Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2023-09-21 09:33	TiWorker.exe 043e70250aeeec512af0393baf488866 LokiBot .NET framework(MSIL) Socket PWS DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs suspicious TLD installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	9 Info ET DNS Query to a .top domain - Likely Hostile ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP Request to a .top domain ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response		13.8		34	ZeroCERT

2	2023-09-21 09:30	TiWorker.exe e10fec549c39c3274dcda749ec3a7119 .NET framework(MSIL) AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself AppData folder Browser	5 Keyword trend analysis Info http://www.sqlite.org/2016/sqlite-dll-win32-x86-3140000.zip http://www.xclshiye.com/ekss/?IsCSSlG=kHdraKEfjB12B9p7l0zuiFs0jFsPsK2ty+h3/NWt5GpHSXbsL17DJmxeUix/PqfBxVIu6n00WNchBCHR2+SzfbFa6JaE1snn4Qg/Xqk=&90PB=YunUmQDZezap http://www.xclshiye.com/ekss/ http://www.sqlite.org/2018/sqlite-dll-win32-x86-3240000.zip http://www.sqlite.org/2017/sqlite-dll-win32-x86-3190000.zip	5			10.6	M	47	ZeroCERT

3	2023-09-20 18:05	TiWorker.exe 75b192f9b810dedde93595a8a1b1dd8d LokiBot .NET framework(MSIL) Socket PWS DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software crashed	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP Request to a *.buzz domain ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2		13.0	M	18	ZeroCERT

4	2023-09-20 17:58	SBqxEB20ZJgWYrR.exe c6f8afa65badddd3590c98f05c766c01 Generic Malware .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Disables Windows Security Check virtual network interfaces suspicious process WriteConsoleW IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	1 Keyword trend analysis	2	3		15.4	M	24	ZeroCERT

First
1
Last
Total : 4cnts