Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2024-02-05 09:38	InstallSetup22.exe f99cddefb34c8ce86cb76747cc92a996 Client SW User Data Stealer Gen1 ftp Client info stealer NSIS Generic Malware Malicious Library UPX Antivirus Admin Tool (Sysinternals etc ...) Malicious Packer PWS Anti_VM AntiDebug AntiVM PE32 PE File PNG Format OS Processor Check DLL ZIP Format MZP F Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c AutoRuns Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check Ransomware Stealc Stealer Windows Browser Email ComputerName DNS Software plugin	11 Keyword trend analysis Info http://185.172.128.127/ping.php?substr=two http://185.172.128.90/cpa/ping.php?substr=two&s=ab - rule_id: 38981 http://185.172.128.79/15f649199f40275b/vcruntime140.dll http://185.172.128.127/syncUpd.exe - rule_id: 39250 http://185.172.128.79/15f649199f40275b/sqlite3.dll http://185.172.128.79/15f649199f40275b/mozglue.dll http://185.172.128.79/15f649199f40275b/freebl3.dll http://185.172.128.79/15f649199f40275b/softokn3.dll http://185.172.128.79/15f649199f40275b/nss3.dll http://185.172.128.79/3cd2b41cbde8fc9c.php http://185.172.128.79/15f649199f40275b/msvcp140.dll	3	19 Info ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla)) ET INFO Executable Download from dotted-quad Host ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET INFO Packed Executable Download ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	2	21.4	M	42	ZeroCERT

First
1
Last
Total : 1cnts