Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2023-12-14 08:07	file.exe db9836afc44b9a8fd086abd3e882524e Amadey Downloader Admin Tool (Sysinternals etc ...) .NET framework(MSIL) UPX MPRESS Malicious Library Http API ScreenShot Create Service Socket DGA Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API pe Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Buffer PE AutoRuns PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process AppData folder suspicious TLD sandbox evasion WriteConsoleW VMware anti-virtualization installed browsers check Ransomware Lumma Stealer Windows Browser Email ComputerName Firmware DNS Cryptographic key Software crashed Downloader	4 Keyword trend analysis	4	12 Info ET DNS Query to a .pw domain - Likely Hostile ET INFO HTTP Request to a .pw domain ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration ET MALWARE [ANY.RUN] Win32/Lumma Stealer Check-In ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Amadey Bot Activity (POST) M1	2	25.6	M	47	ZeroCERT

First
1
Last
Total : 1cnts