Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	VT	Player
14386	2021-11-01 18:32	open.exe dffc949523ddd2ac73b8a498979c836a Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					2.0	28	ZeroCERT

14387	2021-11-01 18:34	177.exe 6093a7ccaec758a86ee4fb3bd81636db RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1			10.8	23	ZeroCERT

14388	2021-11-02 07:46	csrss.exe c49da1c22e3983feb875ac2ba5e5188e RAT PWS .NET framework Generic Malware PE File PE32 .NET EXE VirusTotal Malware					1.4	34	ZeroCERT

14389	2021-11-02 08:01	csrss.exe c49da1c22e3983feb875ac2ba5e5188e Loki PWS Loki[b] Loki.m RAT .NET framework Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software	2 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	14.4	34	ZeroCERT

14390	2021-11-02 10:02	csrss.exe c49da1c22e3983feb875ac2ba5e5188e Loki PWS Loki[b] Loki.m RAT .NET framework Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	2 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	14.2	40	guest

14391	2021-11-02 10:39	csrss.exe c49da1c22e3983feb875ac2ba5e5188e Loki PWS Loki[b] Loki.m RAT .NET framework Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software	2 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	14.6	42	guest

14392	2021-11-02 11:02	pad.vbs 5754e7195a41fe5b5d32d7ca3764c049 Generic Malware Antivirus AntiDebug AntiVM VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger heapspray Creates shortcut unpack itself Disables Windows Security suspicious process WriteConsoleW Windows ComputerName Cryptographic key					7.8	8	ZeroCERT

14393	2021-11-02 11:04	Purchase%20order.exe 77b25a72ece714eaad2b52064082108a RAT Generic Malware PE File PE32 .NET EXE Malware PDB MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee DNS	1 Keyword trend analysis	2	3		2.8		ZeroCERT

14394	2021-11-02 11:05	panmug.exe e917267d185a6a53998fe6abf3eaef49 Themida Packer PE64 PE File VirusTotal Malware unpack itself Windows crashed					3.0	44	ZeroCERT

14395	2021-11-02 11:06	Purchase%20order.exe 77b25a72ece714eaad2b52064082108a RAT Generic Malware PE File PE32 .NET EXE VirusTotal Malware PDB MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee DNS	1 Keyword trend analysis	2	3		4.0	45	ZeroCERT

14396	2021-11-02 11:07	vbc.exe ad1d7fc9f1ed29a7d4b10bc79acb9031 PWS .NET framework Generic Malware PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself ComputerName					2.0	16	ZeroCERT

14397	2021-11-02 11:07	vcredist_2010.exe 814166158551168419ccd66678c3349c RAT PWS .NET framework Gen2 Gen1 Emotet Generic Malware NSIS Malicious Library UPX Malicious Packer PE File PE32 .NET EXE OS Processor Check DLL .NET DLL MSOffice File GIF Format PE64 PNG Format VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Auto service Check virtual network interfaces suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check installed browsers check Windows Browser ComputerName DNS	16 Keyword trend analysis Info http://185.254.240.239/Vv/1/vcredist_2013_x64.exe http://185.254.240.239/Vv/1/RuntimeBrokerBin_64.zip http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl http://185.254.240.239/Vv/1/RuntimeBroker_64.zip http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl http://185.254.240.239/Vv/1/process.json http://185.254.240.239/Vv/1/PcapDotNet.Analysis_64.dll http://185.254.240.239/Vv/1/vcredist_2010_x64.exe http://185.254.240.239/Vv/1/WinPcap_4_1_3.exe http://185.254.240.239/Vv/resource.json http://185.254.240.239:88/log http://185.254.240.239/Vv/1/PcapDotNet.Packets_64.dll http://185.254.240.239/Vv/1/PcapDotNet.Base_64.dll http://185.254.240.239/Vv/1/PcapDotNet.Core_64.dll http://185.254.240.239/Vv/1/PcapDotNet.Core.Extensions_64.dll	2	6 Info ET INFO Dotted Quad Host ZIP Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO Executable Download from dotted-quad Host ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request		14.0	35	ZeroCERT

14398	2021-11-02 11:08	vbc.exe dfbc682c1aa340c3e87e37883b385d15 Loki PWS Loki[b] Loki.m RAT .NET framework Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW installed browsers check Windows Browser Email ComputerName Software	2 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	14.0	25	ZeroCERT

14399	2021-11-02 11:09	vbc.exe 4d59e5ab4c747e1dbcdf25bd13eb54ec Loki PWS Loki[b] Loki.m .NET framework Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software	2 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.0	18	ZeroCERT

14400	2021-11-02 11:10	.wininit.exe a1e313336f30f6f1e0ef11480dd1ab58 Loki PWS Loki[b] Loki.m .NET framework Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	2 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	11.8		ZeroCERT