Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
14356	2023-03-21 22:52	sample3.exe f1e85e3876ddb88acd07e97c417191f4 AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware suspicious privilege Check memory Checks debugger ICMP traffic unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder Windows ComputerName crashed					7.2		58	guest

14357	2023-03-21 21:23	window_61.data 8e5c17aaaa222861615d346b2291810f AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.4			BRY

14358	2023-03-21 17:48	server.exe 68d4bfeb87777e1c8766088077822341 Generic Malware UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware unpack itself Remote Code Execution					2.0		27	ZeroCERT

14359	2023-03-21 17:36	photo_004.exe b93879979784a7ef5257c890e9d73f97 UPX Malicious Library OS Processor Check PE32 PE File PDB unpack itself					1.0			ZeroCERT

14360	2023-03-21 17:26	Blotlg1NOUSE.vbs 78a900693c638974a061a547f55ea676 Generic Malware Antivirus Remcos VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut unpack itself suspicious process suspicious TLD anti-virtualization Windows ComputerName DNS Cryptographic key crashed	3 Keyword trend analysis	5	2		8.4	M	1	ZeroCERT

14361	2023-03-21 17:25	Jubilets1.vbs d79593a6fb6c636a50334085b9d6018b Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process Windows ComputerName Cryptographic key crashed					7.8		20	ZeroCERT

14362	2023-03-21 13:41	Lst.exe 163d4e2d75f8ce6c838bab888bf9629c Gen1 UPX Malicious Library Malicious Packer Anti_VM OS Processor Check PE64 PE File DLL ZIP Format VirusTotal Malware Check memory Creates executable files unpack itself crashed					2.2		8	ZeroCERT

14363	2023-03-21 10:21	j6418a06081c941.29196432.js 75293cec307cbd04d23b935d9b931194 crashed					0.2			ZeroCERT

14364	2023-03-21 10:21	j6418a0613a7d18.89805382.js 2e37b17c6a51dc28a37449055a305efa unpack itself crashed					0.6			ZeroCERT

14365	2023-03-21 10:19	photo_004.exe 46748c64f38cbf845c1802db5b367ed2 Generic Malware UPX Malicious Library OS Processor Check PE32 PE File unpack itself Remote Code Execution					1.2	M		ZeroCERT

14366	2023-03-21 10:18	rw001ext.exe 0ad8d4cffac5f713a2ef3b2c72a84e29 Gen2 Generic Malware UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware unpack itself					1.2	M	8	ZeroCERT

