Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2021-10-07 17:38	octane.exe d8667b25ba6dda415c8aae718dd4acbe UPX Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File PE32 Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName Remote Code Execution crashed	3 Keyword trend analysis Info https://20mqvq.am.files.1drv.com/y4mUh_YT7N5cZ_VtYj7gY-pLi8ax9qzfrx2nbGHZ7G1U61GzcbwSU8iAsSYmf4Jyh-cQD8gC5IsZXT3NdfbXn-6ClX-Ym5zGliSPzVI32b3Ew1iMIKynGYhOz3ZkIz5WXAhE2_-np3wFxBXD4vDAkYtjLc1gALD8fzAvwxJlIBUecmXh0qVBxg4N_dmmNtN--5J5Wmq0pbRBxhqaOq9fB_0Jg/Csigvgmrhqyzxcdrdqesimyzfccnhhv?download&psid=1 https://onedrive.live.com/download?cid=D6CD7BA665204307&resid=D6CD7BA665204307%21109&authkey=AMdOM29o41CbOZ0 https://20mqvq.am.files.1drv.com/y4mIICgczn0jQ6zC8-aw8Xb86SRr2CmJy2ooH9966h6ZkT_AUu9dtWSt-mU9kkZ3qd5cYMw79sssxrVislI6ELzqwRjOrwQJHO8jnXz0I3kSCIVfFNj6gKFnW6vIjjDV9UQRTSdfp0NjNpEqxAnPmZIKXsSVZyMp_epb-KQRwil_gw_dAONVvND-k4n11x4W_NJ4wPdBbVgnJrgcy3vmBGBCQ/Csigvgmrhqyzxcdrdqesimyzfccnhhv?download&psid=1	6	1		10.6	M	31	ZeroCERT

2	2021-10-07 11:10	vbc.exe 96bd7548ea9c202bf6add33886f45ddb UPX Malicious Library PE File PE32 FormBook Emotet Malware download VirusTotal Malware Buffer PE AutoRuns Code Injection Malicious Traffic buffers extracted Creates executable files ICMP traffic RWX flags setting unpack itself Tofsee Windows Remote Code Execution crashed	13 Keyword trend analysis Info http://www.moyue27.com/rqan/?ATRlddq=+TqAOEONCPJUJSnFrnPpRXI/OAAPmI2ScBE7Ik0F+IdHCDjx385zAg9GOBgk6UUD1+VchaMA&DxoTK=VDKTtFOxV2WL8tH http://www.haferssippe.quest/rqan/?ATRlddq=nFD+tckPtQIgQGQeciUNqkCJ8CDb8RQ3Hc2bC2BXacngwVvSVsoOUWgxvZcvhlu4kTcNykfE&DxoTK=VDKTtFOxV2WL8tH http://www.15dgj.xyz/rqan/?ATRlddq=L/JXrSYEbYVz+Zr+hdnNufTLXvurW4Cign4jUf9qCp/G8GoUAf71AaygvLGg/JPSI1lXLouM&DxoTK=VDKTtFOxV2WL8tH http://www.thelocksmithtradeshow.com/rqan/?ATRlddq=l024+3ZD/MMtYAimPvceCx2mX2pxaBq1zlsxSU83YzhgdyxMZckScAoxySy9Gng2X/4IOs9V&DxoTK=VDKTtFOxV2WL8tH http://www.claggs.com/rqan/?ATRlddq=8qJ/WnfN2Dsdt3vQdCIYENwUXvQ2fP0y4NNfqJHjhObiKvv0YjB/Xn2+M1Rdb7LfvORaQTC7&DxoTK=VDKTtFOxV2WL8tH http://www.buratacoin.com/rqan/?ATRlddq=Jt/jULqvuHmFHTQHoInL/hgvG9NOCzgC+ifeqw8dEamPSAWqFa2LRIXLynF/lbhL2qE+xTiF&DxoTK=VDKTtFOxV2WL8tH http://www.abasketofwords.com/rqan/?ATRlddq=+S1kQ2PT5fjUCuwrbY1xCKK84VEzmjTIH4aw6YwLG0KBcWdxm+CFKoDK+Dq48ZQ8nc9VjOLV&DxoTK=VDKTtFOxV2WL8tH http://www.tokofebri.store/rqan/?ATRlddq=bkTXLZuWQMSQcwGJ7R0aOlt20uLYpPHtJJJLiW4usy6BqC1mRs4efAWLwAB/Z2acqV9T3m6J&DxoTK=VDKTtFOxV2WL8tH http://www.comercialjyv.com/rqan/?ATRlddq=Rtey7j6o/6NPBerA7EpwrG4H/co8GZ/3Plt045JmCspN4s9ulysKZ35pRYVs1dFdUUjH8mSJ&DxoTK=VDKTtFOxV2WL8tH