Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12931	2023-05-24 18:26	Install_pass1234.7z 32e0ddc0e3205817e4e2fecc5c7fd6aa PWS[m] Escalate priviledges KeyLogger AntiDebug AntiVM Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check Tofsee DNS	6 Keyword trend analysis Info http://5.181.80.133/api/tracemap.php - rule_id: 32661 http://85.208.136.10/api/tracemap.php - rule_id: 32662 http://208.67.104.60/api/tracemap.php - rule_id: 28876 http://www.maxmind.com/geoip/v2.1/city/me https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://db-ip.com/	14	2	3	5.6	M		ZeroCERT

12932	2023-05-24 18:24	qnzisbcztoeq.exe e5f91631af3e79e3404a212b348992a5 Generic Malware UPX Malicious Library Malicious Packer OS Processor Check PE64 PE File VirusTotal Malware crashed					1.2	M	36	ZeroCERT

12933	2023-05-24 18:23	build1.exe 07d4c26b15e3f3d6c5d1f2a8302edc60 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					2.4	M	55	ZeroCERT

12934	2023-05-24 18:21	oyozx.exe 2ac97e1b1edba740e7020abf3ba57dd3 Loki_b Loki_m PWS .NET framework Socket DNS PWS[m] AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2		13.8	M	43	ZeroCERT

12935	2023-05-24 18:21	dwm.exe 6aa04c7bb5c5eb8386238f282825f57e NSIS UPX Malicious Library PE File PE32 DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger	1 Keyword trend analysis	4	2		12.0	M	39	ZeroCERT

12936	2023-05-24 18:19	vic.exe 390c7845c05f6d9870c2f96549467d10 RAT Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1		15.2	M	43	ZeroCERT

12937	2023-05-24 18:19	pakinsss.exe 583b3af827765f4baec35006ea67537c .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself					2.2	M	39	ZeroCERT

12938	2023-05-24 17:57	Setup_pass1234.7z ea4f3513b11941df1242eaf04623fe09 PWS[m] Escalate priviledges KeyLogger AntiDebug AntiVM VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check Tofsee DNS	5 Keyword trend analysis	11	2	2	4.6	M	1	ZeroCERT

12939	2023-05-24 17:54	zRqNu.dll 8e371c48b36abdaf30b8f35f07f190b4 Gen2 Gen1 UPX OS Processor Check DLL PE File PE32 PDB Checks debugger unpack itself crashed					1.4			ZeroCERT

12940	2023-05-24 17:42	Setap_pass1234.zip 1a80c9fabfc35020a76a12d6fc0af08d ZIP Format						M		ZeroCERT

12941	2023-05-24 17:33	po-docs-may24.lzh 43166fa49427e12ed765b1d44b203402 Malicious Library Admin Tool (Sysinternals etc ...) AntiDebug AntiVM VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					4.2		21	Kim.GS

12942	2023-05-24 17:31	http://103.86.45.70/ant1a 15eb657c54f101c94ff34ff6d04873d3 Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM MSOffice File icon Malware Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	30 Keyword trend analysis Info http://103.86.45.70/ant1a/inc/css/basic.css http://103.86.45.70/ant1a/inc/mdb/css/addons/datatables.min.css http://103.86.45.70/ant1a/inc/mdb/js/jquery-3.4.1.min.js http://103.86.45.70/ant1a/inc/mdb/font/roboto/Roboto-Thin.eot? http://103.86.45.70/ant1a/ http://103.86.45.70/ant1a/inc/vendors/font-awesome/css/font-awesome.min.css http://103.86.45.70/ant1a/inc/mdb/css/bootstrap.min.css http://103.86.45.70/ant1a http://103.86.45.70/ant1a/Main/Login http://103.86.45.70/ant1a/inc/mdb/font/roboto/Roboto-Light.eot? http://103.86.45.70/ant1a/inc/mdb/js/popper.min.js http://103.86.45.70/ant1a/inc/mdb/js/bootstrap.min.js http://103.86.45.70/ant1a/inc/mdb/css/mdb.min.css http://103.86.45.70/ant1a/inc/mdb/font/roboto/Roboto-Regular.eot? http://103.86.45.70/ant1a/inc/mdb/font/roboto/Roboto-Medium.eot? http://103.86.45.70/ant1a/inc/mdb/css/style.css http://103.86.45.70/ant1a/inc/mdb/font/roboto/Roboto-Bold.eot? http://103.86.45.70/favicon.ico http://103.86.45.70/ant1a/inc/mdb/js/mdb.min.js https://fonts.gstatic.com/s/notosanskr/v27/PbykFmXiEBPT4ITbgNA5CgmG0X7r.woff https://fonts.gstatic.com/s/notosanskr/v27/Pby7FmXiEBPT4ITbgNA5CgmOIl3477IX.woff https://fonts.gstatic.com/s/nanumgothic/v21/PN_3Rfi-oW3hYwmKDpxS7F_D-djY.woff https://fonts.gstatic.com/s/nanumgothic/v21/PN_oRfi-oW3hYwmKDpxS7F_LXv7LyVsg.woff https://fonts.gstatic.com/s/notosanskr/v27/Pby6FmXiEBPT4ITbgNA5CgmOsk7vyJE.woff https://fonts.googleapis.com/earlyaccess/notosanskr.css https://fonts.gstatic.com/s/notosanskr/v27/Pby7FmXiEBPT4ITbgNA5CgmOelz477IX.woff https://fonts.gstatic.com/s/nanumgothic/v21/PN_oRfi-oW3hYwmKDpxS7F_LQv3LyVsg.woff https://fonts.gstatic.com/s/notosanskr/v27/Pby7FmXiEBPT4ITbgNA5CgmOalv477IX.woff https://fonts.googleapis.com/earlyaccess/nanumgothic.css https://fonts.gstatic.com/s/notosanskr/v27/Pby7FmXiEBPT4ITbgNA5CgmOUln477IX.woff	5	2		6.2			guest

12943	2023-05-24 17:05	kkdbsave.mp3 165d86fb920b3ca4f2b6528f5645b3c2 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		3.8			guest

12944	2023-05-24 17:05	Bilification.js 02c3d2dc98bc4feccd7f5c4a9d565685 Generic Malware Antivirus Hide_URL AntiDebug AntiVM PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName DNS Cryptographic key	5 Keyword trend analysis				7.2			ZeroCERT

12945	2023-05-24 17:04	kkkioomsave.mp3 cf0671e1782efc7897af05fa1892dc9d AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed		1	2		3.8			guest