Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2023-12-31 21:13	WWW14_64.exe 24fbc8705072bb32a6ac2fc995a66f17 Generic Malware Malicious Library VMProtect UPX PE File PE64 VirusTotal Malware unpack itself Disables Windows Security Windows DNS crashed		4			5.2	M	55	guest

2	2023-09-14 19:30	WWW14_64.exe 24fbc8705072bb32a6ac2fc995a66f17 PrivateLoader RedLine Infostealer RedLine stealer Eredel Stealer Extended Generic Malware UPX Malicious Library VMProtect Malicious Packer .NET framework(MSIL) Confuser .NET PWS SMTP AntiDebug AntiVM PE File PE64 DLL PE32 OS Processor Check .NET EX Browser Info Stealer RedLine Malware download VirusTotal Malware Microsoft Buffer PE MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Disables Windows Security Check virtual network interfaces suspicious process AppData folder sandbox evasion IP Check PrivateLoader Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key crashed	24 Keyword trend analysis Info http://193.42.32.118/api/firegate.php http://45.9.74.80/super.exe - rule_id: 36063 http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://ji.alie3ksgbb.com/m/ela205.exe - rule_id: 36360 http://marrakechchoralmeeting.ma/cgi-sys/suspendedpage.cgi http://45.15.156.229/api/firegate.php - rule_id: 36052 http://apps.identrust.com/roots/dstrootcax3.p7c http://193.42.32.118/api/tracemap.php - rule_id: 36180 http://230907161118223.nmr.xrm42.top/f/fikim0907223.exe - rule_id: 36358 https://preconcert.pw/setup294.exe - rule_id: 36162 https://sun6-20.userapi.com/c237031/u44017378/docs/d47/f53dd4d29da4/red.bmp?extra=aPmcskdA3y2ObuY7QHUX6sPMjQu36B4newP0bAW-Ly73hW3EW_bozidYJAqh73X7SUvR1gIX9uc9Cb4NNw95t2w09-_aicB8V3k2Xih1EYLcm7JY06Dr2jP135rFTycmXICkUKS8rcX-rNt7 https://sun6-21.userapi.com/c235131/u17799268/docs/d34/0d08248537eb/d3232adg.bmp?extra=MXfyziyjTKDf6ofOrhDCTKpsWkbv10mkMTRRhYIV8JRe3R-EQTQ053o3girAdfhhnn5fc1YH_S_WsBSzGbqRuEfy-bz_PCHnGFFm2ELe6Vs13UB3lsTOyfn7GTx222_mFRvKUYaEAkS6mnss https://verypayment.net/1bc7618fb98d2d4c287a4f9d42a3529b/7725eaa6592c80f8124e769b4e8a07f7.exe https://vk.com/doc17799268_667370292?hash=3zgmNBZUEabUAWsj0zIdTPreX2uOk9XZqB04AKml9Wc&dl=3EXwtWCuOk8m89Hgrb6xTH69yK7gn8gGsiaT4sE12Ls&api=1&no_preview=1#review https://vk.com/doc17799268_667356691?hash=cUASNycPr9e7ejTeXRHP4JzU43t6UAQvFbVpJRIyYfL&dl=WIcfE7rh128yHk3HTd3LfM84KN7pulppjnAcRmZGByH&api=1&no_preview=1#orig https://api.myip.com/ https://sun6-23.userapi.com/c909218/u17799268/docs/d51/a01868bc6519/OriginalBuild.bmp?extra=ubUUt1995rM2O1vMl6qK3XtVBz9_ydnjOUtvK8odosQtYQIMBBSkvaNNKqqilClao3gbzVteXVX9L9OFNSV06NdFFhqmBwxMRWCeFMALiLTI8W6Vx3d4vHYiIZ6fNIjaj-fFlB6HwOA5YYkC https://vk.com/doc44017378_669202180?hash=Qj8GmTTzSwexN5MiDhkzSBdsEuAfR50DxI5PmBbRzn8&dl=G49L5cNOoCw8qI3zZagSCyprvu5ngf5V9jZb6GDfmT8&api=1&no_preview=1#redcl https://psv4.userapi.com/c909518/u17799268/docs/d38/272bd98cd010/h27lmi0.bmp?extra=8E5LnE31GAfkun85y6q3JNHdEJ6rb3OS4of8U197zzjPBwzlcBmXiYtqfGEzAOOcBigBbtsjBtCJpKZMK3_lQTtjrrC6bCw4QqmXuSbFcrs-fVc_0h4X8B-FoNEyrA4yLWeFIUw2C7A5wlE2 