Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...
09.20 10:09
Inquiry-Dubai.js

Latest News
09.20 11:09
How IT infrastructure ...
09.20 11:09
This Week in Security:...
09.20 11:09
Europol Shuts Down Maj...
09.20 11:09
Microsoft Edge securit...
09.20 10:09
Could Artificial Intel...
09.20 10:09
Sintesi riepilogativa ...
09.20 10:09
MicroStrategy Raises $...
09.20 10:09
How integrated pentest...
09.20 10:09
Indian SMEs Targets Of...
09.20 10:09
-=TWELVE=- is back

Dropped Files | ZeroBOX

Name	6a800af4a5945492_compatto.mov Submit file
Filepath	C:\Users\test22\AppData\Roaming\IPJetaNqFjk\Compatto.mov
Size	111.8KB
Processes	1836 (vpn.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`c9a6e883f44dabf36a8625b92db40147`
SHA1	`1c22d8efc39aebd2a5e2d8e06e1db79659872851`
SHA256	`6a800af4a5945492c2f16830d14c8afee1da4d373fc311fc0af7f80a46586a50`
CRC32	`A0DEBD37`
ssdeep	`3072:fdaVNJ0qfTWHq8ob8MoT9chiLrbwT5D3C:FyXrCHPHJ9F0TM`
Yara	anti_vm_detect - Possibly employs anti-virtualization techniques
VirusTotal	Search for analysis

Name	94aeba5347792c0e_a Submit file
Filepath	C:\Users\test22\AppData\Roaming\IPJetaNqFjk\a
Size	598.6KB
Type	ASCII text, with very long lines, with CRLF, CR, LF line terminators
MD5	`facccc3cd60b353d8516a5d71ccfa5b3`
SHA1	`434ac732476be9b41f0ebb7bcb6731218f563c0e`
SHA256	`94aeba5347792c0ef3d47aa1ad1b2668780241e31aa1de733a986da2ee15b43c`
CRC32	`1AAD452D`
ssdeep	`12288:iCTiwGwLwgwpwEwrwFwicIvXHCu00I9Vzl9b6AX1FlrK8I912GMjB:hTiwGwLwgwpwEwrwFwicIvCuFsVh9bNt`
Yara	None matched
VirusTotal	Search for analysis

Name	2f7f8fc05dc4fd0d_UAC.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsf6442.tmp\UAC.dll
Size	14.5KB
Processes	732 (lv.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`adb29e6b186daa765dc750128649b63d`
SHA1	`160cbdc4cb0ac2c142d361df138c537aa7e708c9`
SHA256	`2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08`
CRC32	`1FE27A66`
ssdeep	`192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs`
Yara	PE_Header_Zero - PE File Signature Zero escalate_priv - Escalade priviledges win_token - Affect system token IsPE32 - (no description) IsDLL - (no description) IsWindowsGUI - (no description) HasRichSignature - Rich Signature Check
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nsp6431.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsp6431.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	501b5bcaf77b43a2_vpn.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\New Feature\vpn.exe
Size	1010.6KB
Processes	732 (lv.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
MD5	`2c6b8f6390e681e39211c6e3c42d7160`
SHA1	`378c2514dc880162d7a56bc159202aa5675e4738`
SHA256	`501b5bcaf77b43a2e6c88ae26935ad18aff81836765158683be0acb1be985103`
CRC32	`A5939722`
ssdeep	`24576:P53uhFlqz9rt0Kb9jm7nTTiPVlO/mqhWOF8YnSUCTx:P5+hFcdt0KZjUTTioJ8Z`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Zero screenshot - Take screenshot keylogger - Run a keylogger win_files_operation - Affect private profile IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check HasOverlay - Overlay Check HasModified_DOS_Message - DOS Message Check
VirusTotal	Search for analysis

