Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	VT	Player
14461	2021-11-03 08:04	rgncszyk9i eabc01068b757619a20ba4d45d5f09dd Generic Malware AntiDebug AntiVM VirusTotal Email Client Info Stealer Malware Code Injection Check memory Checks debugger unpack itself Browser Email					3.6	13	ZeroCERT

14462	2021-11-03 09:24	dchampzx.exe c9e03da39c35a2846bdc5307f91b0937 RAT PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName Cryptographic key Software crashed keylogger					11.0	14	ZeroCERT

14463	2021-11-03 09:24	RFQ_ref-0555017803309077.exe ffd5ac4a81ab318479630ae92a16afb0 RAT Generic Malware UPX SMTP KeyLogger AntiDebug AntiVM PE File OS Processor Check PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	3		14.6	25	ZeroCERT

14464	2021-11-03 09:26	2u57ldpor8 2128b1e48b141fb28a965c8057ae2a8e Generic Malware AntiDebug AntiVM VirusTotal Email Client Info Stealer Malware Code Injection Check memory Checks debugger unpack itself Browser Email					3.4	3	ZeroCERT

14465	2021-11-03 09:26	5276_1635853805_2882.exe def4628c708f82bcd032e16eda77114f Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution					2.8	32	ZeroCERT

14466	2021-11-03 09:28	toolspab2.exe ffe2ecadaff02f25791f119a6afb0367 Malicious Library UPX AntiDebug AntiVM PE File OS Processor Check PE32 Malware PDB Code Injection Checks debugger buffers extracted unpack itself Remote Code Execution					6.4		ZeroCERT

14467	2021-11-03 09:28	sufile.exe 1b0567aec48fecb29e3c14bc0fc11442 Malicious Library UPX PE File OS Processor Check PE32 PDB unpack itself Remote Code Execution					1.4		ZeroCERT

14468	2021-11-03 09:30	vbc.exe afbc8496a860b67a11981b3d601fb0cd Loki PWS Loki[b] Loki.m .NET framework Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	2 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	12.6	25	ZeroCERT

14469	2021-11-03 09:31	2u57ldpor8 2128b1e48b141fb28a965c8057ae2a8e Generic Malware Antivirus VirusTotal Malware Check memory unpack itself WriteConsoleW Windows Cryptographic key					1.4	3	guest

14470	2021-11-03 09:32	bluezx.exe 0ae7ee7c44c7c3ddaa8063dfc7019ddd RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	11 Keyword trend analysis Info http://www.sumiyoshiku-gakukansetusyo.xyz/w8n5/?D8yp=tUyO03cvQG7bRmAQPqMaB9gkwPfdlAflVJ5wM71yGn8RbCihbKLNdJWpPgyuCwy0k79EP4aF&NTxxAl=Ip0xl4 http://www.tonaprawdeniesamowite.xyz/w8n5/?D8yp=9yZQaNReIqULvR9xYm4idCFN7J6aYQ1Cokq8C/pJlbuIyZhCCHVrd6k7RbZpDFsk4A9rBBuu&NTxxAl=Ip0xl4 http://www.lovin-buy.com/w8n5/?D8yp=rRDLoj4daa0rp5/R5bFhg7NGL4kXLuqlBH+2df1GxcZlgWtSVQcinV4NTFWSSlzLqHXK37Hk&NTxxAl=Ip0xl4 http://www.namesaketransport.com/w8n5/?D8yp=s57wpJNdO4+A7Q85/oNuE5J8OFeEJTCZ15LUR8qx7jIUD9qOoa/4vzQ2aBP9p18R7ZxlCM29&NTxxAl=Ip0xl4 http://www.yanposta.com/w8n5/?D8yp=52NY2U7fzTicMaeNgrbkgoL1JFsSItZKJC3dEJyqYjAPSs/hKkcncJrZUnqOUNss5Ad05hrC&NTxxAl=Ip0xl4 http://www.circularsmart.city/w8n5/?D8yp=9WQFMPWdib5G4HzwhC6+G8emmLJtU9zysoWZZ9LUziXuVr2xa9QQSh3IejLjko9UlMnth4NX&NTxxAl=Ip0xl4 http://www.fourjmedia.com/w8n5/?D8yp=Krsevr0dBNA6U0qXb+BCLUY6buAyCdOHDUjLBmAGWGOQ3Ze2Ibajo3+QR099G4GpNWEn4ARy&NTxxAl=Ip0xl4 http://www.listingpresentationclass.com/w8n5/?D8yp=5ZT2mdDjz7GwyVccbSofQDaxa5tZqdHS8kUXGcWQqjRnFNdvkNvyTlQSxtwdKgsySf0zJwm7&NTxxAl=Ip0xl4 http://www.jftbd.com/w8n5/?D8yp=xv+gHryqYa2716qct8Xd21F5FsAnoSGHxOp/4HzACQTX/7Dz0qvK5D53tf7Yn1pgASTXLeTy&NTxxAl=Ip0xl4 http://www.healthylifefit.com/w8n5/?D8yp=lJWWA5aBh46N92heDDS49WCIWmjly1yHFRflQw+sTsExTsw9NJW/cKanF9yPADlZOkaxaMiH&NTxxAl=Ip0xl4 http://www.takipdiyari.com/w8n5/?D8yp=ozuSLim1j6ltIRcYnsnRXRtd9FZ88WTQaBNdAHF+aKydPDFhwDv0cxHJrKVRVCnGn8jvTsjH&NTxxAl=Ip0xl4	23 Info www.listingpresentationclass.com(66.96.162.147) www.circularsmart.city(198.54.117.215) www.yanposta.com(167.86.123.116) www.fourjmedia.com(192.0.78.25) www.sebasfernandezart.com(192.185.161.71) www.lovin-buy.com(54.169.53.77) www.tonaprawdeniesamowite.xyz(198.54.117.244) www.jftbd.com(136.243.90.249) www.takipdiyari.com(213.238.180.161) www.namesaketransport.com(182.50.132.242) www.healthylifefit.com(104.16.13.194) www.sumiyoshiku-gakukansetusyo.xyz(202.172.25.32) 198.54.117.218 - mailcious 66.96.162.147 - mailcious 213.238.180.161 104.16.12.194 - mailcious 136.243.90.249 198.54.117.244 - phishing 182.50.132.242 - mailcious 167.86.123.116 202.172.25.32 192.0.78.24 - mailcious 54.169.53.77	2		8.0	21	ZeroCERT

14471	2021-11-03 09:32	5235_1635877107_9687.exe ad2aeeed3c1899a09883b066a510a080 RAT NPKI Generic Malware PE64 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself					2.4	24	ZeroCERT

14472	2021-11-03 09:32	vbc.exe 25f96c94111ab7aee15248590435ccfa RAT PWS .NET framework Generic Malware PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself					2.8	24	ZeroCERT

14473	2021-11-03 09:34	invc_000020000002.wbk a3ea16e265e319b74dd1373d7e83916d RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Exploit DNS crashed Downloader	1 Keyword trend analysis	1	2		4.6	35	ZeroCERT

14474	2021-11-03 09:35	.wininit.exe ae442bf7856a39e487b74862733b7ddc Loki PWS Loki[b] Loki.m .NET framework Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software	2 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.0	20	ZeroCERT

14475	2021-11-03 09:38	1108_1635853874_9754.exe 707509873f3c2af9d5e08b3213465205 RAT Generic Malware UPX Antivirus AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Collect installed applications powershell.exe wrote Check virtual network interfaces suspicious process AppData folder suspicious TLD WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key crashed Downloader	2 Keyword trend analysis	5	1		10.0	30	ZeroCERT