Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2021-07-25 11:07	file2.exe 59901a6b5da704db1ff0fb56eba9e5bb PWS Loki[b] Loki[m] AgentTesla Gen1 browser info stealer Generic Malware UPX Malicious Library Malicious Packer ScreenShot AntiDebug AntiVM PE32 .NET EXE PE File OS Processor Check DLL JPEG Format Browser Info Stealer Malware download FTP Client Info Stealer Vidar Arkei VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee ArkeiStealer OskiStealer Stealer Windows Browser Email ComputerName DNS Cryptographic key Software Password	9 Keyword trend analysis Info http://116.202.183.50/mozglue.dll http://116.202.183.50/903 http://116.202.183.50/nss3.dll http://116.202.183.50/vcruntime140.dll http://116.202.183.50/ - rule_id: 2743 http://116.202.183.50/softokn3.dll http://116.202.183.50/msvcp140.dll http://116.202.183.50/freebl3.dll https://shpak125.tumblr.com/	3	6 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Vidar/Arkei Stealer Client Data Upload ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)	1	16.8	M	21	ZeroCERT

First
1
Last
Total : 1cnts