Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2021-08-23 19:18	ksbgixgq.exe 5be9bfad00f219b0d219261448a57bda PWS Loki[b] Loki.m AgentTesla RAT Gen1 Formbook browser info stealer Generic Malware UPX Malicious Library ASPack Malicious Packer ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check DLL JPEG Format Browser Info Stealer Malware download FTP Client Info Stealer Vidar Arkei VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Buffer PE PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee ArkeiStealer OskiStealer Stealer Windows Browser Email ComputerName DNS Software Password	10 Keyword trend analysis Info http://188.34.200.103/softokn3.dll http://188.34.200.103/msvcp140.dll http://188.34.200.103/903 - rule_id: 4371 http://188.34.200.103/freebl3.dll http://188.34.200.103/nss3.dll http://188.34.200.103/ - rule_id: 4372 http://188.34.200.103/vcruntime140.dll http://u1452023.cp.regruhosting.ru/PE/steammaa.dll - rule_id: 4381 http://188.34.200.103/mozglue.dll https://eduarroma.tumblr.com/ - rule_id: 4373	6	9 Info ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Vidar/Arkei Stealer Client Data Upload ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)	4	18.8	M	17	ZeroCERT

2	2021-08-23 12:02	ksbgixgq.exe f410aa20278033a2158bc670a4d341a8 PWS Loki[b] Loki.m AgentTesla RAT Gen1 browser info stealer Generic Malware UPX Malicious Library Malicious Packer ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check DLL JPEG Format Browser Info Stealer Malware download FTP Client Info Stealer Vidar Arkei VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Buffer PE PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process suspicious TLD sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee ArkeiStealer OskiStealer Stealer Windows Browser Email ComputerName DNS Software Password	10 Keyword trend analysis Info http://188.34.200.103/softokn3.dll http://188.34.200.103/msvcp140.dll http://188.34.200.103/903 http://188.34.200.103/freebl3.dll http://188.34.200.103/nss3.dll http://188.34.200.103/vcruntime140.dll http://188.34.200.103/ http://u1452023.cp.regruhosting.ru/PE/steammaa.dll http://188.34.200.103/mozglue.dll https://eduarroma.tumblr.com/	6	9 Info ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Vidar/Arkei Stealer Client Data Upload ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)		19.2	M	13	ZeroCERT

First
1
Last
Total : 2cnts