Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
13396	2023-05-09 18:31	%23%23%23%23%23%23%23%23%23%23... a86eff21eb0571be6fa5d185365c4e06 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Exploit DNS crashed Downloader	1 Keyword trend analysis	1	3	4.8	M	27	ZeroCERT

13397	2023-05-09 18:29	QQQQ%23%23%23%23%23%23%23%23%2... 3a8641ce8a7de2549623b886e142ce8b MS_RTF_Obfuscation_Objects RTF File doc LokiBot Malware download VirusTotal Malware c&c Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed Downloader	2 Keyword trend analysis	2	12 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Fake 404 Response ET INFO Executable Download from dotted-quad Host ET MALWARE MSIL/GenKryptik.FQRH Download Request ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5.2	M	28	ZeroCERT

13398	2023-05-09 18:29	droidddxxxPayload.vbs 3d54b88bf2b6bcd1126ef4eb20d9e9f9 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	1	10.0	M	5	ZeroCERT

13399	2023-05-09 18:27	vbc.exe 32b910a06c3169b599852dad6c181ed6 PWS .NET framework Formbook Hide_EXE Generic Malware Antivirus KeyLogger Anti_VM AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1	14.0	M	51	ZeroCERT

13400	2023-05-09 18:27	test.exe a8f6a3eb27d8afa3aee2628739050bd5 PWS .NET framework RAT Downloader Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenShot AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Ransomware Windows ComputerName				6.4	M	28	ZeroCERT

13401	2023-05-09 17:17	82d3502c53149a88_rhtamjyx.txt 3e5543f72f7fd36a1aa30aba4f89c334 ScreenShot AntiDebug AntiVM Check memory unpack itself				1.0			guest

13402	2023-05-09 15:13	zqqK.html 5144480c0b8e79a016fafcfc3d3c3aa7 Generic Malware Antivirus AntiDebug AntiVM PowerShell MSOffice File powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut RWX flags setting exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed			2	8.8			ZeroCERT

13403	2023-05-09 14:34	vbc.exe 8cc158004c15e9dcae74414be7819658 Loki_b Loki_m PWS .NET framework Socket DNS PWS[m] AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	14.8	M	38	ZeroCERT

13404	2023-05-09 14:34	cryptedclient1.exe 699c684263c7e3ed81ffb2b1df23bd5f RAT Generic Malware Antivirus AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Collect installed applications Check virtual network interfaces suspicious process installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	1	14.4	M	28	ZeroCERT

13405	2023-05-09 14:31	file2.exe 7008af4d6c8a792cc119540ed6591c07 Malicious Library PE32 PE File VirusTotal Malware PDB				1.6	M	33	ZeroCERT

13406	2023-05-09 13:31	login.term 33faeaedba7072d68a887ca967f43fb5 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				3.4			BRY

13407	2023-05-09 13:22	aslmanager.20230509T000519-04 3bd376dae4abaf351e98ac49c96d4ee8 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				3.4			BRY

13408	2023-05-09 13:14	F211CDAB-CD00-415A-99E2-27DF41... 48b29d559c76e8d14e5e6434d84405ab AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				3.4			BRY

13409	2023-05-09 13:07	main.c47195de.css 0adbf0b1d5e2bd19d4e94242e0840430 ScreenShot AntiDebug AntiVM Check memory unpack itself				1.0			BRY

13410	2023-05-09 12:57	override-mac_f76168c82308f7c98... af97a2869dbd1103f4fcdbe3c8c53568 ScreenShot AntiDebug AntiVM Check memory unpack itself				1.0			BRY