Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
14026	2023-04-20 09:40	vbc.exe 2695bbee65577ccc58e90a792688bd57 PWS .NET framework Hide_EXE Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed		1			13.0	M	46	ZeroCERT

14027	2023-04-20 09:40	119.exe 17011725e7f5f634421c0678014b0ef8 RedLine stealer[m] UPX Malicious Library AntiDebug AntiVM OS Processor Check PE32 PE File VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself DNS crashed		1			8.6		36	ZeroCERT

14028	2023-04-20 09:39	vbc.exe a8e1738123e3fa0276eca28516cca103 AgentTesla PWS .NET framework RAT NPKI browser info stealer Generic Malware Google Chrome User Data Downloader UPX Antivirus ScreenShot Create Service Socket DNS PWS[m] Sniff Audio Internet API Escalate priviledges KeyLogger AntiDebug AntiVM .NET EXE PE32 Browser Info Stealer Remcos VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process AppData folder AntiVM_Disk sandbox evasion VM Disk Size Check Windows Browser Email ComputerName DNS Cryptographic key crashed	2 Keyword trend analysis	5	2		17.0	M	32	ZeroCERT

14029	2023-04-20 09:38	vbc.exe 461d24cb775a9ed4fa4c744c1683a345 Loki Loki_b Loki_m PWS .NET framework Hide_EXE Socket DNS PWS[m] AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.6	M	34	ZeroCERT

14030	2023-04-20 07:49	word.exe 7a18c24858f521f7383c6e892ecf7aa5 Generic Malware UPX .NET EXE PE32 PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.0		39	ZeroCERT

14031	2023-04-20 07:47	main.exe 45262284e62e33737f9305bd48c92a87 Generic Malware Antivirus PE64 PE File PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger WMI Creates shortcut ICMP traffic unpack itself powershell.exe wrote suspicious process sandbox evasion WriteConsoleW Windows ComputerName Cryptographic key		2			6.4		24	ZeroCERT

14032	2023-04-19 17:53	Funds_431353.wsf 05b869c9cc7e17a6216b23cc5da83ade VBScript wscript.exe payload download Tofsee crashed Dropper	3 Keyword trend analysis	2	1	2	10.0	M		ZeroCERT

14033	2023-04-19 17:52	joe.exe 724ad0f724d2aba12940a1eeeede2980 UPX Malicious Library PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself suspicious TLD	3 Keyword trend analysis Info http://www.barefootrestaurantil.com/htqs/?Wz=ICAmXkpg8yDUPQRUvyQOYOmftFyS4aTUj531dBtgwJBSVqZ9sI20XgQnE7PS7zFEssN/PDGq&vB=chrxU http://www.creativeavenueinc.com/htqs/?Wz=ffnFIYSrRTpd7MPzyCwe2L1JbBI6t6tjdC5GdL2BJumhS+yYJbcINhXRfRXQoojP5e7kf28Y&vB=chrxU http://www.worsall.com/htqs/?Wz=eTBOdLg8O8WfPsi/aMZVIrp4p0K8YKCelaR89QpKBJlnv2Ndq6qGVsr5f6/0LBJihsjVfF3N&vB=chrxU	7	1		4.2	M	28	ZeroCERT

14034	2023-04-19 17:51	File_pass1234.7z 5e1b2e866f3aea8355d7a420e85a6eff PWS[m] Escalate priviledges KeyLogger AntiDebug AntiVM suspicious privilege Check memory Checks debugger Creates executable files unpack itself					2.0			ZeroCERT

14035	2023-04-19 17:26	https://pentest.privacyengine.... f8585b31597ed50cd69a8e7bdb961afb Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM MSOffice File icon PNG Format Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	28 Keyword trend analysis Info https://pentest.privacyengine.io/assets/new/js/main.js https://pentest.privacyengine.io/favicon.ico https://pentest.privacyengine.io/assets/plugins/bootstrap/js/bootstrap.min.js https://pentest.privacyengine.io/assets/scripts/jquery.toaster.custom.js https://pentest.privacyengine.io/ https://pentest.privacyengine.io/assets/fonts/inter/Inter-Regular.woff?v=3.15 https://pentest.privacyengine.io/assets/css/google-api-fonts.css https://pentest.privacyengine.io/assets/img/logo.png?v=1 https://www.google.com/recaptcha/api.js?hl=en https://pentest.privacyengine.io/assets/new/css/layout-outer-custom.css?v=1 https://pentest.privacyengine.io/assets/plugins/jquery.validate/jquery.validate.min.1.13.0.js https://pentest.privacyengine.io/assets/img/remove-icon-small.png https://pentest.privacyengine.io/assets/new/plugins/bootstrap/css/bootstrap.css https://pentest.privacyengine.io/assets/scripts/layout-outer-custom.js?v=1 https://pentest.privacyengine.io/assets/new/plugins/summernote.min.js?v=1 https://pentest.privacyengine.io/assets/plugins/autosize.min.js https://pentest.privacyengine.io/assets/plugins/font-awesome/css/font-awesome.css https://pentest.privacyengine.io/assets/plugins/bootstrap-switch/css/bootstrap-switch.min.css https://pentest.privacyengine.io/assets/plugins/jquery.min.js https://pentest.privacyengine.io/assets/new/css/layout-outer.css?v=1 https://pentest.privacyengine.io/assets/plugins/jquery.blockui.min.js https://pentest.privacyengine.io/assets/plugins/toastr-master/toastr.css https://pentest.privacyengine.io/assets/fonts/inter/inter.css https://pentest.privacyengine.io/assets/new/plugins/summernote.min.js https://pentest.privacyengine.io/assets/css/components-rounded.css https://pentest.privacyengine.io/assets/css/themes/dark.css https://pentest.privacyengine.io/assets/new/images/20px/times-circle-modal.svg https://pentest.privacyengine.io/assets/plugins/jquery-migrate.min.js	6	2		4.6			guest

14036	2023-04-19 11:12	WiFiLQMMetrics-2023-04-17-1704... 1661b9f129bfdd9c94bc68262e821622 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.4			guest

14037	2023-04-19 11:11	text 4.txt 537c314b5bf21cbfcb00f0a518535228 ScreenShot AntiDebug AntiVM					0.4			guest

14038	2023-04-19 11:11	text 2.txt 2c14be511e65d886ccdf790072586e50 ScreenShot AntiDebug AntiVM Check memory unpack itself					1.0			guest

14039	2023-04-19 11:10	text 3.txt 3f5ae1d5563837d4bfbbac64c36936c8 ScreenShot AntiDebug AntiVM Check memory unpack itself					1.0			guest

14040	2023-04-19 11:09	PerfPowerServicesSignpostReade... 74866979bc90564336cfa6bd88cc309d AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.4			guest