Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
14026	2021-10-26 09:27	index.php 759a6c2271e358bf787f203f1549d813 Malicious Library UPX PE File OS Processor Check PE32 PDB unpack itself Remote Code Execution					1.4			ZeroCERT

14027	2021-10-26 09:42	DownFlSetup122.exe 6007b1c2218055d3167cdee441c6ad4c Emotet RAT PWS .NET framework Generic Malware UPX PE File PE32 .NET EXE OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Collect installed applications Check virtual network interfaces AppData folder installed browsers check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed	11 Keyword trend analysis Info https://niemannbest.me/?user=p12_4 - rule_id: 6275 https://niemannbest.me/?user=p12_5 - rule_id: 6275 https://niemannbest.me/?user=p12_6 - rule_id: 6275 https://niemannbest.me/?user=p12_7 - rule_id: 6275 https://niemannbest.me/?user=p12_1 - rule_id: 6275 https://niemannbest.me/?user=p12_2 - rule_id: 6275 https://niemannbest.me/?user=p12_3 - rule_id: 6275 https://speeddatingstudio.com/ - rule_id: 5782 https://iplogger.org/1a5jd7 https://iplogger.org/1a4jd7 https://api.ip.sb/ip	16 Info speeddatingstudio.com(104.21.94.228) - mailcious iplogger.org(88.99.66.31) - mailcious querahinor.xyz(45.129.99.59) the-lead-bitter.com(104.21.66.135) - mailcious niemannbest.me(172.67.221.103) - mailcious api.ip.sb(172.67.75.172) 172.67.160.101 172.67.140.223 - mailcious 45.129.99.59 172.67.221.103 104.26.12.31 88.99.66.31 - mailcious 67.198.134.186 111.90.146.149 - malware 193.150.103.37 172.67.188.154	1	8	13.0	M	24	ZeroCERT

14028	2021-10-26 09:43	FastPC.exe 575dfecf7e2f126bd44b67256f066794 RAT Gen1 Gen2 PWS .NET framework Emotet Generic Malware Antivirus Malicious Library UPX Admin Tool (Sysinternals etc ...) Malicious Packer Anti_VM Escalate priviledges AntiDebug AntiVM PE File PE32 PNG Format .NET EXE DLL OS Processor Check PE64 Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Malware AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder suspicious TLD sandbox evasion WriteConsoleW human activity check installed browsers check Tofsee GameoverP2P Zeus Windows Browser ComputerName Trojan Banking Amazon DNS Cryptographic key Software crashed Downloader	3 Keyword trend analysis	17 Info papwli.pw(111.90.146.149) mybrowserinfo.com(104.21.9.4) user.maskvpn.org(98.126.176.51) duzlwewk2uk96.cloudfront.net(54.192.175.191) source7.boys4dayz.com(172.67.148.61) apps.identrust.com(119.207.65.153) vpn.maskvpn.org(98.126.176.53) www.microsoft.com(23.201.37.168) 99.86.144.74 104.21.33.188 67.198.134.186 172.67.130.202 23.206.175.43 111.90.146.149 - malware 3.17.66.208 98.126.176.51 98.126.176.53	8 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY Executable served from Amazon S3 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET DNS Query to a .pw domain - Likely Hostile ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET INFO HTTP Request to a .pw domain		16.8		32	ZeroCERT

14029	2021-10-26 09:57	Sample_20120351252_ISO_003729.... c1f5b864b5ccde85fc6f84e2429cf03b RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	3		15.0		21	ZeroCERT

14030	2021-10-26 09:57	Sample_50120351252_ISO_003725.... 790e94565421337d837cfdfe001adfa5 RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	3		15.4		25	ZeroCERT

