Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2023-06-28 16:45	Bar0627SetUp.exe e55683d061bb823c5ad9828c506f8c54 RedLine stealer Themida Packer UPX Admin Tool (Sysinternals etc ...) Socket DNS Anti_VM AntiDebug AntiVM .NET EXE PE32 PE File PNG Format PE64 JPEG Format Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces AppData folder VMware anti-virtualization installed browsers check Tofsee Interception Stealer Windows Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed	13 Keyword trend analysis Info https://sso.passport.yandex.ru/push?uuid=b62b00ef-65a3-48b0-8130-ecb2c8c9a624&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue https://dzen.ru/?yredirect=true https://yandex.ru/ http://tokoi45.beget.tech/server.txt http://tokoi45.beget.tech/server1.txt http://tokoi45.beget.tech/server2.txt http://allansworthng.com/2/data64_1.exe http://allansworthng.com/2/data64_2.exe http://allansworthng.com/2/data64_3.exe http://allansworthng.com/2/data64_4.exe http://allansworthng.com/2/data64_5.exe http://allansworthng.com/2/data64_6.exe http://allansworthng.com/webArg2.txt	13 Info allansworthng.com(108.178.17.142) - malware tokoi45.beget.tech(5.101.152.100) - mailcious iplogger.com(148.251.234.93) - mailcious yandex.ru(5.255.255.70) dzen.ru(62.217.160.2) sso.passport.yandex.ru(213.180.204.24) 108.178.17.142 - malware 213.180.204.24 148.251.234.93 - mailcious 168.119.239.218 - mailcious 5.101.152.100 - malware 62.217.160.2 5.255.255.70	4		20.4	M	22	ZeroCERT

First
1
Last
Total : 1cnts