Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2023-06-28 16:39	Lyla0627SetUp.exe 7a239c74c129efc307f98fd62a605bca RedLine stealer Themida Packer UPX Admin Tool (Sysinternals etc ...) Socket DNS Anti_VM AntiDebug AntiVM .NET EXE PE32 PE File PNG Format PE64 JPEG Format Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces AppData folder suspicious TLD VMware anti-virtualization installed browsers check Tofsee Interception Stealer Windows Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed	13 Keyword trend analysis Info https://dzen.ru/?yredirect=true https://yandex.ru/ https://sso.passport.yandex.ru/push?uuid=8d007376-d291-49ab-b013-d8dcbfea0326&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue http://tokoi45.beget.tech/server.txt http://tokoi45.beget.tech/server2.txt http://tokoi45.beget.tech/server1.txt http://allansworthng.com/1/data64_1.exe http://allansworthng.com/1/data64_2.exe http://allansworthng.com/1/data64_3.exe http://allansworthng.com/1/data64_4.exe http://allansworthng.com/1/data64_5.exe http://allansworthng.com/1/data64_6.exe http://allansworthng.com/webArg1.txt	13 Info allansworthng.com(108.178.17.142) - malware tokoi45.beget.tech(5.101.152.100) - mailcious iplogger.com(148.251.234.93) - mailcious yandex.ru(77.88.55.60) dzen.ru(62.217.160.2) sso.passport.yandex.ru(213.180.204.24) 108.178.17.142 - malware 213.180.204.24 148.251.234.93 - mailcious 168.119.239.218 - mailcious 5.101.152.100 - malware 62.217.160.2 5.255.255.77	4		20.8	M	23	ZeroCERT

First
1
Last
Total : 1cnts