Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2023-06-08 09:21	combo.exe f693e2f2661b6e5824ccd29e5ba58bb6 PWS .NET framework RAT Downloader Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenShot AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Report Cryptocurrency wallets Cryptocurrency Telegram AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder WriteConsoleW IP Check Tofsee Ransomware WhiteSnake Stealer Windows Browser Email ComputerName DNS Software	8 Keyword trend analysis Info http://ip-api.com/line?fields=query,country http://129.151.210.129:8082/FMARE_test22%40TEST22-PC_report.wsr http://138.201.197.74:8080/FMARE_test22%40TEST22-PC_report.wsr http://apps.identrust.com/roots/dstrootcax3.p7c http://5.181.12.94/FMARE_test22%40TEST22-PC_report.wsr http://129.151.210.129:8082/pHCVP_test22%40TEST22-PC_report.wsr http://x1.i.lencr.org/ http://r3.i.lencr.org/	17 Info api.telegram.org(149.154.167.220) archive.torproject.org(159.69.63.226) x1.i.lencr.org(104.76.70.102) ip-api.com(208.95.112.1) r3.i.lencr.org(104.76.70.102) 104.76.70.102 167.86.115.218 65.21.49.163 61.111.58.40 149.154.167.220 185.189.159.121 159.69.63.226 138.201.197.74 208.95.112.1 5.181.12.94 129.151.210.129 89.46.80.136	6 Info ET HUNTING Telegram API Domain in DNS Lookup ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] WhiteSnake Stealer Reporting Request (Outbound) ET POLICY External IP Lookup ip-api.com		14.8	M	49	ZeroCERT

2	2023-05-03 09:00	IMG_5435.exe 3121ecc67e64fdf65b2b3c9f5966ed11 PWS .NET framework RAT .NET EXE PE32 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee		2	1		2.6		44	guest

3	2023-05-02 09:19	IMG_5435.exe 3121ecc67e64fdf65b2b3c9f5966ed11 PWS .NET framework RAT .NET EXE PE32 PE File VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee	1 Keyword trend analysis	6	1		3.8		44	ZeroCERT

4	2023-04-03 16:45	build69.exe cb1ca4cee1049ab33d16bf76eb56a24f PWS .NET framework RAT .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself ComputerName					2.2	M	42	ZeroCERT

5	2023-03-29 17:42	buildjack.exe 10f57aeea7d69c1fd26302daea446d8d PWS .NET framework RAT .NET EXE PE32 PE File Browser Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency Telegram Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Browser ComputerName DNS	1 Keyword trend analysis	4	5		5.2	M	45	ZeroCERT

First
1
Last
Total : 5cnts