https://psv4.userapi.com/c909228/u17799268/docs/d27/d584128e4c13/setup.bmp?extra=QZMNAMmYW-qEHWSBh6dZ9jyKy_PY0fq3EfQW125lr8gOTPQKKk8D6XHsyvSTOD3T7PxspO6gsaXVUJbHjY4x2FlKcs3MgJmS9q6rOCgsMt-fKwYArNbdvgjxPZr2zE35GnV0uOAIllJpHWOQ https://vk.com/doc17799268_667374166?hash=t73r7TZmjqi4mQ6K8CuchmsQ2lbq7RbjhwFx1c1Azcg&dl=HaU76slkxIDZ6fTldzxVLdSFmSzwAiccfTBkzLQsA4D&api=1&no_preview=1#u9 https://vk.com/doc17799268_667370950?hash=kmRsdqMou4vNz1YzodkAQZcJxKjXdXHF3v2Zycf1w2H&dl=i4K7yr2wzDFn7JZ4az5BAF7ZSXsQBGNbt8o8BOvxSaw&api=1&no_preview=1 https://sergejbukotko.com/7725eaa6592c80f8124e769b4e8a07f7.exe - rule_id: 36188 https://sun6-20.userapi.com/c237031/u17799268/docs/d44/9d7023004930/PL_Client.bmp?extra=X1aJqe75cj3wH63JyDtM4ZvEFrLEEDM9Cj69lrcSXLQLpLhAVquotaOP2hnr-i131Cw2CXTQYaZGiXrawiBA3-dvrSYSkiKl6gd5nnzy6xUssRlZdOecvfBwEwrAygIbNtWImtAz1AfD6bvt	39 Info preconcert.pw(104.21.84.222) - malware ji.alie3ksgbb.com(172.67.200.102) - mailcious psv4.userapi.com(87.240.190.76) marrakechchoralmeeting.ma(178.63.45.64) - malware api.myip.com(104.26.9.59) vk.com(93.186.225.194) - mailcious verypayment.net(172.67.148.157) sergejbukotko.com(104.21.59.53) - malware z.nnnaajjjgc.com(156.236.72.121) - malware ipinfo.io(34.117.59.81) sun6-23.userapi.com(95.142.206.3) sun6-20.userapi.com(95.142.206.0) - mailcious 230907161118223.nmr.xrm42.top(94.156.35.76) - malware sun6-21.userapi.com(95.142.206.1) - mailcious iplis.ru(148.251.234.93) - mailcious 148.251.234.93 - mailcious 172.67.197.101 87.240.137.140 87.240.129.133 - mailcious 176.123.9.85 - mailcious 193.42.32.118 - mailcious 45.9.74.80 - malware 172.67.200.102 34.117.59.81 172.67.214.144 - malware 182.162.106.32 104.26.8.59 104.21.95.210 87.240.137.134 185.225.73.32 - mailcious 156.236.72.121 - mailcious 45.15.156.229 - mailcious 95.142.206.3 95.142.206.1 - mailcious 95.142.206.0 - mailcious 94.156.35.76 - malware 87.240.132.78 - mailcious 185.225.74.51 - mailcious 178.63.45.64 - mailcious	19 Info SURICATA Applayer Mismatch protocol both directions SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET DNS Query to a .pw domain - Likely Hostile ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET INFO TLS Handshake Failure ET MALWARE Redline Stealer Activity (Response) ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET DNS Query to a .top domain - Likely Hostile ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET INFO HTTP Request to a *.top domain ET INFO Executable Download from dotted-quad Host ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Response)	8 Info http://45.9.74.80/super.exe http://45.15.156.229/api/tracemap.php http://ji.alie3ksgbb.com/m/ela205.exe http://45.15.156.229/api/firegate.php http://193.42.32.118/api/tracemap.php http://230907161118223.nmr.xrm42.top/f/fikim0907223.exe https://preconcert.pw/setup294.exe https://sergejbukotko.com/7725eaa6592c80f8124e769b4e8a07f7.exe	18.6	M	11	ZeroCERT

First
1
Last
Total : 2cnts