Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2023-08-31 09:45	taskhost.exe 9ddf58d42ea6fd8cbc1f2642c336358f RedLine stealer .NET framework(MSIL) AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName Cryptographic key Software crashed		2	4		10.2	M	10	ZeroCERT

2	2023-08-31 09:44	taskhost.exe 9ddf58d42ea6fd8cbc1f2642c336358f RedLine stealer Generic Malware .NET framework(MSIL) Malicious Library UPX Malicious Packer Anti_VM AntiDebug AntiVM PE File .NET EXE PE32 PE64 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces installed browsers check Stealer Windows Browser ComputerName Trojan DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	10 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET HUNTING SUSPICIOUS winlog.exe in URI Probable Process Dump/Trojan Download ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		13.2		10	ZeroCERT

First
1
Last
Total : 2cnts