Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2022-05-25 09:41	haitianzx.exe fae9f5c20ea03843c1df7f5812ba9b0a PWS[m] SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					9.0	M	21	ZeroCERT

2	2022-03-14 09:34	mpomzx.exe e31a855d80f25a0e2773816c7ca9e248 PWS Loki[b] Loki.m RAT .NET framework Gen1 Gen2 Malicious Library UPX Malicious Packer Socket Http API DNS Internet API HTTP KeyLogger ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Azorult VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder malicious URLs sandbox evasion anti-virtualization installed browsers check Ransomware Zeus Browser Email ComputerName DNS Software	1 Keyword trend analysis	1	3		15.8	M	26	ZeroCERT

3	2022-02-10 21:52	brownzx.exe 43f96296c945462b8210bf8aec9eb73b RAT PWS .NET framework Generic Malware DNS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed					8.8	M	27	ZeroCERT

4	2022-02-10 21:47	blessedzx.exe fb1d1dd02cea10ad0c2dfc967fc233bf RAT PWS .NET framework Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	6 Keyword trend analysis Info http://www.thecalminglounge.com/c0a7/?u6Ad=a108liFmaMzN7wjexxhEz+Y371pg1QH2DIpZminE7ODTwh8+USwS3gAgwv/kPbbsGR1fpwTh&9rQ83F=xPJtLn48 http://www.dpluspizza1.com/c0a7/?u6Ad=Rdh1ihahUfyRbOttcuGsiHUUrjyLemfw2HIKpQWzu53qcq5pfLSMnHbCoN94QUWzmaNyEGSz&9rQ83F=xPJtLn48 http://www.knapsack.graphics/c0a7/?u6Ad=Z9NFWrhuC+4Id2bymRvHLobpAa+3VSF6r7eylYtnSDecvwW0zrngaj5b/x8fhYjKkKa1L7mD&9rQ83F=xPJtLn48 http://www.mashaalfashion.com/c0a7/?u6Ad=lKFzTZ8TDsTZHsuh/89eNUPJ8ruLlX64oEuo0voZA3PD4p2H9rBCziR+ZD+P+H01XBoq/NI2&9rQ83F=xPJtLn48 http://www.viaggidafare.com/c0a7/?u6Ad=DCdgvR3Kh9zoHvtnUAyLnsHhScFivf4y9WVvU3HXhDNv9BuT7sbGIt96s+lDu0CgnBPClMHG&9rQ83F=xPJtLn48 http://www.nicprgas.com/c0a7/?u6Ad=y0AHRBlRbkyatFWFMh9d4bYN4iVjn311hbosWuDlxrSTbZHWXSFlmkShXGs7kfk1VSjYLpUk&9rQ83F=xPJtLn48	13 Info www.knapsack.graphics(199.36.158.100) www.dpluspizza1.com(172.105.17.28) www.nicprgas.com(35.186.238.101) www.sydneycarsales.net() www.thecalminglounge.com(23.227.38.74) www.mashaalfashion.com(23.227.38.74) www.dometodd.com() www.viaggidafare.com(172.67.209.163) 35.186.238.101 - mailcious 199.36.158.100 - phishing 172.105.17.28 23.227.38.74 - mailcious 172.67.209.163			9.0	M	26	ZeroCERT

5	2022-02-03 11:43	giftzx.exe 611e2838acaba7b86ed0f40c3d0c81fb PWS .NET framework Generic Malware Anti_VM SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed					9.0	M	21	ZeroCERT

First
1
Last
Total : 5cnts