157793925e5d203c1641e313d95d PWS .NET framework Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	2 Keyword trend analysis	4	1		8.2	M	35	ZeroCERT

12918	2021-09-29 10:20	svchost.exe e134bca3704fcb507dc6b6524114417c Malicious Library PE File PE32 Dridex TrickBot VirusTotal Malware RWX flags setting Kovter ComputerName DNS		1	2		2.8	M	53	ZeroCERT

12919	2021-09-29 10:20	.winlogon.exe 9a469f6de779995908283daeda4b6f96 RAT PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed					9.0	M	33	ZeroCERT

12920	2021-09-29 10:22	vbc.exe 91baf3dc0efd0156b2cb81c0a977db4d Loki NSIS Malicious Library PE File PE32 DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	10 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET INFO DNS Query for Suspicious .gq Domain ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious .gq domain ET INFO HTTP Request to a .gq domain ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	10.8	M	40	ZeroCERT

12921	2021-09-29 10:35	server4.exe 1a2cd8fff0b19363a096722678a0fd55 RAT PWS .NET framework email stealer Generic Malware Antivirus DNS Socket Escalate priviledges KeyLogger Code injection Downloader persistence AntiDebug AntiVM PE File .NET EXE PE32 Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Windows ComputerName DNS Cryptographic key DDNS		5	2		12.6	M		ZeroCERT

12922	2021-09-29 10:36	hexacyanide.exe 5730f17fceb0f2fdd132677517c03ff0 Gen1 Gen2 Generic Malware Malicious Library Malicious Packer UPX Antivirus Anti_VM ASPack PE File OS Processor Check PE32 PNG Format DLL GIF Format PE64 Malware download NetWireRC VirusTotal Malware AutoRuns suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check human activity check installed browsers check BitRAT Windows Browser ComputerName DNS crashed keylogger		1	3		8.8		7	ZeroCERT

12923	2021-09-29 10:40	FireFoxExtension.exe 2e309f6569ad98bc9dda1178dbcf6296 Gen2 Gen1 Generic Malware UPX Malicious Library Malicious Packer PE File OS Processor Check PE32 DLL PE64 VirusTotal Malware Checks debugger Creates executable files unpack itself suspicious process AppData folder WriteConsoleW Turn off Windows Error Recovery notification window Tofsee crashed	1 Keyword trend analysis	2	2		4.4		24	ZeroCERT

12924	2021-09-29 10:40	recital-1921525472.xls dfeacbd6e8e7e922f27c4308d52e1af8 MSOffice File RWX flags setting unpack itself					0.8			guest

12925	2021-09-29 10:42	recital-1921341.xls 731c1afc15a134ddc8a9792c5113502f MSOffice File RWX flags setting unpack itself					0.8			guest

12926	2021-09-29 10:45	recital-1921220787.xls 870bd281ff976d19e5bbec582d556ebc MSOffice File RWX flags setting unpack itself					0.8			guest

12927	2021-09-29 10:47	recital-1921530865.xls 9271898f88c6d1125319e74b38965892 MSOffice File RWX flags setting unpack itself					0.8			guest

12928	2021-09-29 10:55	DOC INVOICE EXPORTO52052 IMG00... 90d330f59db7ec33723b37a5d6c6457d Generic Malware Antivirus DNS AntiDebug AntiVM PE File .NET EXE PE32 Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key DDNS		4	1		16.4			ZeroCERT

12929	2021-09-29 10:56	210927074400_001.pdf.exe 9bea4af401102b89498aaa22aeba728f RAT PWS .NET framework Generic Malware DNS AntiDebug AntiVM PE File .NET EXE PE32 Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS		3	1		14.2			ZeroCERT

12930	2021-09-29 10:59	Image_0084373_Zahtev za ponuda... 3243bc1f0bfa1bbfcb092449e42ea215 NSIS Malicious Library PE File PE32 DLL VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW human activity check Windows ComputerName DNS DDNS		2	1		12.8		26	ZeroCERT