Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2022-03-28 16:54	6012_1648401214_7634.exe b1413ac584b27dc8d1b443b347354fb1 RAT PWS .NET framework .NET EXE PE File PE32 MachineGuid Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee	1 Keyword trend analysis	4	1		2.2			ZeroCERT

2	2022-01-16 22:51	111.exe bc8905c3958b8b5f581a9045d58c9966 Gen1 Gen2 UPX Malicious Library Malicious Packer TEST ASPack PE File PE32 DLL OS Processor Check VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Collect installed applications AppData folder AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS crashed	4 Keyword trend analysis	2			11.6	M	21	ZeroCERT

3	2021-09-06 18:27	ghjkl.exe b23d6c569893579789695f3d05accbe1 PWS Loki[b] Loki.m Gen1 Gen2 Generic Malware Malicious Library Malicious Packer ASPack UPX Antivirus DNS Socket KeyLogger HTTP Internet API ScreenShot Http API Steal credential AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check GIF Format J Browser Info Stealer Malware download FTP Client Info Stealer Azorult VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files ICMP traffic unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser Email ComputerName DNS Cryptographic key Software crashed	14 Keyword trend analysis Info http://mazooyaar.ac.ug/mozglue.dll http://mazooyaar.ac.ug/softokn3.dll http://45.142.215.237/ - rule_id: 4923 http://45.142.215.237/ http://45.142.215.237//l/f/nxZPunsBPvGyIjkLqZcB/6936a2712329bb51d12294e3b6891e6d95b1d2d6 - rule_id: 4923 http://45.142.215.237//l/f/nxZPunsBPvGyIjkLqZcB/6936a2712329bb51d12294e3b6891e6d95b1d2d6 http://mazooyaar.ac.ug/freebl3.dll http://mazooyaar.ac.ug/nss3.dll http://45.142.215.237//l/f/nxZPunsBPvGyIjkLqZcB/6177c830445f6d0494ffcd9e25a157ee4342b34a - rule_id: 4923 http://45.142.215.237//l/f/nxZPunsBPvGyIjkLqZcB/6177c830445f6d0494ffcd9e25a157ee4342b34a http://mazoyer.ac.ug/index.php http://mazooyaar.ac.ug/msvcp140.dll http://mazooyaar.ac.ug/sqlite3.dll https://telete.in/brikitiki - rule_id: 4181	8	6 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET DROP Spamhaus DROP Listed Traffic Inbound group 25 ET MALWARE AZORult v3.3 Server Response M3	4	26.8	M	44	ZeroCERT

4	2021-09-06 18:15	ghjkl.exe b23d6c569893579789695f3d05accbe1 Gen1 Gen2 Generic Malware Malicious Library Malicious Packer ASPack UPX Antivirus ScreenShot Http API Steal credential AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check GIF Format JPEG Format Browser Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files ICMP traffic unpack itself Collect installed applications Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser Email ComputerName DNS Cryptographic key crashed	4 Keyword trend analysis	5	4	1	21.6	M	44	ZeroCERT

5	2021-07-23 09:23	Build2DID.exe 69dd97850f63fac1927313fb9983ab58 RAT BitCoin Generic Malware UPX AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	2		12.8		15	ZeroCERT

First
1
Last
Total : 5cnts