Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	VT	Player
14326	2021-11-01 10:43	trendmicro.dll 97a33f10e994d32f43404eac8ff3bb02 Generic Malware Malicious Library UPX PE64 PE File OS Processor Check DLL VirusTotal Malware Checks debugger RWX flags setting unpack itself crashed		1		2.4	38	ZeroCERT

14327	2021-11-01 10:44	HostKfkk.exe 9a9f389d7aa1a7e0ded19e72fa02e0f5 NetWire RAT Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware Checks debugger ComputerName DNS DDNS		2	1	2.4	51	ZeroCERT

14328	2021-11-01 10:45	8093mm.exe 3ea7bd2fb52842ea458767db3b9a3189 Generic Malware Malicious Packer PE File PE32 .NET EXE Malware download Nanocore VirusTotal Malware c&c Buffer PE suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI unpack itself human activity check Windows ComputerName DNS DDNS		2	2	7.4	57	ZeroCERT

14329	2021-11-01 10:46	Host.exe 21c97621d2f2374fa75d71282c566203 NetWire RAT Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware Checks debugger ComputerName DNS DDNS		2	1	2.4	57	ZeroCERT

14330	2021-11-01 10:47	base.exe f57bdd60bb3a62ef26fd919c6df79bab RAT PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS crashed		1		11.2	47	ZeroCERT

14331	2021-11-01 10:48	mtscs1.exe d8199ffefdb5ea119453d489a450f794 RAT PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS crashed		1		11.6	34	ZeroCERT

14332	2021-11-01 10:51	B-Server.exe b10006163a7219e99b2049a680226d2a RAT PWS .NET framework Generic Malware Malicious Library UPX PE File OS Processor Check PE32 .NET EXE Malware PDB Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder WriteConsoleW Tofsee Windows Remote Code Execution Cryptographic key crashed	3 Keyword trend analysis	2	1	4.8		ZeroCERT

14333	2021-11-01 10:51	oldmystat.dll 022bc73fb9791a575e7799c81158b70a PE64 PE File DLL VirusTotal Malware Checks debugger RWX flags setting unpack itself crashed		1		2.4	34	ZeroCERT

14334	2021-11-01 10:53	AsyncClient7842.exe 56d21a87c6fa6866a2eea06b1de91add RAT PWS .NET framework Generic Malware Malicious Packer Malicious Library UPX PE File OS Processor Check PE32 .NET EXE Malware download AsyncRAT Dridex NetWireRC TrickBot VirusTotal Malware Kovter DNS DDNS		2	3	1.6	46	ZeroCERT

14335	2021-11-01 10:55	46.exe b09c4c58f6aa6f8e254bc2dfba806166 Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution DNS		1		3.2	48	ZeroCERT

14336	2021-11-01 10:58	oldmystat3.dll f27bb2f94b96d532e6ba900cab2527fd PE64 PE File DLL VirusTotal Malware Checks debugger RWX flags setting unpack itself crashed		1		2.4	35	ZeroCERT

14337	2021-11-01 10:59	vbc.exe 931568b982ac42dd2edc68ff203ec101 Emotet Gen2 RAT PWS .NET framework Gen1 Formbook NSIS Generic Malware Malicious Library UPX Malicious Packer Antivirus Admin Tool (Sysinternals etc ...) Anti_VM ASPack PE File PE32 OS Processor Check DLL Browser Info Stealer Emotet VirusTotal Malware AutoRuns Code Injection Check memory Creates executable files unpack itself AppData folder installed browsers check Windows Browser				6.2	59	ZeroCERT

14338	2021-11-01 11:00	8903.exe 524b7776639249ac57f6575cc4f05ab1 Generic Malware Malicious Packer PE File PE32 .NET EXE Malware download Nanocore VirusTotal Malware c&c Buffer PE suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI unpack itself human activity check Windows ComputerName DNS DDNS		2	2	7.4	59	ZeroCERT

14339	2021-11-01 11:00	chrome.exe 1960c94cc1339a2abd841a7d97f1274c PWS Loki[b] Loki.m RAT .NET framework Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software	2 Keyword trend analysis	4	8 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2	15.6	26	ZeroCERT

14340	2021-11-01 11:01	vbc.exe 781932d5e3cf1b9e902ee2ea8c48f572 NSIS Malicious Library UPX PE File PE32 OS Processor Check DLL Emotet VirusTotal Malware Code Injection Check memory Creates executable files unpack itself AppData folder				4.6	40	ZeroCERT