Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2022-05-10 18:13	IE.exe 59aa84cf2e843581002f74710e77dc9e RAT UPX WinRAR Malicious Library AntiDebug AntiVM PE32 OS Processor Check PE File .NET EXE PE64 VirusTotal Malware PDB MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files Windows utilities Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName Remote Code Execution	8 Keyword trend analysis	2	1		7.4	M	50	ZeroCERT

2	2022-05-02 09:13	IE.exe d55af7419949eb1630bf0e6b3684166e PWS[m] Gen1 RAT Cryptocurrency Miner Generic Malware task schedule CoinHive Cryptocurrency UPX WinRAR Malicious Library Malicious Packer Antivirus Anti_VM Create Service DGA Socket ScreenShot DNS Internet API Code injection Sniff Audio HTTP Steal credenti VirusTotal Cryptocurrency Miner Malware VBScript Cryptocurrency AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI wscript.exe payload download Creates shortcut Creates executable files unpack itself Windows utilities Auto service Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check Tofsee Windows Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key DDNS crashed Dropper CoinMiner	5 Keyword trend analysis	74 Info muslada2251.myvnc.com() marena9201.3utilities.com() niogem1171.servemp3.com() niogem1171.servepics.com() muslada2251.ddnsking.com(0.0.0.0) - mailcious niogem1171.viewdns.net() muslada2251.3utilities.com(3.1.85.243) muslada2251.servequake.com() muslada2251.serveirc.com() marena9201.gotdns.ch() muslada2251.sytes.net() muslada2251.servegame.com() niogem1171.freedynamicdns.net(0.0.0.0) - mailcious muslada2251.redirectme.net() muslada2251.onthewifi.com() rinot972.ddnsking.com(41.103.107.68) niogem1171.redirectme.net() pool.hashvault.pro(131.153.76.130) - mailcious marena9201.ddnsking.com() muslada2251.viewdns.net() marena9201.bounceme.net() muslada2251.servemp3.com() niogem1171.3utilities.com(0.0.0.0) - mailcious niogem1171.serveirc.com() muslada2251.servehalflife.com() niogem1171.ddnsking.com(0.0.0.0) - mailcious niogem1171.hopto.org(0.0.0.0) niogem1171.myftp.org(0.0.0.0) marena9201.freedynamicdns.net() marena9201.freedynamicdns.org() niogem1171.gotdns.ch(0.0.0.0) muslada2251.myftp.org() muslada2251.hopto.org() niogem1171.servebeer.com() niogem1171.webhop.me(0.0.0.0) pastebin.com(104.20.68.143) - mailcious muslada2251.servehttp.com() muslada2251.ddns.net() - mailcious muslada2251.serveblog.net() muslada2251.webhop.me() niogem1171.zapto.org(0.0.0.0) muslada2251.servebeer.com() niogem1171.serveftp.com() niogem1171.ddns.net() - mailcious niogem1171.onthewifi.com() niogem1171.freedynamicdns.org(3.1.85.243) - mailcious niogem1171.servehttp.com() muslada2251.serveminecraft.net() muslada2251.bounceme.net() niogem1171.servegame.com() muslada2251.serveftp.com() niogem1171.bounceme.net(0.0.0.0) - mailcious marena9201.ddns.net() niogem1171.myftp.biz(0.0.0.0) niogem1171.sytes.net() rinot972.ddns.net() muslada2251.gotdns.ch() muslada2251.freedynamicdns.org() muslada2251.myftp.biz() muslada2251.servecounterstrike.com() niogem1171.servequake.com() niogem1171.serveblog.net(0.0.0.0) muslada2251.freedynamicdns.net() muslada2251.servepics.com() muslada2251.zapto.org() niogem1171.servecounterstrike.com() niogem1171.serveminecraft.net() niogem1171.servehalflife.com() niogem1171.myvnc.com(0.0.0.0) 3.1.85.243 41.103.107.68 54.254.238.33 - malware 104.20.67.143 - mailcious 131.153.76.130 - mailcious	32 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET POLICY DNS Query to DynDNS Domain .ddns .net ET POLICY DNS Query to DynDNS Domain .3utilities .com ET POLICY DNS Query to DynDNS Domain .ddnsking .com ET POLICY DNS Query to DynDNS Domain .bounceme .net ET POLICY DNS Query to DynDNS Domain .freedynamicdns .org ET POLICY DNS Query to DynDNS Domain .myftp .org ET POLICY DNS Query to DynDNS Domain .onthewifi .com ET POLICY DNS Query to DynDNS Domain .servegame .com ET POLICY DNS Query to DynDNS Domain .viewdns .net ET POLICY DNS Query to DynDNS Domain .serveftp .com ET POLICY DNS Query to DynDNS Domain .servehttp .com ET POLICY DNS Query to DynDNS Domain .servehalflife .com ET POLICY DNS Query to DynDNS Domain .serveminecraft .net ET POLICY DNS Query to DynDNS Domain .zapto .org ET POLICY DNS Query to DynDNS Domain .freedynamicdns .net ET POLICY DNS Query to DynDNS Domain .redirectme .net ET POLICY DNS Query to DynDNS Domain .serveblog .net ET POLICY DNS Query to DynDNS Domain .servecounterstrike .com ET POLICY DNS Query to DynDNS Domain .servemp3 .com ET POLICY DNS Query to DynDNS Domain .servepics .com ET POLICY DNS Query to DynDNS Domain .hopto .org ET INFO DYNAMIC_DNS Query to a Suspicious .myftp.biz Domain ET INFO Observed DNS Query to .biz TLD ET POLICY DNS Query to DynDNS Domain .serveirc .com ET POLICY DNS Query to DynDNS Domain .myvnc .com ET POLICY DNS Query to DynDNS Domain .servebeer .com ET POLICY DNS Query to DynDNS Domain .servequake .com ET POLICY DNS Query to DynDNS Domain *.webhop .me ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)		10.0	M	47	ZeroCERT