14367	2023-03-21 10:15	vbc.exe ca19b29e80779c0f9d74604b3d17940e UPX Malicious Library PE32 PE File FormBook Malware download Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself	18 Keyword trend analysis Info http://www.gritslab.com/u2kb/ - rule_id: 28002 http://www.222ambking.org/u2kb/?M_CK7q=IEUpLmGg2fqLmrhwD8IHX/zhiiNjbOQDFcodV2ACJcW4bHSQscR3Nc4uRx31p3m0gGv03uToPch8hDrce1eNAdUBSmpSNalx6DQXGQo=&FF0d0r=D1sVN3y9bV_x-fV8 - rule_id: 28004 http://www.shapshit.xyz/u2kb/ - rule_id: 28008 http://www.thedivinerudraksha.com/u2kb/?M_CK7q=im5SXjRwbJIZeY2yetpTdO7N29MJtck2UhYi2fNZ2Kf/X7lq2SPRiB6LR8y/FeM3y7tdA/WTtliq4uHTfapDkaA0PJ0fXInXaKlPglI=&FF0d0r=D1sVN3y9bV_x-fV8 - rule_id: 28009 http://www.bitservicesltd.com/u2kb/?M_CK7q=rr+sOBvEXsBdGevUk44F/k+BAr88zC1YNHmXivr92FQhRIIYsedR2a+6GoV1WAKeGdj+MTdX512lJXz4UaWEmNABCelIWOCZ3yhH4Z4=&FF0d0r=D1sVN3y9bV_x-fV8 - rule_id: 28003 http://www.energyservicestation.com/u2kb/ - rule_id: 28005 http://www.thewildphotographer.co.uk/u2kb/ - rule_id: 28007 http://www.shapshit.xyz/u2kb/?M_CK7q=Yd5Rzn4EVOpL1Cl/eY8jjeGdoEKZlYBpl8BtE0ZhlgLGbR5cH1Fn7sihS3XP3GCDon1xi4vL0lQ4XtydV6BMyXIOMzObAfzgUMU2ykM=&FF0d0r=D1sVN3y9bV_x-fV8 - rule_id: 28008 http://www.thedivinerudraksha.com/u2kb/ - rule_id: 28009 http://www.thewildphotographer.co.uk/u2kb/?M_CK7q=pn+zaWXo7szcfRSxp4kAcR5iap+7ulP+x3705F5u21IqvN9WG9kcDL2FxdXl2W/5MjovaUotkmG6JgF/Eyaa9PeBR2yUVivPQ+uGbEI=&FF0d0r=D1sVN3y9bV_x-fV8 - rule_id: 28007 http://www.gritslab.com/u2kb/?M_CK7q=ydCzFiH7iMWnz6xHMKiyYVGDKfWH5+fYQUsmgPEoYCSsyD6HgT3yOGCjssC2N8mKn+GjINYvhr7iKNezbHZCh47jo+mhlV2uXG5eH60=&FF0d0r=D1sVN3y9bV_x-fV8 - rule_id: 28002 http://www.white-hat.uk/u2kb/?M_CK7q=PXfMycAZpTAipct8YN0l/5TWhYE4yPgF2k7967nf/qU1A0mUqq9Jlnm9rK8XSf3D04yKTuePtKPnTCgwye3M0h5ZtqacmtcmNe/sHow=&FF0d0r=D1sVN3y9bV_x-fV8 - rule_id: 28001 http://www.bitservicesltd.com/u2kb/ - rule_id: 28003 http://www.younrock.com/u2kb/?M_CK7q=05tPwqSdqXO2xf32BmsnsHpgCfZIa2c80hhB3sQ3FFDNPs5AZDU6TyUQmX911UO6Ssjq2b6k9nBD4uDOZrqd7XHQTF+IIpbM/DoOhU4=&FF0d0r=D1sVN3y9bV_x-fV8 - rule_id: 28006 http://www.energyservicestation.com/u2kb/?M_CK7q=IK59b/MdFRha+CUVM3V2TqbXgrTjD6F66TLC1fPPNwLnZq29gpb1hRWNlrDr258EhEsSnFmalKQEmudxTrusBmUmj2xyJgahFTdaUmU=&FF0d0r=D1sVN3y9bV_x-fV8 - rule_id: 28005 http://www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip http://www.222ambking.org/u2kb/ - rule_id: 28004 http://www.younrock.com/u2kb/ - rule_id: 28006	19 Info www.thewildphotographer.co.uk(198.58.118.167) - mailcious www.gritslab.com(78.141.192.145) - mailcious www.shapshit.xyz(199.192.30.147) - mailcious www.energyservicestation.com(213.145.228.111) - mailcious www.222ambking.org(91.195.240.94) - mailcious www.bitservicesltd.com(161.97.163.8) - mailcious www.thedivinerudraksha.com(85.187.128.34) - mailcious www.white-hat.uk(94.176.104.86) - mailcious www.younrock.com(192.187.111.222) - mailcious 91.195.240.94 - phishing 85.187.128.34 - mailcious 78.141.192.145 - mailcious 199.192.30.147 - mailcious 213.145.228.111 - mailcious 94.176.104.86 - mailcious 81.17.29.148 - mailcious 161.97.163.8 - mailcious 45.33.6.223 173.255.194.134	3	17 Info http://www.gritslab.com/u2kb/ http://www.222ambking.org/u2kb/ http://www.shapshit.xyz/u2kb/ http://www.thedivinerudraksha.com/u2kb/ http://www.bitservicesltd.com/u2kb/ http://www.energyservicestation.com/u2kb/ http://www.thewildphotographer.co.uk/u2kb/ http://www.shapshit.xyz/u2kb/ http://www.thedivinerudraksha.com/u2kb/ http://www.thewildphotographer.co.uk/u2kb/ http://www.gritslab.com/u2kb/ http://www.white-hat.uk/u2kb/ http://www.bitservicesltd.com/u2kb/ http://www.younrock.com/u2kb/ http://www.energyservicestation.com/u2kb/ http://www.222ambking.org/u2kb/ http://www.younrock.com/u2kb/	3.4	M		ZeroCERT

14368	2023-03-21 10:15	vbc.exe 506b8329e83dc58c82c251756ca342b7 Loki Loki_b Loki_m PWS .NET framework Hide_EXE Socket DNS PWS[m] AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.6	M	34	ZeroCERT

14369	2023-03-21 10:13	photo_004.exe 8c641e565b13fc56efdcd7658956accf Generic Malware UPX Malicious Library OS Processor Check PE32 PE File unpack itself Remote Code Execution					1.2	M		ZeroCERT

14370	2023-03-21 10:11	man.exe 87be1ac6122ed0c75b3af80696b9e686 PWS .NET framework Hide_EXE KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1		11.6	M	31	ZeroCERT