Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2024-02-16 08:12	bugai.exe 04354f40a9b6cd2f8f76d1dd35c798c8 Client SW User Data Stealer browser info stealer Generic Malware EnigmaProtector Themida Packer Google Chrome User Data Downloader UPX Malicious Packer Admin Tool (Sysinternals etc ...) Malicious Library Http API PWS Code injection Create Service Soc Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Update Exploit Browser RisePro Email ComputerName DNS Software crashed Downloader	14 Keyword trend analysis Info http://185.215.113.46/cost/fu.exe - rule_id: 39367 http://185.215.113.46/cost/ladas.exe - rule_id: 39368 http://185.215.113.46/mine/plaza.exe - rule_id: 39369 http://185.215.113.46/cost/niks.exe - rule_id: 39371 http://185.215.113.46/cost/well.exe - rule_id: 39372 https://accounts.google.com/generate_204?h-1oTQ https://www.google.com/favicon.ico https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ATuJsjzcPUtDudBbROHOQ6tT1zfhEou-4TBJ2JnLfFVM5zMyNevnuIkHvddBUcT479PyW_00Wi1o https://db-ip.com/demo/home.php?s=175.208.134.152 https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ATuJsjzhfDFkb5rx61u0tsHnzrzfCHBuD8tlOuuj6ABBJFfzH8g2ecMn_GKIWDB6sy23s0Vosdg4&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S470561878%3A1708037893123060 https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png	12	13 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 22 ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO Packed Executable Download	5	28.4	M	30	ZeroCERT

First
1
Last
Total : 1cnts