Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2023-06-29 17:07	Bar0628.exe 0afd8fcf4215d384ac328f01125c3d5c RedLine stealer Themida Packer UPX Socket DNS AntiDebug AntiVM .NET EXE PE File PE32 PNG Format PE64 JPEG Format Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces AppData folder VMware anti-virtualization installed browsers check Tofsee Interception Stealer Windows Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed	13 Keyword trend analysis Info https://sso.passport.yandex.ru/push?uuid=85d50709-205d-41dd-abfd-712b81bf467c&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue https://dzen.ru/?yredirect=true https://yandex.ru/ http://tokoi45.beget.tech/server.txt http://tokoi45.beget.tech/server1.txt http://tokoi45.beget.tech/server2.txt https://formacioncontinua.com.mx/2/data64_1.exe https://formacioncontinua.com.mx/2/data64_2.exe https://formacioncontinua.com.mx/2/data64_3.exe https://formacioncontinua.com.mx/2/data64_4.exe https://formacioncontinua.com.mx/2/data64_5.exe https://formacioncontinua.com.mx/2/data64_6.exe https://formacioncontinua.com.mx/webArg2.txt	13 Info formacioncontinua.com.mx(66.225.201.117) tokoi45.beget.tech(5.101.152.100) - mailcious iplogger.com(148.251.234.93) - mailcious yandex.ru(77.88.55.60) dzen.ru(62.217.160.2) sso.passport.yandex.ru(213.180.204.24) 213.180.204.24 148.251.234.93 - mailcious 168.119.239.218 - mailcious 5.101.152.100 - malware 77.88.55.88 66.225.201.117 - mailcious 62.217.160.2	4		20.2	M	21	ZeroCERT

First
1
Last
Total : 1cnts