http://www.marionkgregory.store/rqan/?ATRlddq=VNXAiSIfyRM8OhL2EWzAO1fi5NRrcw8msq2SrTaCNLqA/2hjQ8/reY1ha2pEjv6UWdZEd9WI&DxoTK=VDKTtFOxV2WL8tH https://5wzqug.am.files.1drv.com/y4mTZZw0eJpvhrmvXl_fo8anex-VNAuRJCgRkrJiCNfKEseve3BiEFE0eVrSult2T8e-jsKcLLJgywa69qFWouFk89DWCXtzQt_ietEzDP5cA6NBC0v5YeBT1NjCuh6NQ1_d9TqoU13RPK4oy5WmF4pXBJK8fbVWmuW-QNz1cF84zYNnJ_wsTCUdwUwDqhVuYLppy7o583rgdrZxaPalaGakA/Voutohtjmdjzsdtpvrgxomfqdmmrfda?download&psid=1 https://5wzqug.am.files.1drv.com/y4m6VJMWw0J61zJl2alhe5XVS_0tMm5H1tpXUlMZ-KmfdjLNElLVJVahAIukV4I4W4pwo_Rbp9D91qN0jJu0fvZ0sklmnqovdV8ZXHIlovbK-aiBqeWkmenc-W5xgmvS1o9U_Bf1dUERlx2YbjpXTQx2qX4xLeVpcbuSiwnXqbTfZ8_rwlXMjEXBWEnFCMHQy1h01hEg4bo48fz9HjCTfV7zA/Voutohtjmdjzsdtpvrgxomfqdmmrfda?download&psid=1 https://onedrive.live.com/download?cid=4697057C65B5346F&resid=4697057C65B5346F%21536&authkey=AASDOjncAUJWfks	24 Info www.15dgj.xyz(23.224.235.100) onedrive.live.com(13.107.42.13) - mailcious 5wzqug.am.files.1drv.com(13.107.42.12) www.haferssippe.quest(37.123.118.150) www.claggs.com(34.102.136.180) www.cambabez.xyz() www.tokofebri.store(216.58.220.115) www.thelocksmithtradeshow.com(34.102.136.180) www.marionkgregory.store(172.67.153.94) www.sergomosta.com() www.moyue27.com(34.102.136.180) www.comercialjyv.com(166.62.110.60) www.abasketofwords.com(118.27.122.216) www.buratacoin.com(54.39.107.28) 54.39.107.28 37.123.118.150 - mailcious 142.250.157.121 13.107.42.13 - mailcious 13.107.42.12 - malware 104.21.88.208 34.102.136.180 - mailcious 118.27.122.216 23.224.235.100 166.62.110.60 - phishing	3		9.4	M	21	ZeroCERT

3	2021-08-10 17:52	bank.exe e92cb564767afb2d59b12ecfc97ed86a UPX Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File PE32 Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName	3 Keyword trend analysis Info https://apv5oq.sn.files.1drv.com/y4muXeUmSOr2eA8OAZv22ApcwBCduBInlnDD_iP2ohqHowwtZcujQFarcs7juK_0mSRbt6MJSbKteWevTHBIgiv6lJwPrMTfvY1ZebPr11dv0Jj63I1RU3a9kMWmQKSmYqgZFh1LLe2fAR8EZ-z8j-pWLadKuq6Z3fIVgXk84emHccp7oVXqMPta0w5zmX9fkWNqjQ12SMYb696eSzEeW3MLQ/Yjjdwkjkodghbmfmluytpeybrgxrlom?download&psid=1 https://onedrive.live.com/download?cid=D6676A9A61E841F3&resid=D6676A9A61E841F3%21117&authkey=ALEWR7_oFnUkSBQ https://apv5oq.sn.files.1drv.com/y4mqtDxi_yjQqMj7aLneNR5K2ag2n6a9B3s2vsguKxD6cq_pEbf-AoBavtlpqHoxXjnVTTRodHYAyAVwV2qMV3yT9FJF0ReIQscZaXQGrtQ_Qo0ZTxor0a01qx5w-nMorDgI-I4bWaoFPlMR2GfVgFSbCIl6ErQU5_nxjDMV0u2rSp5S7Vf6y3eFgoL5jbcc9J171z-sNGiboKZE27hENWiuQ/Yjjdwkjkodghbmfmluytpeybrgxrlom?download&psid=1	6	1		10.4	M	34	ZeroCERT

