Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2023-08-02 13:33	C3VB.exe a32e1510eaf70c772b81fc4e9f4c46f3 Redline RedLine stealer LokiBot Emotet Generic Malware Downloader UPX WinRAR Malicious Library .NET framework(MSIL) Admin Tool (Sysinternals etc ...) Antivirus PWS Create Service Socket P2P DGA Steal credential Http API Escalate priviledges Sniff Audio HT Browser Info Stealer RedLine FTP Client Info Stealer VirusTotal Malware powershell AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder WriteConsoleW Firewall state off installed browsers check Tofsee Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	2 Keyword trend analysis	6	5 Info ET POLICY External IP Lookup Domain (myip .opendns .com in DNS lookup) ET ATTACK_RESPONSE RedLine Stealer - CheckConnect Response ET ATTACK_RESPONSE Win32/LeftHook Stealer Browser Extension Config Inbound SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA HTTP unable to match response to request	1	22.6	M	47	guest

2	2023-08-01 08:08	C3VB.exe a32e1510eaf70c772b81fc4e9f4c46f3 LokiBot RedLine stealer Emotet Generic Malware Downloader UPX WinRAR Malicious Library .NET framework(MSIL) Admin Tool (Sysinternals etc ...) Antivirus Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS S Browser Info Stealer RedLine FTP Client Info Stealer VirusTotal Malware powershell AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder WriteConsoleW Firewall state off installed browsers check Tofsee Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	3 Keyword trend analysis	8	5 Info ET POLICY External IP Lookup Domain (myip .opendns .com in DNS lookup) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET ATTACK_RESPONSE RedLine Stealer - CheckConnect Response ET ATTACK_RESPONSE Win32/LeftHook Stealer Browser Extension Config Inbound SURICATA HTTP unable to match response to request		22.6		41	ZeroCERT

3	2022-06-20 10:25	azne.exe 9c779aff9633f41e48fd1d61ad0fec74 PWS[m] PWS Loki[b] Loki.m RAT .NET framework Gen1 Gen2 UPX Malicious Library Malicious Packer Socket ScreenShot DNS Internet API HTTP KeyLogger Http API AntiDebug AntiVM PE32 .NET EXE PE File DLL OS Processor Check Malware download Azorult VirusTotal Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Windows Browser ComputerName Cryptographic key crashed	2 Keyword trend analysis	2	2		15.6	M	24	ZeroCERT

First
1
Last
Total : 3cnts