Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
13696	2023-04-22 08:54	123.exe bd1f19c4defecdd38c2c366e24154ebb Malicious Library PE32 PE File VirusTotal Malware unpack itself crashed					1.6	M	39	ZeroCERT

13697	2023-04-22 08:53	server.exe 0d34a5f97ae366a48c3c47017004d1bc UPX Malicious Packer Antivirus Malicious Library OS Processor Check PE32 PE File VirusTotal Malware Check memory sandbox evasion Browser DNS		2	1		2.4	M	59	ZeroCERT

13698	2023-04-22 08:52	4493ZRgdFTeXSMAHoJWWJBvXxPsJ.e... 2252417dd70ee414c21fc4585940b6fd Gen1 UPX Malicious Packer Malicious Library OS Processor Check PE32 PE File VirusTotal Malware Telegram MachineGuid Check memory unpack itself Tofsee ComputerName DNS crashed	2 Keyword trend analysis	6	3		6.2	M	59	ZeroCERT

13699	2023-04-22 08:51	vbc.exe e5e052f994d900593d162f926a5103e7 Anti_VM .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself ComputerName					2.2	M	45	ZeroCERT

13700	2023-04-22 08:51	vbc.exe c167a030f4e6252f380c5d177282cfbe Formbook Emotet PWS .NET framework RAT Generic Malware Antivirus AntiDebug AntiVM .NET EXE PE32 PE File FormBook Malware download VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process Windows ComputerName DNS Cryptographic key crashed	4 Keyword trend analysis Info http://www.hjd04b.com/my28/?8pgHjRdp=l6PR18TDP4lswArBVO5bAFPootK1SxL5gNddDcv8ESa3Cj6F17LLz9lgx0MVn3j38wYGOJcR&r6=X4XDHZU8s http://www.eoujkbvn.shop/my28/?8pgHjRdp=L4acUB+47lynVF4fjl9p6Di64KDq5P2gzlJCkdZJaqemyNdaz3c4hs19zS7nZyQH6vk86Fkh&r6=X4XDHZU8s http://www.49astleystreet.com/my28/?8pgHjRdp=+VAUe4t+xmaF92noBAsndN56+z0GlyZ4xiIxgvDciribSLdsxv7/Rp1zqOY349oGooJSGIY2&r6=X4XDHZU8s - rule_id: 28339 http://172.245.214.178/007/Fetsok.dat	7	1	1	12.2	M	24	ZeroCERT

13701	2023-04-22 08:50	vbc.exe f8f5116ce3c2b6354d8b0fc64252372c Loki Loki_b Loki_m PWS .NET framework Socket DNS PWS[m] AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	14.2	M	30	ZeroCERT

13702	2023-04-22 08:48	Setup.exe 36ec5db7a7da85a85416870098529108 Generic Malware UPX OS Processor Check PE64 PE File VirusTotal Malware unpack itself Windows DNS crashed		1			3.6	M	13	ZeroCERT

13703	2023-04-22 08:47	foto0165.exe 36831097f48c651149c9e85afcdf6c2b Gen1 Emotet UPX Malicious Library CAB PE32 PE File Browser Info Stealer FTP Client Info Stealer AutoRuns PDB suspicious privilege Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		2			8.2	M		ZeroCERT

13704	2023-04-22 08:45	NODD.exe 95c5281f68d37a162fcd1b679fdaff5e UPX Malicious Packer Antivirus Malicious Library PE32 PE File OS Processor Check PE64 VirusTotal Malware Check memory Creates executable files unpack itself suspicious TLD sandbox evasion Windows Browser DNS		2	5		5.4	M	55	ZeroCERT

13705	2023-04-22 08:45	dcrossc.exe fcb1534a561fc1fe2954c00899e2815f NSIS UPX Malicious Library Malicious Packer PE32 PE File OS Processor Check Malware download AveMaria NetWireRC VirusTotal Malware AutoRuns MachineGuid Check memory Creates executable files unpack itself AppData folder Windows RAT ComputerName DNS DDNS keylogger		2	4		5.6	M	37	ZeroCERT

13706	2023-04-22 02:59	bf7aa96822560d00a9ba902debea31... f8f25d897f435dc185f503c5cd9ab642 Gen1 Emotet UPX Malicious Library CAB PE32 PE File VirusTotal Malware AutoRuns PDB Check memory Checks debugger Creates executable files unpack itself AntiVM_Disk WriteConsoleW VM Disk Size Check Windows Remote Code Execution					4.2		6	guest

13707	2023-04-21 18:21	InstalCap129.exe ff50ba3018c5e11f6ec53931d9e04b9d RAT NSIS Generic Malware UPX Malicious Library AntiDebug AntiVM PE32 PE File MSOffice File PNG Format .NET EXE OS Processor Check DLL JPEG Format .NET DLL VirusTotal Malware AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security Check virtual network interfaces AppData folder Tofsee Interception Windows Exploit Browser Google DNS Cryptographic key crashed	3 Keyword trend analysis	6	3		12.4	M	27	ZeroCERT

13708	2023-04-21 18:21	smwd5306.exe dc26d49b647e26665fe94dfe5a3b6cff Gen2 NSIS UltraVNC Generic Malware UPX Malicious Library ASPack Anti_VM Malicious Packer Antivirus PE32 PE File PE64 DLL BMP Format .NET EXE OS Processor Check GIF Format Browser Info Stealer VirusTotal Malware AutoRuns MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Auto service Detects VMWare AppData folder sandbox evasion WriteConsoleW VMware installed browsers check Windows Browser ComputerName Cryptographic key crashed	3 Keyword trend analysis Info http://d23ocewf5ttxmu.cloudfront.net/br.ashx?pid={PID}&aid={AID}&ss=0&s=N4LjSLF&v=2.1.5.306&md5=271b06c792838b8d992c8cd45f4a3897&mid=AAA0A3AGAJA9A9A7A3AJieie777G3DiL7L77793D1JiAA1&uid=A14B9EAF-39FF-49F6-A848-E4C05A9C6A9C http://d23ocewf5ttxmu.cloudfront.net/br.ashx?pid={PID}&aid={AID}&ss=0&s=N4LjSLF&v=2.1.5.306&md5=3d0118e6f5b93e2a167614e8a0d320e7&mid=AAA0A3AGAJA9A9A7A3AJieie777G3DiL7L77793D1JiAA1&uid=A14B9EAF-39FF-49F6-A848-E4C05A9C6A9C http://d23ocewf5ttxmu.cloudfront.net/br.ashx?pid={PID}&aid={AID}&ss=0&s=N4LjSLF&v=2.1.5.306&md5=15adccbdf2e3e994baa9e12797b52a14&mid=AAA0A3AGAJA9A9A7A3AJieie777G3DiL7L77793D1JiAA1&uid=A14B9EAF-39FF-49F6-A848-E4C05A9C6A9C	4	1		11.0	M	53	ZeroCERT

13709	2023-04-21 18:18	%23%23%23%23%23%23%23%23%23%23... 641d203073155b565066099a0be1a7bf MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	1	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE MSIL/GenKryptik.FQRH Download Request ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.0	M	34	ZeroCERT

13710	2023-04-21 18:16	%23%23%23%23%23%23%23%23%23%23... ca03d98ceff0033c142edf2fd5b9f2a9 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed Downloader	3 Keyword trend analysis	4	9 Info ET HUNTING Suspicious Terse Request for .bmp ET INFO Executable Download from dotted-quad Host ET MALWARE MSIL/GenKryptik.FQRH Download Request ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		5.2	M	29	ZeroCERT