3	2021-04-12 11:13	IE.exe 89239d803d0a9f3cfce0cd45e9b78b61 AsyncRAT backdoor njRAT Antivirus Gen1 VirusTotal Cryptocurrency Miner Malware VBScript Cryptocurrency powershell AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI wscript.exe payload download Creates shortcut Creates executable files unpack itself Windows utilities Auto service Check virtual network interfaces suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check Windows Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key DDNS crashed Downloader Dropper	10 Keyword trend analysis Info http://niogem1171.freedynamicdns.org:16039/is-ready http://muslada2251.ddnsking.com:16020/is-ready https://pastebin.com/raw/nEZ87Pwx http://niogem1171.ddns.net:16039/is-ready http://niogem1171.ddnsking.com:16039/is-ready http://niogem1171.3utilities.com:16039/is-ready http://niogem1171.bounceme.net:16039/is-ready http://niogem1171.freedynamicdns.net:16039/is-ready http://niogem1171.freedynamicdns.org:16039/is-ready http://muslada2251.ddns.net:16020/is-ready http://muslada2251.ddnsking.com:16020/is-ready	15 Info muslada2251.ddns.net() niogem1171.3utilities.com(0.0.0.0) pool.hashvault.pro(131.153.159.26) - mailcious niogem1171.ddnsking.com() niogem1171.ddns.net() niogem1171.freedynamicdns.net() niogem1171.freedynamicdns.org(193.218.118.85) pastebin.com(104.23.98.190) - mailcious muslada2251.ddnsking.com(193.218.118.85) niogem117.soon.it(193.218.118.85) - mailcious niogem1171.bounceme.net() 34.126.93.163 - malware 104.23.98.190 - mailcious 193.218.118.85 - mailcious 131.153.76.130			10.0	M	53	ZeroCERT

First
1
Last
Total : 3cnts