| 14476 |
2021-11-03 09:38
|
 vbc.exe a81af331102829201d998ae29328d883
RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
9
http://www.asportrans.com/sb6n/?svXtHJ=x/3EwR4CxJWqlECF+jlquKvrRweTZngRrFRYi7OnKvU9TuyFybP8RVGjhBtQ3cq8+KUqOfWp&2dz=o8bda
http://www.schoolx.space/sb6n/?svXtHJ=mqup/Tf7RIj6qxbRg+FOjQYCMRPQi/xbxX3g5DtTrICB2hhUx3aDU3CNzu/uB9vuqOdJtDmy&2dz=o8bda
http://www.kanesia.com/sb6n/?svXtHJ=wIcgZJCxkKKFIF4UcPudAxTYRoV4qpjAqdIo0YkaZxJ6o5RdRM3GlEcPI89HBKL2kbNihkJm&2dz=o8bda
http://www.epicmoments360.com/sb6n/?svXtHJ=8fAQyVuoY7KRZhTqLxIIegUIgQF/9nMjVcikCZ+kmlOh/O+FXfoC0PxlDFZFx2zZhRcu4Vdx&2dz=o8bda
http://www.prodom.online/sb6n/?svXtHJ=7C6xjYpWiVPMq86olVcmOojm4YirGFhLS7hTqY5sMLWF91MMaf39EXTDBcFpuwzIiE0Q9o3o&2dz=o8bda
http://www.homeyhousy.com/sb6n/?svXtHJ=gZXSnB00P/Q0RIw37TXAEzbPD/RucHpXGJBUX7YQhNS3UKFTk2stpvn1xTNeZwp4x7CqfMD4&2dz=o8bda
http://www.okantis.net/sb6n/?svXtHJ=7pykWEgCZf9smqXmc2amKQ39BY4rEhWyUUNMpB6/q1oh1LInjAstJetpGp5HpVQgPkjxjAwp&2dz=o8bda
http://www.rewoodlovro.quest/sb6n/?svXtHJ=r8EwbxqnvpIYeh/wO3onrT1TJH6X+zyvF0O0qQXgabntiVya8xMmI3gmKbBRyT7YiRM1s9qk&2dz=o8bda
http://www.intervalagency.com/sb6n/?svXtHJ=ca73lkSLOs3021OZ4o8ztW6eUrA/SJrsMZLogRPw/xqA0Vie3qhUcka0XofFp66ndHTLWP/z&2dz=o8bda
|
20
www.kanesia.com(203.28.49.137)
www.schoolx.space(185.215.4.14)
www.homeyhousy.com(34.102.136.180)
www.prodom.online(31.31.198.209)
www.rewoodlovro.quest(37.123.118.150)
www.okantis.net(217.70.184.50)
www.intervalagency.com(34.117.168.233)
www.id-434563.site()
www.asportrans.com(51.79.72.55)
www.epicmoments360.com(198.185.159.145)
www.best5amazon.com()
34.117.168.233
37.123.118.150 - mailcious
34.102.136.180 - mailcious
217.70.184.50 - mailcious
51.79.72.55
185.215.4.14 - mailcious
31.31.198.209
198.185.159.145 - mailcious
203.28.49.137
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
8.0 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14477 |
2021-11-03 09:39
|
 vbc.exe fc7595f0624a1cad2d0d8c2155065d67
PWS Loki[b] Loki.m .NET framework Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software |
1
http://bbelectronics.xyz/five/fre.php
|
2
bbelectronics.xyz(104.21.84.25)
104.21.84.25
|
6
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
|
|
13.0 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14478 |
2021-11-03 09:41
|
 rundll32.exe 0362c14d2b1389973027a71faa08d013
NSIS Malicious Library UPX PE File PE32 OS Processor Check DLL VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder |
11
http://www.skin4trade.com/yrcy/?Q2J=2ebRQTI/pNMxqCBe0h7MquAAnLVJt3LXhIxkkHZMBDwVd63pdWgA/U+BAqtzfUdwYvXWANqM&3f_XA=hpZXWrzxUPfpU460
http://www.drmichaelirvine.com/yrcy/?Q2J=aw6RPX4C+h2jRvxSKzrdN77eUH6zVw/uBwCUGBgH66uHu3DhjC1vmmh9WqU0RPTTS1I3MpdI&3f_XA=hpZXWrzxUPfpU460
