popup

Submissions

No Date Request Urls Hosts IDS Rule Score Zero VT Player Etc
13756 2021-10-19 10:00 invoice_000300020.wbk  

5ebc54ff148cfb126169f6b4a9286f8f


Loki RTF File doc LokiBot Malware download VirusTotal Malware c&c Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed Downloader 		2 3 13 1 5.0 M 35 ZeroCERT

13757 2021-10-19 10:00 ski.exe  

1b465c6989637df1d5c511919c43e457


RAT PWS .NET framework Gen2 Formbook Generic Malware task schedule Malicious Library UPX Antivirus Malicious Packer Admin Tool (Sysinternals etc ...) DNS Sniff Audio KeyLogger ScreenShot Create Service DGA Socket Steal credential Internet API Code injecti VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder WriteConsoleW IP Check Tofsee Ransomware Windows ComputerName DNS Cryptographic key 		2 5 4 15.8 M 23 ZeroCERT

13758 2021-10-19 10:01 qwerty1backend1.html  

6756f4badcb40393eca843bbd8f6f4cc


Antivirus AntiDebug AntiVM MSOffice File PNG Format Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed 		6 4 2 4.2 M ZeroCERT

13759 2021-10-19 10:02 vbc.exe  

70a1b0e287cfb57fdafc401193a4476b


RAT Generic Malware Admin Tool (Sysinternals etc ...) Antivirus AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware powershell PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process Windows ComputerName DNS Cryptographic key 		5 7 1 12.6 M 34 ZeroCERT

13760 2021-10-19 10:03 vbc.exe  

5507731070ebf3b3bb9e93ffccf03624


Loki PWS Loki[b] Loki.m .NET framework Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software 		1 2 7 1 15.0 M 47 ZeroCERT

13761 2021-10-19 10:09 new.exe  

b45c61350ecdc4abd20c7b0647de3e99


RAT PWS .NET framework Generic Malware task schedule UPX ASPack Malicious Packer Malicious Library Antivirus AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW installed browsers check Tofsee Ransomware Windows Browser Tor ComputerName DNS Cryptographic key crashed 		7 5 1 19.6 M 23 ZeroCERT

13762 2021-10-19 10:10 vbc.exe  

70e9b753cb1f4f173c75c0d85f5e5a48


Generic Malware Malicious Library UPX PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself Remote Code Execution 		2.4 M 23 r0d

13763 2021-10-19 10:10 .rundll32.exe  

7f092cc4b4eed56b3af2686351f7402e


PWS Loki[b] Loki.m RAT .NET framework Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName DNS Software 		1 1 6 1 14.2 M 26 ZeroCERT

13764 2021-10-19 10:11 qwerty11111qq.html  

156b2455eb724c47be076902ab8b54d7


Antivirus AntiDebug AntiVM PNG Format MSOffice File Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed 		32 16 2 4.2 M ZeroCERT

13765 2021-10-19 10:12 100.exe  

b7078ac2fca819769a2d21d8e3a3ea15


RAT PWS .NET framework Generic Malware PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself ComputerName 		1.4 M 7 ZeroCERT

13766 2021-10-19 10:14 New_771008123115.exe  

5e4006f91dabad1c5e0ae08e2241775e


RAT PWS .NET framework Generic Malware PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee ComputerName 		1 4 1 3.0 M 27 ZeroCERT

13767 2021-10-19 10:18 11.html  

8e3047d1a165713737c10ca4c7420a21


Antivirus AntiDebug AntiVM PNG Format MSOffice File Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed 		22 16 2 4.2 M ZeroCERT

13768 2021-10-19 10:36 trend-1158968190.xls  

2f51f9ca08ea41c5b2835a0bb1b61344


Downloader MSOffice File RWX flags setting unpack itself suspicious process Tofsee 		3 5 2 3.6 guest

13769 2021-10-19 10:38 trend-1159280455.xls  

82fc838754595239ae0b9a0deed17a77


Downloader MSOffice File RWX flags setting unpack itself suspicious process Tofsee 		3 5 2 3.6 guest

13770 2021-10-19 10:41 trend-1159085967.xls  

c52b100b9fda49cbfed66f05b4630592


Downloader MSOffice File RWX flags setting unpack itself suspicious process Tofsee 		3 5 2 3.6 guest

keyword