Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2023-08-02 09:55	1Lyla.exe 4b1b9a060092af401c073ffbd1dd9e1b UPX Socket DNS PWS SMTP AntiDebug AntiVM .NET EXE PE File PE32 PNG Format GIF Format JPEG Format PE64 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Collect installed applications AppData folder installed browsers check Tofsee Interception Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	10 Keyword trend analysis Info http://tokoi45.beget.tech/server2.txt - rule_id: 34428 http://tokoi45.beget.tech/server1.txt http://disgen.in/webArg1.txt https://iplogger.com/12qaJ4 http://disgen.in/1/data64_1.exe http://disgen.in/1/data64_2.exe http://disgen.in/1/data64_3.exe http://disgen.in/1/data64_4.exe http://disgen.in/1/data64_5.exe http://disgen.in/1/data64_6.exe	7	8 Info ET POLICY PE EXE or DLL Windows file download HTTP SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer Activity (Response) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Response) ET INFO TLS Handshake Failure	1	17.4	M	43	ZeroCERT

First
1
Last
Total : 1cnts