http://www.cletechsolutions.com/yrcy/?Q2J=6oj+cRAbTTzt/2NBJRHF0KzLhmFT0afQnvz1X6yVwGfVu9zh+SVYbLRsBqi/up4gZGLNczfN&3f_XA=hpZXWrzxUPfpU460
http://www.certidaoja.com/yrcy/?Q2J=2STKbn6S1T/DsyanOK2Ha9M0t4IXH/juVnAoegb5vtHBf3PYbBf4xwu2U3ZJH68ioeHd6W0D&3f_XA=hpZXWrzxUPfpU460
http://www.boraviajar.website/yrcy/?Q2J=xgKSkpShHNAI7tN4C4ihJGvxSZi5QC5kqEH1E7OrqywLRYaYWb/614Rhw66pXiS1YHUKYEcm&3f_XA=hpZXWrzxUPfpU460
http://www.servicesitcy.com/yrcy/?Q2J=OzT5Kgogcfa2m/rN5I4GXN43s0X5NcPImpThPzCAgeve7satzTJ0I6SdUWkzkMw2WgeaZXMj&3f_XA=hpZXWrzxUPfpU460
http://www.shopvintageallure.com/yrcy/?Q2J=iR6icyAG5qbROQOE+puwuf7Eqk2frf0JSC5eXEZSJFvjgjfWFMvRs5gE1q0GoheX8zH1DpAA&3f_XA=hpZXWrzxUPfpU460
http://www.kymyra.com/yrcy/?Q2J=3ogv6bzFHfLn7VYVVblVN0m+XFAqVDWG91g7sP77Zgb7+jX2xbPsIoUSZc/+sASQWUYNjkTA&3f_XA=hpZXWrzxUPfpU460
http://www.workerscompfl1.com/yrcy/?Q2J=v7uhzqxdVE4SqOwlUNUHJhsYFShuFcyud5s4FQa9exy1ydsUebHf3DsshfGZM9gXbmjgSaig&3f_XA=hpZXWrzxUPfpU460
http://www.dairatwsl.com/yrcy/?Q2J=e/RF5WkoBurfC9A70hYVOLL0JiY85m+wPQ7mJBVhAbkMJKQBASQfBfdR/akm2hHY700q4f3X&3f_XA=hpZXWrzxUPfpU460
http://www.waltersswholesale.com/yrcy/?Q2J=bjvlSagkIqA/xYQLMKHnsD3+tBCCfZcSe/U94TY243Q1FR+qY1NInJAoDmwwktJSWU+KPkrN&3f_XA=hpZXWrzxUPfpU460
|
24
www.kymyra.com(34.102.136.180)
www.dairatwsl.com(62.77.153.150)
www.boraviajar.website(172.67.217.247)
www.certidaoja.com(34.102.136.180)
www.drmichaelirvine.com(54.71.30.209)
www.servicesitcy.com(63.250.43.15)
www.fly-crypto.com()
www.chahuima.com(155.235.2.174)
www.shopvintageallure.com(34.102.136.180)
www.waltersswholesale.com(166.88.19.181)
www.workerscompfl1.com(162.209.67.117)
www.cletechsolutions.com(192.0.78.24)
www.picturebookoriginals.com()
www.skin4trade.com(2.57.90.16)
166.88.19.181 - mailcious
2.57.90.16 - mailcious
62.77.153.150
34.102.136.180 - mailcious
63.250.43.16
162.209.67.117
44.231.165.140
192.0.78.24 - mailcious
155.235.2.174
172.67.217.247
|
|
|
6.8 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14479 |
2021-11-03 09:41
|
 vbc.exe 6a049652dccbc682444088a9c910abed
Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution DNS |
|
1
|
|
|
3.0 |
|
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14480 |
2021-11-03 09:42
|
 cc.exe 857f6017b36866f5e47a835608b6377c
[m] Generic Malware Generic Malware task schedule Admin Tool (Sysinternals etc ...) Malicious Library UPX AntiDebug AntiVM PE File PE32 VirusTotal Malware Buffer PE Code Injection buffers extracted RWX flags setting unpack itself Windows utilities WriteConsoleW Tofsee Windows ComputerName crashed |
2
https://www.uplooder.net/img/image/71/fb4a19c040a5764f8d73a20bd7705d29/Cehxkrvbbleohgccenheflltcmheyvq.bmp
https://www.uplooder.net/img/image/71/fb4a19c040a5764f8d73a20bd7705d29/Cehxkrvbbleohgccenheflltcmheyvq.bmp%%
|
2
www.uplooder.net(144.76.38.100) - malware
144.76.38.100 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.2 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14481 |
2021-11-03 09:43
|
 5010_1635873664_4193.exe 60938dc1c7bc8a2bbab6b7dac4ac06b4
PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
|
|
6.4 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14482 |
2021-11-03 09:44
|
 vbc.exe 91fb23dcf91534e17f881f58d5aa746c
Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library UPX PE File PE32 VirusTotal Malware AutoRuns Creates executable files RWX flags setting unpack itself Tofsee Windows crashed |
3
https://onedrive.live.com/download?cid=65A7AE11B0C1F12A&resid=65A7AE11B0C1F12A%21131&authkey=ANpUFMDPATtP4fk
https://wy8ibg.bn.files.1drv.com/y4m1cNBZE9_FQOZ4xf3bA19aNEhp3Ab4BU2F4-Tenf3GyCVS2_kFUOwcVgQfw1r_3nJ56Wn8Ci8_BkJ-AvCULuY53Ut5_WJJePsTWx7FB4oMCe91LzkgvzmJLm7OKGh8De1E-tOx_l9q4gmlVgkbOkk2TiDECU6BZF10dZl0_7M98PwhX46z_tOwEbFMGo1ajXGMgqn3VufVwC6juHcT_g81w/Jffpgnbpalrawjcflhfbdsfomcibdmr?download&psid=1
https://wy8ibg.bn.files.1drv.com/y4mO0cDT-Q4gjkLDcr6Uj33ueteGAGczsvHOWgZv7zEPxywH4AJS-BsPzt18HXfTFqRo7iBJ48BmdSQLlXigD0EtHU2nvSqiUA7hX1rR4-WBcMvCXCS6mLZoAKU46veesHVltlDppC89XA_QBoaueJdbK3hhb7UM6rinbS6u3p5kMYPz-ytjRxaS4VzXtVTfjVUABR-LAgYdT4w5WYKeVyfiw/Jffpgnbpalrawjcflhfbdsfomcibdmr?download&psid=1
|
4
wy8ibg.bn.files.1drv.com(13.107.42.12)
onedrive.live.com(13.107.42.13) - mailcious
13.107.42.13 - mailcious
13.107.42.12 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.0 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14483 |
2021-11-03 09:45
|
 vbc.exe 70b04062e5da53d02f8beda0bdeacb35
Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName |
|
|
|
|
9.6 |
|
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14484 |
2021-11-03 09:45
|
 186.exe 357d55e0c7821d2c4bbd26e92ee6a71b
Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution |
|
|
|
|
2.4 |
|
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14485 |
2021-11-03 09:50
|
 index.php 76f8db098c44eb289d6e98bb973219d5
Generic Malware Malicious Library UPX PE File OS Processor Check PE32 PDB unpack itself Remote Code Execution |
|
|
|
|
1.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14486 |
2021-11-03 09:50
|
 9313_1635861230_7991.exe faa81ed90ab9f9d0858effd276647670
Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution |
|
|
|
|
2.8 |
|
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14487 |
2021-11-03 09:51
|
 vbc.exe 594effa8099b0150fc62239293f7510f
Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library UPX PE File PE32 FormBook Emotet Malware download VirusTotal Malware Buffer PE AutoRuns Code Injection Malicious Traffic buffers extracted Creates executable files RWX flags setting unpack itself Tofsee Windows crashed |
