Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2021-09-05 15:23	210820082.exe aa9f4e6bb6c363e6384b518aea031016 Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows Cryptographic key					5.6		44	Kim.GS

2	2021-08-21 09:04	bin.exe 14035831d9b086963a7ab5d7fef18c6a Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key	7 Keyword trend analysis Info http://www.theredcymbalsco.com/n8ba/?qFN46FS8=9vokcWjtebBvVvQIm09VADFSZD35cLZafvs2RAD44ecvqP5w34gv75tdUdLM9TjFHQmC7+ER&zL08l=ejlHZpnp-0w8cX - rule_id: 4155 http://www.mtsnurulislamsby.com/n8ba/?qFN46FS8=S2NOBXxc9KVG355n/GTqJZ9TvZOj5eG5l/TRE661pXEkyU1xrLeeXx7YcLg8bxWnJIvn4GX8&zL08l=ejlHZpnp-0w8cX http://www.lovebirdsgifts.com/n8ba/?qFN46FS8=oiX0BtPaohd4yUWgi2fqZtos1OZweULA7b8umTfs2FuW0w1nHJyzCnpMFCunVwxOw3eqbn8k&zL08l=ejlHZpnp-0w8cX - rule_id: 4153 http://www.2020coaches.com/n8ba/?qFN46FS8=NxzbwTfN74Qr0N9aBkXP6mlceM3BY6ydPowPg7M1Vpps+oNpFl450TWD3FC8MDJ/A390J+Rd&zL08l=ejlHZpnp-0w8cX http://www.narrowpathwc.com/n8ba/?qFN46FS8=RqoVB/kTevwYNrpQ68VGCKAD0SwVXhGBA25gncTDeHVSc/TtzgJJgXlZbrh2RaVrYM4D7bqC&zL08l=ejlHZpnp-0w8cX - rule_id: 4154 http://www.77k6tgikpbs39.net/n8ba/?qFN46FS8=RtTzTU3TYCJ9InQDD9LSAzrYY/u3W4uB/I26NcaQBFhoVTbvwK5wRjd6LNsy02kDp7Xu5STA&zL08l=ejlHZpnp-0w8cX - rule_id: 4156 http://www.rrinuwsq643do2.xyz/n8ba/?qFN46FS8=Kggo6N8ytGdENgV+RTl9vbd401xWHVMgNTt/nC5HO7MaxCAqlUcE2D/jOlYaIwQzO1aToKWd&zL08l=ejlHZpnp-0w8cX	17 Info www.shopliyonamaaghin.net() - mailcious www.lostbikeproject.com() - mailcious www.mtsnurulislamsby.com(209.99.40.222) www.77k6tgikpbs39.net(103.120.14.183) www.aprendelspr.com() www.rrinuwsq643do2.xyz(49.156.179.85) www.lovebirdsgifts.com(23.227.38.74) www.theredcymbalsco.com(184.168.131.241) www.narrowpathwc.com(182.50.132.242) www.2020coaches.com(34.102.136.180) 184.168.131.241 - mailcious 209.99.40.222 - mailcious 34.102.136.180 - mailcious 49.156.179.85 103.120.14.170 182.50.132.242 - mailcious 23.227.38.74 - mailcious	3	4	10.6	M	34	ZeroCERT

3	2021-08-20 16:15	.dllhost.exe 2d7c454c7dc1b5a3222cb313e46cb031 Loki PWS Loki[b] Loki.m Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Cryptographic key Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	12.6	M	18	guest

First
1
Last
Total : 3cnts