14031	2021-10-26 09:59	specification.exe 371c76d36256463a54d34e12d6741720 NSIS Malicious Library UPX PE File PE32 DLL FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files ICMP traffic unpack itself AppData folder	20 Keyword trend analysis Info http://www.agircredit.com/m5cw/?DhA83=pyQ/3Qovfc/RPZMCxW1OunUS9o/5gtBsSz/IO5NXG9CNMrfiYkJ8HHxCBG/KRbNCHZObSuIw&EzuxZr=3fX4qpLxsHG http://www.art-for-a-cause.com/m5cw/ http://www.limitlesschurchbf.com/m5cw/?DhA83=FJ7qf+03OJ299TaeGYRCEgZhI0FCy0KPlWjCSoUTV71bkUOf+2adFNNc+T1Jy75KmXZNbCqV&EzuxZr=3fX4qpLxsHG http://www.art-for-a-cause.com/m5cw/?DhA83=J8VJ8UCC0khwQJPb8jXSgpuDN+WtvXxDYaYel8rzuxdPQ32TBsL8hQV0C7xWeQV4TeCDFs/g&EzuxZr=3fX4qpLxsHG http://www.agircredit.com/m5cw/ http://www.classificationmetallurgie.com/m5cw/ http://www.customsoftwarelogistics.com/m5cw/?DhA83=+S8mLshjf5hvUDGw0RmMlmkW9vRy5Hz2J+O5LZqlmuEIOFnlku0LQHz9Sw/RJOPoOd8q5Iza&EzuxZr=3fX4qpLxsHG http://www.grippyent.com/m5cw/?DhA83=i4icWyR5Y9i2t0xbz2p0H2L6OJRLVM0eNrDAHmVfjhFHrzfGIW3vf7ZP4pCLEbHBwypZOUqc&EzuxZr=3fX4qpLxsHG http://www.wuruixin.com/m5cw/ http://www.customsoftwarelogistics.com/m5cw/ http://www.grippyent.com/m5cw/ http://www.classificationmetallurgie.com/m5cw/?DhA83=/JTTvVUTsa8Y0xLO6KtGC+8GgnhRVvgk70AJBJ4TlCs6p2eL5EP4A9DynmjO2wjoVGTCezE4&EzuxZr=3fX4qpLxsHG http://www.byrdemailplans.xyz/m5cw/?DhA83=c7feWHcm0LII4MK/sCK1JbYS7bcjHAYM2455Rh7sTmKPwd3owB2HX887+DCt26EIPFNWBKVP&EzuxZr=3fX4qpLxsHG http://www.the22yards.club/m5cw/?DhA83=emMSuu7GUcaDa4Oo/eoU+baJRAHOsrVhqwxc30o52Oy/Uh4TjPMUhzrdSct0qi37V/+TpRYI&EzuxZr=3fX4qpLxsHG http://www.runawaypklyau.xyz/m5cw/?DhA83=5Bv/JLUtJrKO/9gZnmFexZq+Xed7eHY5Ibz4cfGRYXJLjLoDi3CrUEok8Uzan4zmfs4GZz2f&EzuxZr=3fX4qpLxsHG http://www.wuruixin.com/m5cw/?DhA83=0EeHxnJ+lNU4xFJNfOARrzBQsLlykirUfGVKXlUPhiG1Vhwkxb1PbSgC0MAJvHsVsTmDYrcN&EzuxZr=3fX4qpLxsHG http://www.the22yards.club/m5cw/ http://www.byrdemailplans.xyz/m5cw/ http://www.runawaypklyau.xyz/m5cw/ http://www.limitlesschurchbf.com/m5cw/	25 Info www.classificationmetallurgie.com(213.186.33.5) www.fbiicrc.com() www.runawaypklyau.xyz(198.54.117.215) www.limitlesschurchbf.com(34.80.190.141) www.customsoftwarelogistics.com(107.180.41.49) www.cheryltesting.com() www.thesharingcorporation.com() www.wuruixin.com(154.208.173.129) www.art-for-a-cause.com(192.0.78.24) www.agircredit.com(66.45.250.214) www.grippyent.com(34.102.136.180) www.aromaessentialco.com() www.the22yards.club(184.168.96.211) www.aragon.store() www.byrdemailplans.xyz(198.54.117.244) 198.54.117.210 - mailcious 154.208.173.129 34.102.136.180 - mailcious 213.186.33.5 - mailcious 198.54.117.244 - phishing 66.45.250.214 34.80.190.141 - mailcious 184.168.96.211 192.0.78.24 - mailcious 107.180.41.49 - mailcious	2		7.0		28	ZeroCERT

14032	2021-10-26 10:00	Sample_70120351252_ISO_003727.... c020d8fb46e6f451db2f6b86d4d92235 PWS Loki[b] Loki.m RAT Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW installed browsers check Windows Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response		15.2		25	ZeroCERT

14033	2021-10-26 10:00	Sample_03018200_ISO_03512328.e... 1044474c0c3401651b09cc8886f4039f RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	5	3		16.2		34	ZeroCERT

14034	2021-10-26 10:00	HBC.exe 6cfd6558634a9284db58748c53c7cf7c AgentTesla browser info stealer Generic Malware Google Chrome User Data UPX Create Service DGA Socket Steal credential DNS Internet API Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot Http API P2P persistence AntiD VirusTotal Malware Buffer PE AutoRuns Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities WriteConsoleW Windows keylogger		2			11.8		25	ZeroCERT

14035	2021-10-26 10:08	ConsoleApp15.exe 9c8282590f9bc40955ca14389309fe86 RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows ComputerName DNS Cryptographic key DDNS crashed	1 Keyword trend analysis	2			11.2		23	ZeroCERT

14036	2021-10-26 10:17	ConsoleApp15.exe 9c8282590f9bc40955ca14389309fe86 RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows ComputerName DNS Cryptographic key DDNS crashed	1 Keyword trend analysis	2			10.2		23	guest

14037	2021-10-26 10:20	ConsoleApp15.exe 9c8282590f9bc40955ca14389309fe86 RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows ComputerName DNS Cryptographic key DDNS crashed	1 Keyword trend analysis	2			10.2		23	guest

14038	2021-10-26 10:25	ConsoleApp15.exe 9c8282590f9bc40955ca14389309fe86 RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows ComputerName DNS Cryptographic key DDNS crashed	1 Keyword trend analysis	2			10.2		23	guest

14039	2021-10-26 10:28	ConsoleApp15.exe 9c8282590f9bc40955ca14389309fe86 RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows ComputerName DNS Cryptographic key DDNS crashed	1 Keyword trend analysis	2			10.2		23	guest

14040	2021-10-26 10:32	ConsoleApp15.exe 9c8282590f9bc40955ca14389309fe86 RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows ComputerName DNS Cryptographic key DDNS crashed	1 Keyword trend analysis	2			10.2		23	guest