Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2021-10-14 16:54	Ord20211310570045368964AL.exe 0cb1c28aaae7fb100c41281e5c9b6c2b RAT PWS .NET framework Generic Malware task schedule Antivirus AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key DDNS		2	1		12.4		10	ZeroCERT

2	2021-10-14 16:53	Ord20211310570045368963AC.exe f6fde8532e45bb49f3220e64c10d11a1 RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself	5 Keyword trend analysis Info http://www.partnerbebefits.com/gab8/?GPJ=V0qvKrnMUJDi81wWgfCGXFlKI9Inm7hsI52w8XiW782EdtYgyy70qnkOHaG3FEy6fk+0RrrY&oX=Txo8nZfhzrhh http://www.boraeresici.com/gab8/?GPJ=C6SAXr8o/G/VasXP2qBsDB1rn5jVEpLr3WZGajDPG/enBmYnBlFkkW82TIheSrxSSIWa+io/&oX=Txo8nZfhzrhh http://www.royzoom.com/gab8/?GPJ=ZIawR5WdNK8LsYg64y/ZuRppdufcVyCLEEhqXcgQhf+tR4phV0yge9w0mkSWMgIPzVTRYdnK&oX=Txo8nZfhzrhh http://www.happyklikshop.com/gab8/?GPJ=mENu3k3BXCWZ2Tc/aQbax23yXM1wufSrwsbmwarZbMNjditOASquAUrBwrS1LEID6g38HMxw&oX=Txo8nZfhzrhh http://www.aucoeurducadeau.com/gab8/?GPJ=5qlSZ+6CVF2mMX6CKg0IqzY1EC3Y5wWy7JN18ATTVTS3aqcQwyHFrUSTTu0cVUImGKaDUota&oX=Txo8nZfhzrhh	13 Info www.boraeresici.com(92.223.73.24) www.royzoom.com(184.168.131.241) www.aucoeurducadeau.com(213.186.33.5) www.fullamodatoptan.com() www.happyklikshop.com(109.106.253.204) www.babyfloki.tech() www.schnurrgallery.com() www.partnerbebefits.com(103.224.182.242) 184.168.131.241 - mailcious 213.186.33.5 - mailcious 109.106.253.204 92.223.73.24 103.224.182.242 - phishing	2		8.6		10	ZeroCERT

First
1
Last
Total : 2cnts