Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2021-11-05 09:23	kak.exe 3b25bb47c77da6404c1b75133ccf2b1f RAT Gen1 Gen2 Lazarus Family Emotet Trojan_PWS_Stealer Generic Malware Themida Packer UltraVNC Credential User Data Malicious Library UPX Malicious Packer ASPack Admin Tool (Sysinternals etc ...) Anti_VM Antivirus SQLite Cookie AntiDebug Ant Browser Info Stealer Malware download VirusTotal Malware AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios Detects VMWare Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk suspicious TLD sandbox evasion VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key crashed	69 Keyword trend analysis Info http://htagzdownload.pw/SaveData/SaveData.php?ezzabour=%7B%22NameOffer%22:%22BumperWw%22,%22ip%22:%22%22,%22country%22:%22KR%22,%22DateTime%22:%222021-11-05%2012:47%22,%22Device%22:%22TEST22-PC%22,%22PCName%22:%22test22%22,%22postcheck%22:%22False%22,%22tag%22:%22kenpachi2_lylaShare1_folderlyla1_foldershare_goodchannel_registry_goodchannel_installrox2_BumperWw%22,%22Os%22:%22WIN7%22,%22Browser%22:%22Internet%20explorer%22%7D http://www.hzradiant.com/askinstall42.exe - rule_id: 7569 http://www.hzradiant.com/askinstall42.exe http://eguntong.com/pub33.exe - rule_id: 7568 http://eguntong.com/pub33.exe http://dataonestorage.com/search_hyperfs_204.exe http://fouratlinks.com/Widgets/FolderShare.exe http://45.9.20.156/pub.php?pub=five http://fouratlinks.com/installpartners/ShareFolder.exe http://file.ekkggr3.com/lqosko/p18j/cust51.exe http://staticimg.youtuuee.com/api/fbtime - rule_id: 6464 http://212.192.241.15/service/communication.php http://45.133.1.182/proxies.txt - rule_id: 6139 http://fouratlinks.com/stockmerchandise/serious_punch_upd/HttpTwcyK3R6gQj7t7EY.exe http://186.2.171.3/seemorebty/il.php?e=jg1_1faf - rule_id: 4715 http://www.hzradiant.com/askhelp42/askinstall42.exe http://staticimg.youtuuee.com/api/?sid=578995&key=b4a44f7ae92b9b3dfe2bcb545627cb4d - rule_id: 5258 http://cloutingservicedb.su/campaign2/autosubplayer.exe http://212.192.241.15/base/api/statistics.php http://45.133.1.107/server.txt - rule_id: 7522 http://45.133.1.107/server.txt http://www.mrwenshen.com/askhelp59/askinstall59.exe http://fouratlinks.com/stockmerchandise/zillaCPM/r4XZt5MYHpEdcdmzqr2D.exe http://requestimedout.com/xenocrates/zoroaster http://www.mrwenshen.com/askinstall59.exe http://ip-api.com/json/ http://apps.identrust.com/roots/dstrootcax3.p7c http://privacytoolzfor-you6000.top/downloads/toolspab2.exe http://fouratlinks.com/stockmerchandise/total_out_hand/v8hBqWuKscbjZRqNatPw.exe http://212.192.241.15/base/api/getData.php http://www.google.com/ https://connectini.net/ip/check.php?duplicate=kenpachi2_registry_goodchannel_installrox2_BumperWw https://cdn.discordapp.com/attachments/891006172130345095/905726762028240896/4chee.bmp https://cdn.discordapp.com/attachments/891006172130345095/905797756076048394/IZI.bmp https://connectini.net/ip/check.php?duplicate=kenpachi2_non-search_goodchannel_lyloutta_Traffic https://dumancue.com/dd7c8e90c804f83b712eb175eb0daaef.exe https://cdn.discordapp.com/attachments/891006172130345095/905726625025511474/sloader0401.bmp https://d.gogamed.com/userhome/25/any.exe https://source3.boys4dayz.com/installer.exe https://ipinfo.io/widget https://iplogger.org/1Xxky7 https://www.listincode.com/ - rule_id: 2327 https://cdn.discordapp.com/attachments/893177342426509335/905791554113912932/uglinesses.jpg https://cdn.discordapp.com/attachments/891006172130345095/905757933961359380/wetsetup0401.bmp https://cdn.discordapp.com/attachments/891006172130345095/905917017234735184/Topov0402.bmp https://connectini.net/Series/kenpachi/2/goodchannel/KR.json - rule_id: 1972 https://connectini.net/ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_piyyyyWW https://cdn.discordapp.com/attachments/905701898806493199/905826613411864596/BumperWW.exe https://cdn.discordapp.com/attachments/891006172130345095/905857242451046431/CKBReFn.bmp https://iplogger.org/13LYu7 https://iplogger.org/1GWfv7 https://cdn.discordapp.com/attachments/891021838312931420/902505896159113296/PL_Client.bmp - rule_id: 7575 