Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2021-08-05 10:16	gun-4.exe 3bba9f210c742796887179a14acfca42 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key					8.6	M	31	ZeroCERT

2	2021-08-05 10:04	vbc.exe 4ebdb80a36728294c6086c4ed91605b0 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key	12 Keyword trend analysis Info http://www.mobiessence.com/6mam/?s0=KE8gpfUGztMVNWKMFV5goIwNmc44LE6Oi+XDAS05rkp2RTHle1NPjBrPfhHuDJ31Wqk/Ne1S&CZ=7nH8XRk - rule_id: 3578 http://www.mobiessence.com/6mam/ - rule_id: 3578 http://www.bransolute.com/6mam/?s0=3lOIhqUq6P+U3Pv+KiDZArCwgFDmfekdTy2Nm2rSf3PvYUYfwCDamY7ww9DFIoj1y02HC7Ks&CZ=7nH8XRk - rule_id: 3581 http://www.annettebrownlee.com/6mam/?s0=Ha/mqQzo1OymR3PjStfn+lIoGvmqdNIZRSzA7EGDhkCDDPdeV8pHgJAz15x41PetfVMQIZVa&CZ=7nH8XRk - rule_id: 3579 http://www.schoolfrontoffice.com/6mam/?s0=44unMI1SijcIMv+N8WCIjTNIPpmavX0UQRjroN+fGhmCyiukZbvVPaBMPWfnclalAqceBNWz&CZ=7nH8XRk http://www.annettebrownlee.com/6mam/ - rule_id: 3579 http://www.fanbase.fan/6mam/ http://www.fanbase.fan/6mam/?s0=9d5C1xs5i//XDxr4dB0bA7JyBPYNineSxbWNYqwR1mLnXlE7iqxwCfAfIH0GmtdYbidcrtDB&CZ=7nH8XRk http://www.maximos.world/6mam/ http://www.bransolute.com/6mam/ - rule_id: 3581 http://www.schoolfrontoffice.com/6mam/ http://www.maximos.world/6mam/?s0=1a5QnJIXHWQb2gghw5aLRRgFP80dKh9Fg4OBHx9jqqG7vx0A8u6epTP2d4hNvGeyhllgiJAB&CZ=7nH8XRk	14 Info www.mobiessence.com(52.58.78.16) www.mayartpaints.com(192.155.172.18) www.maximos.world(23.227.38.74) www.fanbase.fan(34.102.136.180) www.schoolfrontoffice.com(34.102.136.180) www.candlewooddmc.com() www.annettebrownlee.com(159.203.181.190) www.bransolute.com(192.185.236.169) 192.185.236.169 - mailcious 52.58.78.16 - mailcious 192.155.172.18 159.203.181.190 - mailcious 34.102.136.180 - mailcious 23.227.38.74 - mailcious	3	6	9.8	M	30	ZeroCERT

3	2021-08-05 09:56	blaqzx.exe d39308847edb6c582c8e5ae9f625c004 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed		1			9.6	M	26	ZeroCERT

4	2021-08-05 09:51	assadzx.exe 61eb9d05a7a2dad154f0e0f92b16205d PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) Socket Escalate priviledges KeyLogger Code injection HTTP Internet API ScreenShot Http API AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious process AppData folder AntiVM_Disk sandbox evasion VM Disk Size Check Windows Browser Email ComputerName Cryptographic key					12.6	M	21	ZeroCERT

First
1
Last
Total : 4cnts