Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2023-07-31 07:40	Setup.exe 9bb0bf48749cecfeadc4e6be1a2ad5ef Emotet Gen1 UPX Malicious Library Malicious Packer AntiDebug AntiVM OS Processor Check .NET EXE PE File PE32 DLL Browser Info Stealer Malware download VirusTotal Email Client Info Stealer Malware c&c Buffer PE PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName Remote Code Execution DNS plugin	8 Keyword trend analysis Info http://91.212.166.50/812472d22955f523.php http://91.212.166.50/1b13d87b74e22997/nss3.dll http://91.212.166.50/1b13d87b74e22997/sqlite3.dll http://91.212.166.50/1b13d87b74e22997/vcruntime140.dll http://91.212.166.50/1b13d87b74e22997/msvcp140.dll http://91.212.166.50/1b13d87b74e22997/mozglue.dll http://91.212.166.50/1b13d87b74e22997/softokn3.dll http://91.212.166.50/1b13d87b74e22997/freebl3.dll	1	17 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 8 ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET INFO Dotted Quad Host DLL Request ET MALWARE Win32/Stealc Active C2 Responding with plugins Config ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity ET MALWARE Win32/Stealc Submitting Screenshot to C2		14.2		9	ZeroCERT

First
1
Last
Total : 1cnts