Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2024-09-24 11:15	66f18a5501651_ww_a.exe 221942540e2630630887a7b59a855ec2 Gen1 Generic Malware Malicious Library .NET framework(MSIL) UPX Malicious Packer PWS Anti_VM AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check DLL PE64 ftp DllRegisterServer dll ZIP Format Browser Info Stealer Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself malicious URLs IP Check Tofsee Ransomware Windows Browser ComputerName RCE DNS crashed Downloader	6 Keyword trend analysis	13	13 Info ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO URL Shortener Service Domain in DNS Lookup (iplog .co) ET INFO Observed URL Shortener Service Domain (iplog .co in TLS SNI)		15.6	M	19	ZeroCERT

2	2024-07-17 20:58	66979ab41b05f_crypta.exe 4fdec920bb078c6636323ec0d77be95d Malicious Library .NET framework(MSIL) UPX ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself DNS		1			8.0		15	ZeroCERT

First
1
Last
Total : 2cnts