Name	4dd8061957f0e782_Rivederci.mov Submit file
Filepath	C:\Users\test22\AppData\Roaming\IPJetaNqFjk\Rivederci.mov
Size	140.0KB
Processes	1836 (vpn.exe) 1896 (Suo.exe.com)
Type	data
MD5	`0820ced5f8eedba1cff9305fb1d70d38`
SHA1	`54b3c9f1a68eae4cf78c2ec53a70d7af1ac14910`
SHA256	`4dd8061957f0e782b9d2cc769cffa9cc84b692697abf3f85959befd7ed49e184`
CRC32	`309B553E`
ssdeep	`3072:JiCuJ7ZqeJYYlQqmUtSFDY0xRdSiijfEq/0l/H:JiXVJJYYlT8pY0xnSiiEUo/H`
Yara	None matched
VirusTotal	Search for analysis

Name	6b401bb1916d4b07_4.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\New Feature\4.exe
Size	228.0KB
Processes	732 (lv.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`eb73d958db5be86de2d99f07f3be386c`
SHA1	`4424373585fe2e687eed2c15943a478a3489d20d`
SHA256	`6b401bb1916d4b07eb3f57757d87343340b54396627ffd066ccb7bc954eccaa8`
CRC32	`ED8655BD`
ssdeep	`3072:croX8pfuf4GjvI7LZf/Ib2f7yjwBaQSfnvR0Hq/Ldm2ZgSO5KwmrXyf6/6:AoMcrvMLx/q2fWjMaQqvRj/hm4DKNX`
Yara	PE_Header_Zero - PE File Signature Zero Trojan_Win32_Glupteba_1_Zero - Trojan Win32 Glupteba win_mutex - Create or check mutex win_files_operation - Affect private profile IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check HasDebugData - DebugData Check HasRichSignature - Rich Signature Check
VirusTotal	Search for analysis

Name	948921c4315c4193_6.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\New Feature\6.exe
Size	266.0KB
Processes	732 (lv.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7daaa443b4a00f305a20de49ed384b7d`
SHA1	`7a015869eacba9208c0b71532f9a6194d9882e70`
SHA256	`948921c4315c4193d2947d17415ddb3a1ed7714c4ffd329664a8f6169e850fb8`
CRC32	`DD0DE229`
ssdeep	`6144:3pFy2QYL84D9kmg761KChzURMdGsczRP:/y2QYL9G6NqR`
Yara	PE_Header_Zero - PE File Signature Zero Trojan_Win32_Glupteba_1_Zero - Trojan Win32 Glupteba win_mutex - Create or check mutex win_files_operation - Affect private profile IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check HasDebugData - DebugData Check HasRichSignature - Rich Signature Check
VirusTotal	Search for analysis

Name	80dc1b35038df1c2_animazione.mov Submit file
Filepath	C:\Users\test22\AppData\Roaming\IPJetaNqFjk\Animazione.mov
Size	921.8KB
Processes	1836 (vpn.exe)
Type	data
MD5	`478249cd11c8435e67594b1d543937d1`
SHA1	`a5cc48853ded54c1e207330fee53a9b1b275864e`
SHA256	`80dc1b35038df1c2c9485aee7b52aaaafc6a216a6417a4ecd689efc8eea65d6b`
CRC32	`3A73B10A`
ssdeep	`24576:TJs7DlG83U/hcSO3UTyYPeuZtxY+8aiB8ea:TC7hGOSPT/PxebaiO`
Yara	OS_Processor_Check_Zero - OS Processor Check Signature Zero inject_thread - Code injection with CreateRemoteThread in a remote process network_http - Communications over HTTP escalate_priv - Escalade priviledges screenshot - Take screenshot keylogger - Run a keylogger win_registry - Affect system registries win_token - Affect system token win_files_operation - Affect private profile Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration Str_Win32_Wininet_Library - Match Windows Inet API library declaration Str_Win32_Internet_API - Match Windows Inet API call Str_Win32_Http_API - Match Windows Http API call AutoIt - www.autoitscript.com/site/autoit/
VirusTotal	Search for analysis