18
http://www.bamubusinesssolutions.com/rqan/?ElS=Oqab7tfRx8sIdpyPKdhlr1P/y/SKoxG7Lat41WjkAk+n68MulemFsZXHkYgVDCOXLLVYpApK&lHND=JlztxHHpCVa
http://www.wurzelwerk-sk.com/rqan/?lHND=JlztxHHpCVa&ElS=EVMQbNkrt4gPAHTjtdFCuFi1dmrQswnIIjoERm2qsQfbER0Nmlf0zDIRFk369Iqw9hLNnwY+
http://www.gailkannamassage.com/rqan/?ElS=2EiplEB9LfHEQ7p6E8O7uy8klB9VuSZUysw514NCf6E5XeyZO0JhwkFdsqClzr3FE7gC451G&lHND=JlztxHHpCVa
http://www.appelnacrtl.quest/rqan/?lHND=JlztxHHpCVa&ElS=0vnGGhXrw8MYsAVUzhUBwHY688Yq+I9ufdve08R72y0aFUEJEgc94AtP7vs1Rwh6YJacgQFn
http://www.anthonyaarnold.com/rqan/?ElS=nXb8TAZPYTKJnRrZC8GfrTSCrGoVlau1gQGn5GO75UMd983Q3NLO89qWBoHnTj4RfZv8bfb0&lHND=JlztxHHpCVa - rule_id: 7219
http://www.anthonyaarnold.com/rqan/?ElS=nXb8TAZPYTKJnRrZC8GfrTSCrGoVlau1gQGn5GO75UMd983Q3NLO89qWBoHnTj4RfZv8bfb0&lHND=JlztxHHpCVa
http://www.elitespeedwaxs.com/rqan/?lHND=JlztxHHpCVa&ElS=ZoAJP+BDAkGz+3iNXMJ+CHJb8Mp/qyue60mjjuDFdNde2KHhCcKUmM+q+Vtm4Zuf+kurg8WJ
http://www.uvowtae.xyz/rqan/?ElS=ZZy5hRqmZOoaftbI3lJaY+numQhU08pETZvcVOQuJgi34tSFY0KwcxAXEaVP7V1H/+8PWA+9&lHND=JlztxHHpCVa
http://www.cardboutiqueapp.com/rqan/?lHND=JlztxHHpCVa&ElS=7XmFwjbCeixI2TDSYCNwr0HgHUHoiQEi/VPj3ka7wDWICz/dm8qqNJY2vVzGU6p/p2qyOoMU - rule_id: 6216
http://www.glitchpunks.art/rqan/?ElS=jnMNyp96MVi3d/b9ZvP/NOH36q1LYo6/R+96lzZsgdbViXARiO1YbMDjycmwvJHloLAdu5y1&lHND=JlztxHHpCVa
http://www.miaocharge.com/rqan/?lHND=JlztxHHpCVa&ElS=9CaAjphYMWICGL2ZvM79nWw05WaC2zDB/e+VETAsQSTs54JRZtExQ7YeXjJbFvoxXXUR0vS9
http://www.sarasota-pressurewashing.com/rqan/?lHND=JlztxHHpCVa&ElS=ry+sRFRMXlDxvtE9JGL3tGe1ZWPQULkQ1R/eFzSz4BW7gwKZuQNRVyYVDElVrAqPZ7f9/kYw
http://www.mg-garage.com/rqan/?lHND=JlztxHHpCVa&ElS=VadzcRezl7fYg9HoulrhgdTGgq/MkTgyqBkCX1MMw29+fY+OO3IYrPj5ro0Fk+lhxSYT+hTg
http://www.hubmedia.digital/rqan/?ElS=jKXuqpJ845LlYgXLN57GGReLMLujtTvdbdtZr6KDyHbeGyC6N93DxSGPylyr0R/BLC7uEPiJ&lHND=JlztxHHpCVa - rule_id: 7218
http://www.hubmedia.digital/rqan/?ElS=jKXuqpJ845LlYgXLN57GGReLMLujtTvdbdtZr6KDyHbeGyC6N93DxSGPylyr0R/BLC7uEPiJ&lHND=JlztxHHpCVa
https://tsdu4a.db.files.1drv.com/y4mmkOA8QqvSqK8B-uXc3-dxi6xImnjtUOSfkZ475nBqEPVMewJ1RMuDMtnzOLhGVIwQ-Uu7dqOeHUFHo93S-9oIuId31cPDq9Br_5fXcKitLNCZdExfg-0AH1zShrgZz4Z7ZhY85SRLHHunuwZN8ohu1TX_MuXpyD2Do16bJySf0HHbGLPEvIg0TYXTmkB6Kd_2XPqjz02n1YvGN8-OcrS2Q/Esjciodwwuwolakofuzmeiihfvjqmeb?download&psid=1
https://onedrive.live.com/download?cid=93B08D41736DF17C&resid=93B08D41736DF17C%21107&authkey=AHDrpWvJroXhRdM
https://tsdu4a.db.files.1drv.com/y4mqHJCE4YvQxkMZGuWEGC5R3vOdf9prSE54f80vmMP73krbxeSG675FNEVuAPIIogtrxsHRT1P5Po4TFOCsUu7u022dt0W2Y4KBj_0_Ywnx4o3nZ_-AM779_47a8aOHxWLvLITPwQP1EZpRkWR7PXcMC3Nc4tLm-up66ekK5KBaMFtyTjBttxZj9cabV6K3vU7CCnYNLKbwiUDpIHkP5xsNw/Esjciodwwuwolakofuzmeiihfvjqmeb?download&psid=1
