Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
14251	2023-04-07 16:40	server.exe bb8563b2aa2335abe99a45888e2a47d1 UPX Malicious Library Malicious Packer Antivirus OS Processor Check PE32 PE File VirusTotal Malware Check memory suspicious TLD sandbox evasion Browser DNS		2	1		2.8	M	57	ZeroCERT

14252	2023-04-07 13:08	document.wflow e4bf82ac50b2927b6cf58157f3533173 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.4			BRY

14253	2023-04-07 09:29	Kcx.wsf 09aa1bb82cf6ef97e2ae293771003980 Generic Malware Admin Tool (Sysinternals etc ...) Antivirus AntiDebug AntiVM powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key	10 Keyword trend analysis Info https://medano355condominio.com/Tt7l/5Xw6adU3NwN https://antoinettegabriel.com/YuUE/Z13Oi https://choicefaz.com.br/w1W2/4vqbzC8bnMPA https://seicas.com/KvtM0/kEyvOkIm09G http://milleniuninformatica.com.br/Le9/tYwCvKRlFhBi https://alzheimersdigest.net/ZKpva/bLIjjmIOqXF https://t-lows.com/ggAJ2m/tRKRnFP71 https://stealingexcellence.com/rVR9r/jteAn https://qassimnews.com/yweNej/69FKiaRgsx https://farmfutures.in/tlUtBc/B8ohS3sJsg9				5.6			ZeroCERT

14254	2023-04-07 09:29	RP_April_pJ(8037).wsf 37f6eccdb016d869bf3b87e6a8e0cf90 Generic Malware Antivirus AntiDebug AntiVM powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key	6 Keyword trend analysis				5.6			ZeroCERT

14255	2023-04-07 09:28	RP_April_Ahw(92).wsf 94716ca9675a68da4e7fd4d9a878767f Generic Malware Antivirus AntiDebug AntiVM suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key	6 Keyword trend analysis				5.6			ZeroCERT

14256	2023-04-07 09:12	crypt.exe 2936c28076b8434601dba5322b3bef97 UPX Malicious Library PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	6 Info ET INFO HTTP POST Request to DuckDNS Domain ET INFO DYNAMIC_DNS HTTP Request to a .duckdns .org Domain ET INFO DYNAMIC_DNS Query to a .duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA HTTP unable to match response to request		10.8	M	44	ZeroCERT

14257	2023-04-07 09:10	rrrr.exe 5010f50fdbbebde8c86d9944dd9545a5 UPX Malicious Library PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	6 Info ET INFO DYNAMIC_DNS Query to a .duckdns .org Domain ET INFO DYNAMIC_DNS Query to .duckdns. Domain ET INFO HTTP POST Request to DuckDNS Domain ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA HTTP unable to match response to request		11.2	M	44	ZeroCERT

14258	2023-04-07 09:08	svchost.exe 04c9852d75f4ed4e56393bf22360615c RAT UPX OS Processor Check .NET EXE PE32 PE File VirusTotal Malware AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder Windows DNS	1 Keyword trend analysis	3	1		7.8	M	51	ZeroCERT

14259	2023-04-07 09:08	Group.exe 1fafdd34af756e21bd454f3b1cc8f7c2 PWS .NET framework .NET EXE PE32 PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself crashed					2.6	M	35	ZeroCERT

14260	2023-04-06 18:23	beeeb8705255d18dafdea0f550125d... 24b23cc20bc799baaa1cc94e0b9b08fe Gen1 Emotet Generic Malware UPX Malicious Library ASPack OS Processor Check PE64 PE File DLL ZIP Format VirusTotal Malware Check memory Creates executable files					2.4	M	40	ZeroCERT

14261	2023-04-06 18:19	rt.php.ps1 3227cac1eb494c82921cb69be4225f87 NPKI Generic Malware Antivirus VirusTotal Malware powershell Check memory heapspray unpack itself WriteConsoleW Windows Cryptographic key					2.0		1	ZeroCERT

14262	2023-04-06 18:18	25e0a8e3b75e5695fcd18aa97568d5... d02ac7b008243704a4d4b5b16764ada8 Malicious Library AntiDebug AntiVM PE32 PE File VirusTotal Malware PDB Code Injection Checks debugger buffers extracted unpack itself Windows crashed					7.4	M	47	ZeroCERT

14263	2023-04-06 18:15	3d3945e01d7a9e5e31c269d68d47ce... 981f31d8563f1854794233d77336eb4f UPX Malicious Library AntiDebug AntiVM OS Processor Check PE32 PE File VirusTotal Malware PDB Code Injection Checks debugger buffers extracted unpack itself					7.2	M	53	ZeroCERT

14264	2023-04-06 16:33	olBiRE187.bin aa11ed1b7ac038ce74a44dee932d835b AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.4			guest

14265	2023-04-06 10:11	DHL Express_9552656186.exe e343faf5fe885af866a45e8922e3e012 Loki_b Loki_m PWS .NET framework Socket DNS PWS[m] AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software crashed	2 Keyword trend analysis	1	5 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	1	14.0		52	ZeroCERT