https://cdn.discordapp.com/attachments/891021838312931420/902505896159113296/PL_Client.bmp https://connectini.net/Series/SuperNitouDisc.php https://cdn.discordapp.com/attachments/896617596772839426/897483264074350653/Service.bmp https://cdn.discordapp.com/attachments/891006172130345095/905799227140083712/real0402.bmp https://connectini.net/S2S/Disc/Disc.php?ezok=folderlyla1&tesla=7 https://connectini.net/Series/configPoduct/2/goodchannel.json - rule_id: 1973 https://cdn.discordapp.com/attachments/905701898806493199/905894437480181790/Setup12.exe https://iplogger.org/12AVi7 https://litidack.com/af016c52b60489b5da52d037a2d6dd6b/dd7c8e90c804f83b712eb175eb0daaef.exe https://connectini.net/ip/check.php?duplicate=kenpachi2_registry_goodchannel_adxpertmedia_advancedmanager https://connectini.net/Series/Conumer4Publisher.php - rule_id: 1976 https://cdn.discordapp.com/attachments/891006172130345095/905750415910514738/5780_0401.bmp https://f.gogamef.com/userhome/25/1bec5879a5da641fb388046719b3c83e.exe https://cdn.discordapp.com/attachments/891006172130345095/905919347988508692/Passat0402.bmp https://connectini.net/Series/Conumer2kenpachi.php - rule_id: 1974 https://cdn.discordapp.com/attachments/891006172130345095/905393686618193921/help0301.bmp - rule_id: 7572 https://cdn.discordapp.com/attachments/891006172130345095/905393686618193921/help0301.bmp	78 Info fouratlinks.com(199.192.17.247) source3.boys4dayz.com(104.21.33.188) ipinfo.io(34.117.59.81) tambisup.com(91.206.15.183) - mailcious ip-api.com(208.95.112.1) apps.identrust.com(23.216.159.81) requestimedout.com(162.255.117.78) eguntong.com(194.87.185.127) www.hzradiant.com(194.163.158.120) t.gogamec.com(104.21.85.99) file.ekkggr3.com(172.67.162.110) - malware iplogger.org(88.99.66.31) - mailcious twitter.com(104.244.42.65) privacytoolzfor-you6000.top(5.8.76.207) cdn.discordapp.com(162.159.134.233) - malware telegram.org(149.154.167.99) www.mrwenshen.com(103.155.92.29) dumancue.com(172.67.134.37) el5en1977834657.s3.ap-south-1.amazonaws.com(52.219.158.22) www.listincode.com(149.28.253.196) - mailcious d.gogamed.com(104.21.59.236) yandex.ru(77.88.55.50) www.google.com(172.217.175.228) google.com(172.217.161.78) f.gogamef.com(172.67.136.94) htagzdownload.pw(35.205.61.67) connectini.net(162.0.210.44) - mailcious www.profitabletrustednetwork.com(192.243.59.12) - mailcious dataonestorage.com(45.142.182.152) - malware litidack.com(104.21.2.71) cloutingservicedb.su(104.21.39.127) staticimg.youtuuee.com(45.136.151.102) - mailcious 5.8.76.207 172.67.145.75 208.95.112.1 186.2.171.3 - mailcious 2.56.59.42 - mailcious 103.155.92.29 - malware 96.16.99.73 91.206.15.183 - mailcious 162.159.135.233 - malware 45.9.20.156 77.88.55.66 162.255.117.78 52.219.156.18 142.250.207.78 172.67.128.223 45.142.182.152 88.99.66.31 - mailcious 212.192.241.15 162.0.210.44 - mailcious 45.133.1.107 - malware 142.250.204.68 104.21.72.228 194.87.185.127 34.117.59.81 104.244.42.65 - suspicious 45.133.1.182 - malware 95.217.123.66 172.67.134.37 35.205.61.67 - mailcious 23.216.159.81 52.219.66.30 - malware 193.56.146.36 - malware 172.67.148.61 149.154.167.99 212.193.30.113 104.21.66.169 - malware 45.136.151.102 - mailcious 94.26.249.132 192.243.59.12 194.163.158.120 - malware 149.28.253.196 104.244.42.193 - suspicious 199.192.17.247 172.67.204.112 77.88.55.50 104.21.59.236	22 Info ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA Applayer Mismatch protocol both directions ET DNS Query to a .pw domain - Likely Hostile ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin ET INFO EXE - Served Attached HTTP ET INFO Packed Executable Download ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related ET INFO Executable Download from dotted-quad Host ET POLICY External IP Lookup ip-api.com ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET INFO HTTP Request to a .top domain ET DNS Query to a .top domain - Likely Hostile ET HUNTING Possible EXE Download From Suspicious TLD ET INFO TLS Handshake Failure ET INFO HTTP Request to a .pw domain ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin M2		25.2	M	45	ZeroCERT

First
1
Last
Total : 1cnts