Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
13756	2023-04-20 11:19	Sbiqfcpir.hta 3e225779f6f92a4f8e31b8a5aadb79ea Generic Malware Antivirus AntiDebug AntiVM PowerShell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself suspicious process Windows ComputerName Cryptographic key	8 Keyword trend analysis Info https://hotellosmirtos.com/sjn/PQiyNfrmUm https://mrcrizquna.com/L7ccN/5xyIta4J https://citytech-solutions.com/6Mh1k/bLddoC5w https://zainco.net/OdOU/iwjvWWQK1LXG https://carladvogadatributaria.com/tvnq9/fumBE4hlm9 https://erg-eg.com/ocmb/T8XeUTra https://nayadofoundation.org/wXaKm/9vYtmZ https://gsscorporationltd.com/okSfj/08jXB4X9BF				4.2			ZeroCERT

13757	2023-04-20 11:18	Complaint_Copy_838511.wsf 0038e8cfc6deaa5e8b9ba11affaeea2d Malware VBScript Malicious Traffic Check memory heapspray wscript.exe payload download DNS crashed Dropper	1 Keyword trend analysis	1			10.0			ZeroCERT

13758	2023-04-20 11:18	Funds_166311.wsf c8cdbe9de89761dd6364ac64c6fdf0cf VBScript wscript.exe payload download unpack itself Tofsee crashed Dropper	2 Keyword trend analysis	2	1	2	10.0	M		ZeroCERT

13759	2023-04-20 09:48	4556qXbHiTtYxMXnMwXziAARUlvy.e... a3b8de651df55988ae8f38dbbc734b0c Generic Malware UPX WinRAR Antivirus Malicious Library OS Processor Check PE32 PE File VirusTotal Malware powershell PDB suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Remote Code Execution Cryptographic key					5.8	M	7	ZeroCERT

13760	2023-04-20 09:46	vbc.exe f26ce3fc95a5cc436d4e15338a7ded6b PWS .NET framework Hide_EXE .NET EXE PE32 PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.2	M	22	ZeroCERT

13761	2023-04-20 09:44	s.exe f066332ccc81b918c04cdcab3b828c27 UPX Malicious Library OS Processor Check PE32 PE File PDB unpack itself Remote Code Execution DNS		1			1.8	M		ZeroCERT

13762	2023-04-20 09:42	Uomwqqq.exe 287b678f74eae9dacfc22cf4928227cc Loki_b Loki_m PWS .NET framework RAT Generic Malware task schedule UPX Antivirus DNS PWS[m] KeyLogger ScreenShot AntiDebug AntiVM OS Processor Check .NET EXE PE32 PE File Malware download NetWireRC VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process IP Check Windows RAT ComputerName DNS Cryptographic key	1 Keyword trend analysis	3	2		11.8	M	37	ZeroCERT

13763	2023-04-20 09:42	vbc.exe fd4d349554b93a53a3d5540a92f251c0 UPX Malicious Library PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer AutoRuns Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed		2	1		7.0	M		ZeroCERT

13764	2023-04-20 09:40	vbc.exe 2695bbee65577ccc58e90a792688bd57 PWS .NET framework Hide_EXE Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed		1			13.0	M	46	ZeroCERT

13765	2023-04-20 09:40	119.exe 17011725e7f5f634421c0678014b0ef8 RedLine stealer[m] UPX Malicious Library AntiDebug AntiVM OS Processor Check PE32 PE File VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself DNS crashed		1			8.6		36	ZeroCERT

13766	2023-04-20 09:39	vbc.exe a8e1738123e3fa0276eca28516cca103 AgentTesla PWS .NET framework RAT NPKI browser info stealer Generic Malware Google Chrome User Data Downloader UPX Antivirus ScreenShot Create Service Socket DNS PWS[m] Sniff Audio Internet API Escalate priviledges KeyLogger AntiDebug AntiVM .NET EXE PE32 Browser Info Stealer Remcos VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process AppData folder AntiVM_Disk sandbox evasion VM Disk Size Check Windows Browser Email ComputerName DNS Cryptographic key crashed	2 Keyword trend analysis	5	2		17.0	M	32	ZeroCERT

13767	2023-04-20 09:38	vbc.exe 461d24cb775a9ed4fa4c744c1683a345 Loki Loki_b Loki_m PWS .NET framework Hide_EXE Socket DNS PWS[m] AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.6	M	34	ZeroCERT

13768	2023-04-20 07:49	word.exe 7a18c24858f521f7383c6e892ecf7aa5 Generic Malware UPX .NET EXE PE32 PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.0		39	ZeroCERT

13769	2023-04-20 07:47	main.exe 45262284e62e33737f9305bd48c92a87 Generic Malware Antivirus PE64 PE File PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger WMI Creates shortcut ICMP traffic unpack itself powershell.exe wrote suspicious process sandbox evasion WriteConsoleW Windows ComputerName Cryptographic key		2			6.4		24	ZeroCERT

13770	2023-04-19 17:53	Funds_431353.wsf 05b869c9cc7e17a6216b23cc5da83ade VBScript wscript.exe payload download Tofsee crashed Dropper	3 Keyword trend analysis	2	1	2	10.0	M		ZeroCERT