Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2023-10-16 12:55	gate4.exe 5c6b1ca0336366662d0f444e01f96a3a PrivateLoader RedLine stealer Themida Packer Generic Malware UPX Malicious Library VMProtect ScreenShot PWS Socket DGA Http API DNS Internet API SMTP Anti_VM AntiDebug AntiVM PE File PE64 PE32 ZIP Format DLL OS Processor Check PNG Format Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Microsoft Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder malicious URLs AntiVM_Disk suspicious TLD sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check installed browsers check PrivateLoader Tofsee Ransomware Stealer Windows Update Browser RisePro Email ComputerName Remote Code Execution DNS Cryptographic key Software crashed	35 Keyword trend analysis Info http://94.142.138.131/api/firegate.php - rule_id: 32650 http://45.15.156.229/api/firegate.php - rule_id: 36052 http://171.22.28.226/download/Services.exe - rule_id: 37064 http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://194.169.175.232/autorun.exe - rule_id: 36817 http://171.22.28.226/download/WWW14_64.exe - rule_id: 36907 http://45.9.74.80/zinda.exe - rule_id: 37063 http://193.42.32.118/api/firecom.php - rule_id: 36700 http://94.142.138.131/api/tracemap.php - rule_id: 28311 http://193.42.32.118/api/tracemap.php - rule_id: 36180 http://www.maxmind.com/geoip/v2.1/city/me http://77.91.68.249/navi/kur90.exe - rule_id: 37069 https://sun6-20.userapi.com/c909418/u52355237/docs/d49/167def964d1d/Bot_Clien.bmp?extra=u226KRhFNKTwHJMooCCPzPmniPztLgViu_UdzG-VjX2Hdo2VQ_csORN4_Q0LZziy1wB-axwEO9JNYx174ntsePx0FuTMM0e_GCG405SNGpQvMEhf73KuF7vrvBeRTnAAwZp-CVmWviwj4x0M https://db-ip.com/demo/home.php?s=175.208.134.152 https://sun6-23.userapi.com/c909228/u52355237/docs/d38/fa41d55bfcd2/d3h782af.bmp?extra=x2wWuvzLp9U9MFpMuHZvNeDGbtRLE0wlF7xXDQEgYuMpz0YX4nSn8o70AXGDKhvOM9YscK1wrIJ3gioKVHDTS71MBi-kHvMK6C3w00FHmTA2gPyAb3GAalPr1Iq8MFdFriiC1VsUCrdiBBIt https://vk.com/doc52355237_666953453?hash=NVFeHD1X6xxwiPyDZ4kbilHig693YsIH5g6X9HkS69s&dl=dzQeH4YkPFmuRHRZXunNV4NBh3hv5ZLppdno3QUFjqD&api=1&no_preview=1#rise https://vk.com/doc52355237_666962194?hash=6q38NEAvszC9RaRujZr6ZVjib9zBVZremmdPy8csKIw&dl=vi5dQPwpzhvYIPezYQtsimILAKZctT0T5feFndBaxT8&api=1&no_preview=1#55 https://schematize.pw/setup294.exe - rule_id: 37138 https://sun6-23.userapi.com/c909518/u52355237/docs/d48/03ed792486f2/WWW11_32.bmp?extra=BDTRbaczcnbNzBo0BOe-ypzZEprOU10IkpkSzte4_V8G371fkmp_shttiZOFe2G1ASGDl-WPX9fz5UxXrtRJAgBkbTqjDYOK0KXnwLo7S-B1oMpIKEG-z8PCsBkFTg520y7LBkTmUfiZSrtb https://sun6-23.userapi.com/c909418/u52355237/docs/d18/6dea2083151c/crypted.bmp?extra=fsba2zHpXvqaKaIs2cqbeh5vyBbuwJUz1GDJrKswAJIhi-uQ6bVTt1ZthUMWNp4RKY7PjMjHY4Ma_mmFnBFnz8T2TeqY1eHF6BqoZPrQTE5hBFV2aHat9V0upNqQz5qlhcM1Nx2yUiz1RdD4 https://db-ip.com/ https://sun6-22.userapi.com/c909218/u52355237/docs/d2/0ad6080636be/RisePro.bmp?extra=PqUzNShtdQ-VVGbOsb_U5PPXWQnmOykXCr2fivqUjiKkJwon0GTt09KEwh_9I68Dc5f0DQX1ply0EcnMJc9OgcjXAI8IkIAS0jKP-35agrJxkRrVKKABaH75pGdH6_DdpAnsxm5a-uDanq3h https://sun6-21.userapi.com/c237231/u52355237/docs/d27/febee9ba14ad/tmvwr.bmp?extra=KGmYpPVPqL1gWi9xyYdQGc9kE9zKzbY56JcAJV9iuZtoaTKYIdPjQcwEJi0bbYZccEU8xrKK9HW6FyaWz3VwbVmZxYG_2qmXrDvnZSdHp0boKwH__hcxkzXGDY-cpDrcR3ByVwRXBGUFBCA6 https://vk.com/doc52355237_667000543?hash=eKOuemWuRCZmXal2YVj4QW37gepCmLzd9U7bLDKtdnX&dl=Le3z6AAKjnE7RlnXRnVZJtvMGIu3iOAwG2df2VZCSfz&api=1&no_preview=1#test22 https://dzen.ru/?yredirect=true https://sso.passport.yandex.ru/push?uuid=0db9eca3-374f-45c1-8887-36a74b181ed4&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue