Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.20 07:04
.csrss.exe
04.20 07:04
.csrss.exe
04.20 06:04
cookies-alert-script.j...
04.20 06:04
mdb.min.css
04.20 06:04
font-awesome.min.css
04.20 06:04
bootstrap.min.css
04.20 06:04
style.css
04.20 06:04
popper.min.js.pobrane
04.20 06:04
jquery-3.2.1.min.js.po...
04.20 06:04
mdb.min.js.pobrane

Latest News
04.20 02:04
[K-CTI 2025] 엔키화이트햇 천호...
04.20 01:04
[K-CTI 2025] 안랩 김승관 부장...
04.20 12:04
[K-CTI 2025] 케이토네트웍스 "...
04.20 12:04
[K-CTI 2025] 전덕조 씨큐비스타...
04.20 11:04
Frankenflair 58: Manua...
04.20 10:04
IT Sicherheitsnews tae...
04.20 08:04
China’s TMSR-LF1 Molte...
04.20 07:04
Tiktok testet Fußnoten...
04.20 07:04
KI-Bots im Undercover-...
04.20 07:04
Entkomme der Zahlenfal...

Dropped Files | ZeroBOX

Name	dfee8783677d5661_bassenc_ogg.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Electro\bassenc_ogg.dll
Size	148.8KB
Processes	2548 (stealc.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`0d71a82f3955433ccf1a1edb3a911f30`
SHA1	`186572f10f77b04e1eb77d5addd092a0d5a59f61`
SHA256	`dfee8783677d5661c873d1dd3b0fabb5ad6cc7c9638cb9390f728b0a4ac14574`
CRC32	`D07C7989`
ssdeep	`3072:Tt2dSYEY31QBnker9yCwqDYOxSeR9v4+gNWNKGmXUzWCtZK+j5IHovPjH/:T0S1Y31IBICwwZxSerghWNKG/T0ovPr/`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	1d2ccc2e25e1b645_bassenc.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Electro\bassenc.dll
Size	19.5KB
Processes	2548 (stealc.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`397ea39937b51405f34245fe0cda1388`
SHA1	`4d412bc305dc0757977b6b084aa7046c1b11159b`
SHA256	`1d2ccc2e25e1b645f63dfe93d191aa9fe1b14fa0296f922ae467766c1c64d633`
CRC32	`270FDB09`
ssdeep	`384:06ryqKGPrXnpEvaFPOGtwrYYnXsecjRGsziMclFXs36JytSLK0ridDl:06ryqKGPrXnqwGMKnc2BNlF2TH`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	3702f03ca6de73d3_batchfileconverter.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Electro\BatchFileConverter.exe
Size	1.9MB
Processes	2548 (stealc.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c7c95e2b4079dd79e0fc1087e3976450`
SHA1	`9d743a09a43db3abb02ca5cc3cf03fedf5598b71`
SHA256	`3702f03ca6de73d3909c9b1e02f319b94f51ea598e1693c1290899e2ca0fe485`
CRC32	`18347B16`
ssdeep	`49152:Za9wXK+HMZ0vFIfGv+cSj9T8P96zHPp9r12EHnUKpSq:89wXK+HM+9I+vv6YP96vr1x0KUq`
Yara	PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet IsPE32 - (no description) ASPack_Zero - ASPack packed file mzp_file_format - MZP(Delphi) file format UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	755514fb677db5e0_lunula.odp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Electro\lunula.odp
Size	711.3KB
Processes	2548 (stealc.exe)
Type	data
MD5	`ba55969989d57fd31d8e27374471c6a1`
SHA1	`aa3a252e2cb8def4cc3c3a118b46e34874c14d32`
SHA256	`755514fb677db5e0988ba513783ec1956f1d1711fd0037e9b4343135bc36e8cf`
CRC32	`F7E7E5ED`
ssdeep	`12288:1kvWK2fXhRAB9v6c3bB9ZlKXez+K6l2+jLwmGaJl/unesVhYwrSwJBg5yq+4n:1kOK2fXLAB9v6cL/ZlKXM+K0nfJlUEwO`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	a844247b7cdcac1a_basswma.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Electro\basswma.dll
Size	17.3KB
Processes	2548 (stealc.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`d2177355beccfdbc1e7b5c687dfba290`
SHA1	`0557f3883aa8eabefa6a110a08cf549117fd1901`
SHA256	`a844247b7cdcac1a5f61c604e4db111b274616c0eb19a70cdfb073c8c2f3b375`
CRC32	`6CB297B5`
ssdeep	`384:OPR8697gJWJ/IAzOvfHNfd+E5hHkCwp0jcGDv6K0Ww:2Po2IA+fNfcEfHkCwqjcUlw`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	3cd00f456f51829e_bass.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Electro\bass.dll
Size	125.2KB
Processes	2548 (stealc.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`c5b3059004e2c7631915ec044f4e6c63`
SHA1	`dbcdc0aba1d9cf3396ba8ae00bb3671c85047fb2`
SHA256	`3cd00f456f51829eda119e0e133acc1e45a5930d61fc335a2e9aa688a836a24d`
CRC32	`96361057`
ssdeep	`3072:7frTXJxt16KWs6ij8hj768jKRT5f9Uvx0N:7TTX7t16KW/iwhjlKd5fOx0N`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14___tmp_rar_sfx_access_check_36063015 Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\Electro\__tmp_rar_sfx_access_check_36063015
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	85c32d698cf8a544_audiogenie3.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Electro\AudioGenie3.dll
Size	538.0KB
Processes	2548 (stealc.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`fd60ebf6d0b9bbf2ac08235c9164eaed`
SHA1	`478d60c5c0442dd0bf53d749318f342520c2ae86`
SHA256	`85c32d698cf8a544d260f3120634f45db81e96afaf8e2d55659eb310cda3c912`
CRC32	`53DD8568`
ssdeep	`6144:qMYWEuv3UHae2yunz2BApacMp1dINtFyQ85rF4tECbNXz5BGpaG2tVfxbpdovKF4:HTUHaByu0ApahuNORKkt2jhHqKFG/`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) DllRegisterServer_Zero - execute regsvr32.exe IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	0c59c4dfd044adcb_lunarian.ppt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Electro\lunarian.ppt
Size	50.7KB
Processes	2548 (stealc.exe)
Type	data
MD5	`e745d305ed9e190c0e876fbc37a751d1`
SHA1	`2f80285383ec9e7e72df2056fdf7214a6afdb044`
SHA256	`0c59c4dfd044adcbaa94aea8426e0e0c207db95df27bbe6996d92b57e2c5d579`
CRC32	`78774C48`
ssdeep	`1536:TXDwn/h8PDNuGxJBxyYEN3L57bXGsE+BrGq/zQ28:3wn/AvfJw3tTGsE+7v8`
Yara	None matched
VirusTotal	Search for analysis

Name	704bc9a084989871_bassmix.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Electro\bassmix.dll
Size	21.2KB
Processes	2548 (stealc.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`6cbd7a375e98420dc8cc2475b62c895b`
SHA1	`ff4b3d66f4a8916acf36a7cc6e075dc25d468295`
SHA256	`704bc9a084989871a567abc638aec57b3c6514ef1e31ceacd0fb347551a7aaf4`
CRC32	`F8CB24DC`
ssdeep	`384:E474Es0kPXttQZe3Po1cUwRPdUWkEXCDau/ucCrELK0fotnjFf:E47Hs9PXtYkPo1CRyZESt/ucG`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis