Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2024-03-29 08:10	buildz.exe b63eeaaf33df089b775363868daf45a7 Client SW User Data Stealer LokiBot [m] Generic Malware ftp Client info stealer Suspicious_Script_Bin task schedule Malicious Library UPX Socket DGA Http API ScreenShot PWS DNS Internet API AntiDebug AntiVM PE File PE32 OS Processor Check Malware download Dridex VirusTotal Malware Microsoft Telegram AutoRuns PDB MachineGuid Code Injection Malicious Traffic Checks debugger buffers extracted WMI Creates executable files ICMP traffic unpack itself Windows utilities AppData folder malicious URLs WriteConsoleW Tofsee Windows ComputerName Remote Code Execution DNS crashed	3 Keyword trend analysis	11	11 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) ET INFO Observed Telegram Domain (t .me in TLS SNI) ET INFO TLS Handshake Failure ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Potential Dridex.Maldoc Minimal Executable Request ET MALWARE Win32/Vodkagats Loader Requesting Payload ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET MALWARE Win32/Filecoder.STOP Variant Public Key Download		14.6	M	34	ZeroCERT

First
1
Last
Total : 1cnts