4	2021-08-09 23:28	vbc.exe 2388f7145e8227797c2f91591d6dcedd UPX Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File PE32 FormBook Emotet Malware download VirusTotal Malware Buffer PE AutoRuns Code Injection Malicious Traffic buffers extracted Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName	9 Keyword trend analysis Info http://www.vavasoo.com/6mam/?QV2x=WV483Zph9XMhr2T&EnLl8PgP=L6FmBYjw7cVSaM7tjd7yzq8hOevfuspHLpfdDnc52TruiYexi+NazlV02JBIGq337vnCCtcu http://www.marcuslafond.com/6mam/?QV2x=WV483Zph9XMhr2T&EnLl8PgP=DiI3F0Ylam/cMh+wU0CjHhRfuntJ8nyjZcT4nMx9uSVUWqMW4wZqmzUPNc4P48XCZ8APIRdm - rule_id: 3895 http://www.fanbase.fan/6mam/?EnLl8PgP=9d5C1xs5i//XDxr4dB0bA7JyBPYNineSxbWNYqwR1mLnXlE7iqxwCfAfIH0GmtdYbidcrtDB&QV2x=WV483Zph9XMhr2T - rule_id: 3780 http://www.qvcrx.com/6mam/?QV2x=WV483Zph9XMhr2T&EnLl8PgP=aWN5x0Kp8xBtGX2Q76RjnXBpBhNLN34ywNRINkcd4snySO79CQb6y+64KWnJz4+Hsozeu18e http://www.mobiessence.com/6mam/?QV2x=WV483Zph9XMhr2T&EnLl8PgP=KE8gpfUGztMVNWKMFV5goIwNmc44LE6Oi+XDAS05rkp2RTHle1NPjBrPfhHuDJ31Wqk/Ne1S - rule_id: 3578 http://www.moneyfollowsaction.com/6mam/?EnLl8PgP=zGPdt6Y6U6BF0n0EiNB1H9jn1sJuxPe97d1XCx7HLaEBeIzn3US5NFdVnP0bl0oZHcuqZOwN&QV2x=WV483Zph9XMhr2T https://pxoeww.sn.files.1drv.com/y4mfys91LxjhSgYLNLs8DTyAJNuqgNwqUvMV35hzbt2FMd1aSdw_v3L0s4eHyhWucn29tnxc01rF4r4HnDL06sbn66hVOxngIGgd-NliWTZJ-zoSE0bGb-IxSbgTC47i8ygSO02R2DTsciSPtXOREPf6lMUHaJ2v5y6kAVnfclQ3BJnS0uaQCVQYN5_cddF71w1ZIr-3TlCc6nyIKEHVzBFBw/Tiidiqvnvgasgxkjidrcwjirjtqrlwb?download&psid=1 https://onedrive.live.com/download?cid=7AD84143EE0A85E3&resid=7AD84143EE0A85E3%21118&authkey=AEV8YfGHi3KOjl4 https://pxoeww.sn.files.1drv.com/y4mqPLRcV-rNPXpELmYtACxBZSaILkWJm5_ARd0rN-xrBkgltEQ-sbCNiWxYg26M5_5GmVWDMCuIWYMQ_2K_c84NqX-YiiJRarP5lJNBIKamqZFR3-75JOmQTiHZNP1pTE52qeCFywjIytWQj96NNbmx7K5WwG1GmfD-SFREOh44vuI4FI54H06d_H8-dMqAyCZlUsxkFlPXyirZkwovJe0og/Tiidiqvnvgasgxkjidrcwjirjtqrlwb?download&psid=1	22 Info pxoeww.sn.files.1drv.com(13.107.42.12) onedrive.live.com(13.107.42.13) - mailcious www.moneyfollowsaction.com(198.54.117.217) www.mobiessence.com(52.58.78.16) www.vavasoo.com(64.190.62.111) www.mayartpaints.com(192.155.172.18) - mailcious www.paypalticket5396173.info() - mailcious www.marcuslafond.com(104.247.218.105) www.freehypnosisevent.com() - mailcious www.ramseybusinessinstitute.info() www.fanbase.fan(34.102.136.180) www.titanusedcarsworth.com() - mailcious www.qvcrx.com(91.195.240.94) 104.247.218.105 - mailcious 198.54.117.212 - mailcious 91.195.240.94 - phishing 52.58.78.16 - mailcious 13.107.42.13 - mailcious 13.107.42.12 - malware 192.155.172.18 - mailcious 34.102.136.180 - mailcious 64.190.62.111 - mailcious	2	3	11.6	M	12	ZeroCERT

First
1
Last
Total : 4cnts