Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
13111	2023-05-20 16:23	datelog.dll 71c46a859f0729eb66d3fe7a9ae4c4e4 Backdoor Farfli UPX Malicious Library Malicious Packer Antivirus OS Processor Check DLL PE File PE32 VirusTotal Malware Checks debugger unpack itself DNS		1			4.0	M	54	ZeroCERT

13112	2023-05-20 16:23	chrome.exe a4cd1ae410eb0a18a0c48218b7080713 RedLine stealer[m] UPX Admin Tool (Sysinternals etc ...) AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware PDB suspicious privilege Code Injection Checks debugger buffers extracted exploit crash unpack itself Collect installed applications installed browsers check Windows Exploit Browser DNS Cryptographic key Software crashed		1			11.2	M	33	ZeroCERT

13113	2023-05-20 16:21	mn.php 8444b7011547a0b4bdc18437aa9d6e83 UPX Malicious Library OS Processor Check DLL PE64 PE File Checks debugger unpack itself ComputerName DNS crashed		6			3.8			ZeroCERT

13114	2023-05-20 16:20	foto0195.exe 283d3a45769695434e47bbb2c98ff469 Gen1 Emotet PWS .NET framework RAT RedLine Stealer UltraVNC UPX Malicious Library Confuser .NET CAB PE File PE32 OS Processor Check .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware AutoRuns PDB suspicious privilege Check memory Checks debugger WMI Creates executable files unpack itself Disables Windows Security Collect installed applications AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		1			11.4	M	36	ZeroCERT

13115	2023-05-20 16:19	mn.php b975131f47777670e30248a7713d3275 UPX Malicious Library OS Processor Check DLL PE64 PE File Checks debugger unpack itself ComputerName DNS crashed		6			3.8			ZeroCERT

13116	2023-05-19 18:31	File_pass1234.7z 4f93d356a5bddc4210282cdfc365c2fd PWS[m] Escalate priviledges KeyLogger AntiDebug AntiVM Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check Tofsee DNS	4 Keyword trend analysis	10	2	1	4.2	M		ZeroCERT

13117	2023-05-19 18:09	Rszsx.js 99d584088d1c742f855f1345dcf541d0 Generic Malware Antivirus Hide_URL AntiDebug AntiVM PowerShell VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key	1 Keyword trend analysis				6.0		8	ZeroCERT

13118	2023-05-19 18:09	Icuv.js 69cd79e7cef9f9fcd5d0e7d47b179566 Generic Malware Antivirus Hide_URL AntiDebug AntiVM PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key	1 Keyword trend analysis				6.2		16	ZeroCERT

13119	2023-05-19 18:08	rt.php.ps1 126439fe4d3f566c2171c0b63479931b Generic Malware Antivirus Check memory unpack itself WriteConsoleW Windows Cryptographic key					1.0			ZeroCERT

13120	2023-05-19 18:06	compan.exe 55e23e1fe5c4051b85cc6aa7c1399ac8 RAT Generic Malware Downloader UPX Malicious Library Malicious Packer Antivirus Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenShot AntiDebug AntiVM Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare Check virtual network interfaces suspicious process AppData folder WriteConsoleW VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Cryptographic key Software crashed	10 Keyword trend analysis Info http://ilonamaska.info/wp-content/uploads/2022/08 http://ilonamaska.info/function/v2tmp/path_int.php http://ilonamaska.info/wp-content/uploads/2021/10 http://ilonamaska.info/function/v2tmp/useruploadetfilesun.php http://ilonamaska.info/books/userpaths/birbik/harrypotter1.txt http://ilonamaska.info/stat_os.php http://ilonamaska.info/app/files/ap/id27315001.php http://ilonamaska.info/books/userpaths/birbik/harrypotter111.txt https://api.ip.sb/geoip https://api.ip.sb/ip	8	6		18.2	M	42	ZeroCERT

13121	2023-05-19 18:02	ugopzx.exe 8840414a8ba647e57aeadfa3fc8edbd4 Loki_b Loki_m RAT Socket DNS PWS[m] AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		14.2	M	46	ZeroCERT

13122	2023-05-19 18:02	136.exe a1feeca49654dafe62b72623b20cd8bd UPX Malicious Library Malicious Packer OS Processor Check PE File PE32 Browser Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency Malicious Traffic Checks debugger buffers extracted Collect installed applications installed browsers check Ransomware Browser ComputerName Firmware DNS	1 Keyword trend analysis	1	1		7.4	M	43	ZeroCERT

13123	2023-05-19 18:00	photo230.exe 6af5107aa062ad8f3aa8cd91491de9c1 Gen1 Emotet UPX Malicious Library CAB PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware AutoRuns PDB suspicious privilege Check memory Checks debugger WMI Creates executable files unpack itself Disables Windows Security Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		1			11.0	M	37	ZeroCERT

13124	2023-05-19 18:00	crypted.exe cd4121ea74cbd684bdf3a08c0aaf54a4 UPX Malicious Library Malicious Packer OS Processor Check PE File PE32 Browser Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency Malicious Traffic Checks debugger buffers extracted Collect installed applications installed browsers check Ransomware Browser ComputerName Firmware DNS	1 Keyword trend analysis	1	1	1	7.2	M	31	ZeroCERT

13125	2023-05-19 17:10	1 Total New Invoices - Wednesd... 0167008e21c985a2e4a2b547b824e5d8 wscript.exe payload download Tofsee		2	1		1.2			ZeroCERT