|
30
www.lakshhomesbalram.info()
onedrive.live.com(13.107.42.13) - mailcious
www.cardboutiqueapp.com(185.129.100.113)
www.wurzelwerk-sk.com(81.169.145.80)
www.anthonyaarnold.com(198.54.117.217)
www.elitespeedwaxs.com(34.102.136.180)
www.glitchpunks.art(52.220.193.16)
www.uvowtae.xyz(104.21.67.228)
www.gailkannamassage.com(142.250.207.51)
www.hubmedia.digital(2.57.90.16)
www.mg-garage.com(13.248.216.40)
www.appelnacrtl.quest(37.123.118.150)
www.miaocharge.com(101.32.113.133)
www.bamubusinesssolutions.com(104.161.64.211)
www.sarasota-pressurewashing.com(34.102.136.180)
tsdu4a.db.files.1drv.com(13.107.42.12)
81.169.145.80 - mailcious
76.223.65.111
37.123.118.150 - mailcious
13.107.42.13 - mailcious
13.107.42.12 - malware
34.102.136.180 - mailcious
198.54.117.217 - phishing
104.161.64.211 - mailcious
142.250.204.51
52.220.244.242
2.57.90.16 - mailcious
185.129.100.113 - mailcious
172.67.182.120
101.32.113.133
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE FormBook CnC Checkin (GET)
ET HUNTING Request to .XYZ Domain with Minimal Headers
|
3
http://www.anthonyaarnold.com/rqan/
http://www.cardboutiqueapp.com/rqan/
http://www.hubmedia.digital/rqan/
|
8.8 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14488 |
2021-11-03 09:52
|
 RFQ_ref-0555017803309010.exe c398ef0c8a4d040c905314fb38ed137b
RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
2
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
|
4
freegeoip.app(104.21.19.200)
checkip.dyndns.org(158.101.44.242)
132.226.8.169
104.21.19.200
|
3
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
ET POLICY External IP Lookup - checkip.dyndns.org
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
14.6 |
|
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14489 |
2021-11-03 09:52
|
 vbc.exe d5dda7896090f45e89504fbd260dba84
PWS Loki[b] Loki.m .NET framework Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName Software |
1
http://cloudservertech.xyz/five/fre.php
|
2
cloudservertech.xyz(104.21.4.43)
172.67.131.165
|
6
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
|
|
14.4 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14490 |
2021-11-03 09:54
|
 vbc.exe 3bb66afc2c9f8eb95d6b4eb9f0be3c60
Loki PWS Loki[b] Loki.m .NET framework Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software |
2
http://secure01-redirect.net/ga17/fre.php - rule_id: 6829
http://secure01-redirect.net/ga17/fre.php
|
2
secure01-redirect.net(94.142.140.223)
94.142.140.223
|
7
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Fake 404 Response
|
1
http://secure01-redirect.net/ga17/fre.php
|
13.0 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|