Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
14881	2023-03-05 14:44	narko.exe 60ac1de311d1482966f12cd720f56e5a Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) CAB PE32 PE File OS Processor Check DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	5 Keyword trend analysis	4	6 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Amadey CnC Check-In ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)		16.6	M	43	ZeroCERT

14882	2023-03-05 14:43	2201.exe 0f1f4ce03d9bacf600abf05b4c1d6817 Gen2 Gen1 Malicious Packer UPX Malicious Library PE File PE64 VirusTotal Malware PDB Remote Code Execution					1.0	M	18	ZeroCERT

14883	2023-03-05 14:41	handdiy_3.exe f48570526e4923521a63c718ea4a15d3 Gen2 Trojan_PWS_Stealer Credential User Data Generic Malware Malicious Packer SQLite Cookie UPX Malicious Library Anti_VM OS Processor Check PE32 PE File PNG Format Browser Info Stealer VirusTotal Malware suspicious privilege MachineGuid Code Injection Checks debugger WMI Creates executable files ICMP traffic exploit crash Windows utilities suspicious process WriteConsoleW installed browsers check Tofsee Windows Exploit Browser ComputerName Remote Code Execution DNS crashed	1 Keyword trend analysis	5	5		10.8	M	56	ZeroCERT

14884	2023-03-05 14:38	cred64.dll 2cf7028f2e221b5c48ce27381282d7ae Ave Maria WARZONE RAT UPX Malicious Library OS Processor Check DLL PE File PE64 VirusTotal Malware PDB Checks debugger installed browsers check Browser ComputerName crashed					2.0	M	25	ZeroCERT

14885	2023-03-05 14:36	gib.exe e3602917ee3758b7f6bd1e098d82a9e1 UPX Malicious Library PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1		9.0	M	46	ZeroCERT

14886	2023-03-05 14:36	Ysgypfursd.exe 2b053b525219cd96566a58a7d4ff575f RAT NPKI PE File PE64 VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key					2.0	M	38	ZeroCERT

14887	2023-03-05 14:34	cc............................... 0abfe119e17fbffb3bd81577d97de405 RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed Downloader	1 Keyword trend analysis	2	2		4.4	M	26	ZeroCERT

14888	2023-03-05 14:34	2210.exe 6205d4c638c5c3434491477ca9eac840 Gen2 Gen1 Malicious Packer UPX Malicious Library PE File PE64 VirusTotal Malware PDB Remote Code Execution					1.4	M	33	ZeroCERT

14889	2023-03-05 14:33	.win32.exe d16d32f55d2a83dafe140a6a58d784ef UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution					2.0	M	45	ZeroCERT

14890	2023-03-05 14:33	starka.exe 43878e01fb46c6cae4af1004e405cd9c Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) CAB PE32 PE File OS Processor Check DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Malware AutoRuns PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	6 Keyword trend analysis	5	7 Info ET MALWARE Amadey CnC Check-In ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)		17.0	M	35	ZeroCERT

14891	2023-03-05 14:32	1.exe c1e0847bb381373f3206d346cbe36048 Generic Malware Malicious Packer UPX Malicious Library Antivirus OS Processor Check PE File PE64 Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process Ransomware Windows Browser Email ComputerName DNS Cryptographic key crashed		1			8.0	M	43	ZeroCERT

14892	2023-03-05 14:30	gib.exe e3602917ee3758b7f6bd1e098d82a9e1 UPX Malicious Library PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1		9.0	M	46	ZeroCERT

14893	2023-03-05 14:29	clip64.dll 29b9780bb2992d018ae312ed4180a663 UPX Admin Tool (Sysinternals etc ...) Malicious Library OS Processor Check DLL PE32 PE File VirusTotal Malware PDB Checks debugger unpack itself					1.8	M	30	ZeroCERT

14894	2023-03-05 14:27	ColorMC.exe 3ace227a334fa18636c42ab18638abf2 UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware Check memory crashed					1.0	M	14	ZeroCERT

14895	2023-03-05 14:27	vbc.exe e8b4bf0bfe9d51f22728a1676f5d1701 Loki PWS[m] Loki_b Loki_m PWS .NET framework Socket DNS AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.8	M	39	ZeroCERT