https://vk.com/doc52355237_666904463?hash=UxTczsuPw9hubob0BlwxReQuXuRVMu7K4lkIHd53nfc&dl=pL6TKclvjp9CpzQWGzva7G0EpGDeSydWo0xKWmJnj6o&api=1&no_preview=1#WW11 https://api.2ip.ua/geo.json https://sun6-23.userapi.com/c909228/u52355237/docs/d47/bcda7d7ba2d6/test222.bmp?extra=GzyOtEQtKTC3VoTX4BnD-XTSQBc84p66dFqVHCs6w0VNIzwoEOOArPYB4Kra3QYsCY6Q5lJRsdsoheUUeiOTRdVzlgMBxM95pEXkuMRNKZKeX0Vv4pn-zyZtwt586DxQGHtIi7RMD4sCd6BW https://vk.com/doc52355237_666996873?hash=DTmX6GpQzg0mSZJ3QBf9KMyoAQLjAN2VneVoP2TiOB8&dl=3T0LCAZCJSJEhCRk9I2GHnvey9MXQk00H3a77N9btwD&api=1&no_preview=1 https://vk.com/doc52355237_666990393?hash=FTORQeSjuGQM3QZ0VZVmUaPzzMTjiHgVozgZL1VKkLs&dl=WHDNqvgddqa5sNEafsQGa9H9myfZRZuS1RHM37yysD8&api=1&no_preview=1 https://sun6-20.userapi.com/c909228/u52355237/docs/d55/a0f4bd8121f1/PL_Client.bmp?extra=gHHzZgmQ2ix-eyDuXWWUkcOvwwyUCy5E3P9WTu6vphlfKcCiFbxuGjvCO_1EJxvkfs2bGFSfr_9PlZsRCq65LOri_c51dD0gx807OeObF3eM6u1R8XpQ0HJzY5ESz-7d2hCuHgwJqj6q2qx6 https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://sun6-23.userapi.com/c909628/u52355237/docs/d45/362847a669f2/44.bmp?extra=HTogS9Udy-zScPsV8Lv4flcVw5qsSLuY9mdyAh5RRn5xhDPI8DfW9wtYF2X9SS9jhOM-3_rypQvzo-pT4vmB5SI_QdmT89HOjHvIcqqjQ3qOU-NfnB8XQLZDws7kGj9EbiGU5OrFcamzfHKn https://vk.com/doc52355237_666985371?hash=xUCdQotbw4FtZlATzAL4qnHpx7ewB6dgNtlbn7gwXm4&dl=xZf2pdqcEKVJkPKzgfXwyOhSAkzUukUObYzCFT4qurw&api=1&no_preview=1#1	54 Info api.2ip.ua(172.67.139.220) db-ip.com(104.26.4.15) telegram.org(149.154.167.99) schematize.pw(172.67.152.98) - malware iplis.ru(148.251.234.93) - mailcious www.maxmind.com(104.18.146.235) ipinfo.io(34.117.59.81) iplogger.org(148.251.234.83) - mailcious jackantonio.top(45.132.1.20) - malware onualituyrs.org(91.215.85.209) - malware sun6-22.userapi.com(95.142.206.2) - mailcious twitter.com(104.244.42.193) api.myip.com(104.26.8.59) sun6-23.userapi.com(95.142.206.3) - mailcious sun6-20.userapi.com(95.142.206.0) - mailcious yandex.ru(77.88.55.60) vk.com(87.240.132.72) - mailcious sso.passport.yandex.ru(213.180.204.24) sun6-21.userapi.com(95.142.206.1) - mailcious api.db-ip.com(104.26.5.15) dzen.ru(62.217.160.2) 148.251.234.93 - mailcious 194.169.175.128 - mailcious 104.18.146.235 87.240.129.133 - mailcious 62.217.160.2 104.244.42.1 - suspicious 104.26.5.15 149.154.167.99 - mailcious 193.42.32.118 - mailcious 172.67.75.166 91.215.85.209 - mailcious 171.22.28.226 - malware 87.240.132.67 - mailcious 34.117.59.81 77.88.55.60 148.251.234.83 185.225.75.171 - mailcious 213.180.204.24 45.132.1.20 45.9.74.80 - malware 194.169.175.232 - malware 176.123.9.142 - mailcious 77.91.68.249 - malware 104.26.9.59 45.15.156.229 - mailcious 172.67.152.98 - malware 104.26.4.15 95.142.206.3 - mailcious 95.142.206.2 - mailcious 172.67.139.220 95.142.206.0 - mailcious 95.142.206.1 - mailcious 94.142.138.131 - mailcious	31 Info SURICATA Applayer Mismatch protocol both directions SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) ET DNS Query to a .top domain - Likely Hostile ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET DNS Query to a .pw domain - Likely Hostile ET DROP Spamhaus DROP Listed Traffic Inbound group 7 ET INFO Executable Download from dotted-quad Host ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET INFO HTTP Request to a *.top domain ET HUNTING Suspicious services.exe in URI ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Packed Executable Download ET HUNTING Possible EXE Download From Suspicious TLD ET INFO TLS Handshake Failure ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP) ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer Activity (Response) ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI)		30.4	M	31	ZeroCERT

First
1
Last
Total : 1cnts