Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
13411	2021-10-12 10:09	go.exe ab7f8753f4eb0b4f143227298e274cac RAT Generic Malware PE File PE32 .NET EXE VirusTotal Malware AutoRuns PDB Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows ComputerName	1 Keyword trend analysis	2	1		3.8	M	23	ZeroCERT

13412	2021-10-12 10:09	vbc.exe bcd839bc6de524618d63b723068a4951 RAT PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName crashed					12.0	M	25	ZeroCERT

13413	2021-10-12 10:11	Update.exe.rar 2484a28cb9d2f92c40586584767f30b9 Generic Malware Malicious Packer PE File PE32 VirusTotal Malware suspicious privilege unpack itself suspicious process AntiVM_Disk sandbox evasion WriteConsoleW shadowcopy delete Ransom Message Creates autorun.inf VM Disk Size Check Ransomware GameoverP2P Zeus Windows Trojan Banking crashed					8.0	M	55	ZeroCERT

13414	2021-10-12 10:11	harshmanzx.exe 301a4df4f0d5f945e5f5d75ae82d4b9e RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself suspicious TLD DNS	1 Keyword trend analysis	3	2		8.4	M	27	ZeroCERT

13415	2021-10-12 10:14	famzx.exe 0983cb6f908dcef2e94b4e9e540d39f9 RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	2 Keyword trend analysis	4	1		8.0	M	26	ZeroCERT

13416	2021-10-12 10:14	obinnazx.exe e26a74c3a4ed07700a690e1763ea18b8 RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself	1 Keyword trend analysis	2			9.6	M	28	ZeroCERT

13417	2021-10-12 10:16	mon.exe b1dabcbd25adde23f97153d763270a1c PWS Loki[b] Loki.m RAT .NET framework Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName DNS Software	4 Keyword trend analysis	5			13.6	M	23	ZeroCERT

13418	2021-10-12 10:16	%E5%88%9D%E5%A6%86%E5%8A%A9%E6... 5019b4c4d5e6b67a826897bff52a0d23 Emotet Generic Malware Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check PE64 VirusTotal Malware Checks debugger unpack itself AppData folder DNS		1			2.8	M	14	ZeroCERT

13419	2021-10-12 10:18	Update.exe.rar b43e8b865d3339eeb8b8b11f900f6c89 Generic Malware Malicious Packer PE File PE32 VirusTotal Malware suspicious privilege unpack itself suspicious process AntiVM_Disk sandbox evasion WriteConsoleW shadowcopy delete Ransom Message Creates autorun.inf VM Disk Size Check Ransomware Windows crashed					7.4	M	55	ZeroCERT

13420	2021-10-12 10:18	vbc.exe 26349f3a31f9a7bcc9d0db1ceb5ef0ed NSIS Malicious Library PE File PE32 DLL Emotet VirusTotal Malware Code Injection Check memory Creates executable files unpack itself AppData folder					4.2	M	27	ZeroCERT

13421	2021-10-12 10:20	.lsass.exe ca04c158a9dd8788d96884e6eb11a21b Generic Malware Admin Tool (Sysinternals etc ...) PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Checks Bios Detects VirtualBox suspicious process AppData folder WriteConsoleW VMware anti-virtualization Windows ComputerName Software					12.0	M	28	ZeroCERT

13422	2021-10-12 10:21	0001.exe 9c6bda87c91a4bb5b1a70a76d7fe4486 Generic Malware Malicious Packer Admin Tool (Sysinternals etc ...) Malicious Library PE File PE32 OS Processor Check Malware download NetWireRC VirusTotal Malware suspicious privilege Check memory unpack itself BitRAT Windows ComputerName DNS keylogger		1	2		5.4	M	52	ZeroCERT

13423	2021-10-12 10:22	vbc.exe bf91c44b5464861eab06b456c1ff7d1e Lokibot PWS Loki[b] Loki.m RAT .NET framework Generic Malware DNS Socket AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	12.8	M	33	ZeroCERT

13424	2021-10-12 10:22	WD10.exe a5959a6624804559383ef7244c3f6d34 Generic Malware PE64 PE File VirusTotal Malware AutoRuns suspicious privilege MachineGuid Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows ComputerName DNS Cryptographic key		2			5.8	M	36	ZeroCERT

13425	2021-10-12 10:25	EX.exe aaa16d36270d9955245694cec64e0450 Generic Malware Antivirus PE64 PE File VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself suspicious process Windows ComputerName DNS Cryptographic key		1			9.0	M	41	ZeroCERT