Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
13741	2021-10-19 09:42	8451.exe 7d0ab695c712dccd72a7eba3f2db14be RAT PWS .NET framework Generic Malware PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee ComputerName	1 Keyword trend analysis	4	1		3.2	M	33	ZeroCERT

13742	2021-10-19 09:43	Requests07520000652.exe 99a0109485e8ca6d9ee2b809390d89b8 RAT PWS .NET framework Generic Malware PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee ComputerName	1 Keyword trend analysis	4	1		3.0	M	25	ZeroCERT

13743	2021-10-19 09:44	34522201036.exe e09367e4c8c23541902285438711ec86 RAT PWS .NET framework Generic Malware PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee ComputerName	1 Keyword trend analysis	4	1		3.0	M	24	ZeroCERT

13744	2021-10-19 09:45	lv.exe 75970d264d08b42ae47cfd3df6c9a3f4 Themida Packer PE64 PE File VirusTotal Malware unpack itself Windows crashed					2.6		27	ZeroCERT

13745	2021-10-19 09:46	index.php d78109d9c17ca4493bdde1ac95bdccfd Malicious Library UPX PE File OS Processor Check PE32 PDB unpack itself Remote Code Execution					1.4			ZeroCERT

13746	2021-10-19 09:47	office.exe 57be051a2a20b292fc8cb67c4f31c4f9 RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself					7.6		40	ZeroCERT

13747	2021-10-19 09:48	host.exe 003e691923293c72dca0b670e9ff9390 PE File PE32 VirusTotal Malware					2.2	M	52	ZeroCERT

13748	2021-10-19 09:50	micro.jar b2097471ac7d4e8304a119e815ac5261 NPKI Malicious Library UPX Malicious Packer PE File OS Processor Check PE32 DLL Malware download NetWireRC VirusTotal Malware AutoRuns Check memory buffers extracted Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder suspicious TLD WriteConsoleW Windows Java ComputerName DNS crashed	1 Keyword trend analysis	10 Info str-master.pw(147.182.174.188) - mailcious repo1.maven.org(199.232.196.209) github.com(15.164.81.167) - mailcious nightwolf.workisboring.com() github-releases.githubusercontent.com(185.199.108.154) 173.209.48.226 147.182.174.188 - mailcious 52.78.231.108 - malware 185.199.109.154 151.101.24.209	5	1	9.0	M	15	ZeroCERT

13749	2021-10-19 09:51	70016103621110.exe 5139e24e3fa4d06a143dd7d297a44ee7 RAT PWS .NET framework Generic Malware PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee ComputerName	1 Keyword trend analysis	4	1		3.0	M	29	ZeroCERT

13750	2021-10-19 09:52	vbc.exe d55204cd0ff7e8de80265243cad2c19a Loki PWS Loki[b] Loki.m RAT .NET framework Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	14.2	M	44	ZeroCERT

13751	2021-10-19 09:55	rundll32.exe fa3d5b504712ac42e68f6c5d98598e1e RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	7 Keyword trend analysis Info http://www.esyscoloradosprings.com/fqiq/?t8o=KZhYdxsCK4fJ4m+EpksKfhNe7DL7yKRLCyuZj4rSbKSeqpNQJyJA+YHOsqPeAHgrxeW9DyCb&UlX=YvLT_ - rule_id: 6444 http://www.healthyweekendtips.com/fqiq/?t8o=nFNrhldW1G3Iuc6NBw1UbSwwpktYb/50pHeyo/0a7tjLnrEnAw7KG36PTjcGJ5KEduXnU9Wd&UlX=YvLT_ - rule_id: 6446 http://www.ipatchwork.today/fqiq/?t8o=4uUO9SnGhH7qrBLLau2QeKM25d/gV3/zp2Vn/jpTz6zTrds8IKqZgGZbt3S1nhaRXztFEuL7&UlX=YvLT_ http://www.floaterslaser.com/fqiq/?t8o=cd5R1bQmbqnLvLG63I3E0k/wUnqrUWXrQuGYWdnnzDIYGyWqiJOfWgNnmMSyom/RYKC7YMH4&UlX=YvLT_ http://www.wolmoda.com/fqiq/?t8o=S+cpy0umECTwuTE52eQvldFGZ7uWQHdiwg92XpTlC9HPK4+x2Wa76IO+IolmVoAcN8bu+dPq&UlX=YvLT_ http://www.satellitephonstore.com/fqiq/?t8o=Sq1XZHSrpCHed4l0gSE8w/MNMhRnHgbusCiv7TwhFJT/5cEiP7Kz4bRk1Jir79l1clbW8xKQ&UlX=YvLT_ http://www.applebroog.industries/fqiq/?t8o=0RH9gkF4+S66YbdBg5arrRt8ci9oBvnO84hTkOxxIVwmdJGohZyCC7mOG5N6PcmeIk25yT0k&UlX=YvLT_	15 Info www.healthyweekendtips.com(104.21.78.41) www.satellitephonstore.com(35.186.238.101) www.wolmoda.com(75.2.115.196) www.applebroog.industries(209.17.116.163) www.ipatchwork.today(34.233.132.165) www.esyscoloradosprings.com(108.167.135.122) www.quicksticks.community() www.floaterslaser.com(81.169.145.161) 35.186.238.101 - mailcious 209.17.116.163 - mailcious 108.167.135.122 - mailcious 172.67.216.2 81.169.145.161 - mailcious 75.2.115.196 - mailcious 34.233.132.165	2	2	7.8	M	14	ZeroCERT

13752	2021-10-19 09:55	cock.mp4 d050948cba26749ca0ae38c401cae549 Gen2 Gen1 VMProtect Malicious Library UPX Malicious Packer PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency Malicious Traffic Check memory Creates executable files RWX flags setting unpack itself Windows utilities Checks Bios Collect installed applications suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check Ransomware Zeus Windows Browser Advertising ComputerName Trojan DNS Software	6 Keyword trend analysis Info http://128.199.63.64/deepanal/gate.php?type=report&tag=traffic3&uid=39B06D4D868D1303186797&passwords=0&cookies=0&autofill=0&cc=0&wallets=0&steam=0&battlenet=0&telegram=1&discord=0&jabber=0&vpn=0&ftp=1 http://128.199.63.64/deepanal/gate.php?type=settings http://128.199.63.64/deepanal/gate.php?type=loader&tag=traffic3 http://128.199.63.64/hoetnaca/exps/1.exe http://128.199.63.64/deepanal/gate.php?type=ip http://128.199.63.64/deepanal/system/assets/bundle.bin	2	8 Info ET MALWARE Generic .bin download from Dotted Quad ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Generic gate .php GET with minimal headers ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad ET HUNTING Suspicious GET To gate.php with no Referer ET INFO Executable Download from dotted-quad Host ET MALWARE Single char EXE direct download likely trojan (multiple families)		13.8	M	24	ZeroCERT

13753	2021-10-19 09:55	vbc.exe bf6bcbda23200e2bb0b6acc4fd744ad5 Gen2 Gen1 Generic Malware Malicious Packer Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware Check memory RWX flags setting unpack itself Remote Code Execution					2.0	M	24	ZeroCERT

13754	2021-10-19 09:58	vbc.exe 70e9b753cb1f4f173c75c0d85f5e5a48 UPX PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself Remote Code Execution					2.4	M	23	ZeroCERT

13755	2021-10-19 09:58	.winlogon.exe 52cd71bde1c747ac5eef94c0a71ffe70 RAT PWS .NET framework Generic Malware Malicious Packer SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName crashed					11.8	M	22	ZeroCERT