Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2022-04-29 07:52	blackmamba.exe 9a2c436c43cf9941cce0430baf92f254 Loki Gen2 Emotet RAT PWS .NET framework Gen1 Formbook Generic Malware PhysicalDrive NSIS UPX Malicious Library Malicious Packer Anti_VM Antivirus Admin Tool (Sysinternals etc ...) ASPack PE32 PE File OS Processor Check HWP Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Fake 404 Response	1	11.4	M	58	ZeroCERT

2	2022-01-26 07:55	vbc.exe d81601b02629332411d2788bf2d04887 Emotet Gen2 Gen1 NSIS Generic Malware Malicious Library UPX TEST ASPack Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM PE File PE32 OS Processor Check DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder installed browsers check Windows Browser Email ComputerName DNS Software	1 Keyword trend analysis	1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		11.6	M	59	ZeroCERT

3	2021-11-01 10:59	vbc.exe 931568b982ac42dd2edc68ff203ec101 Emotet Gen2 RAT PWS .NET framework Gen1 Formbook NSIS Generic Malware Malicious Library UPX Malicious Packer Antivirus Admin Tool (Sysinternals etc ...) Anti_VM ASPack PE File PE32 OS Processor Check DLL Browser Info Stealer Emotet VirusTotal Malware AutoRuns Code Injection Check memory Creates executable files unpack itself AppData folder installed browsers check Windows Browser					6.2		59	ZeroCERT

4	2021-07-14 17:02	vbc.exe 7cb96438c874f4727c226553d9ca8a18 Loki PWS Loki[b] Loki[m] Gen2 Emotet .NET framework RAT Gen1 Generic Malware NSIS UPX Malicious Library Antivirus Admin Tool (Sysinternals etc ...) Anti_VM DNS AntiDebug AntiVM PE32 PE File OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory buffers extracted Creates executable files AppData folder malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName Software	2 Keyword trend analysis	2		1	12.2		59	ZeroCERT

First
1
Last
Total : 4cnts