Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2023-11-02 17:02	Xiu2Xiu.exe 07f36f03342b3b07ecfb8498d0e078a2 Gen1 Malicious Library UPX ASPack Malicious Packer Anti_VM PE File PE64 OS Processor Check DLL ftp wget DllRegisterServer dll Malware Check memory Creates executable files unpack itself Ransomware					2.8			ZeroCERT

2	2023-05-23 17:25	ChatGPT-4.exe dce55bbdd6eed9c8208b7e2581566ff0 Gen1 Generic Malware UPX Malicious Library Malicious Packer ASPack Anti_VM OS Processor Check PE64 PE File DLL VirusTotal Malware Check memory Creates executable files unpack itself					3.4	M	45	ZeroCERT

3	2023-02-21 13:40	SetupX64.exe 60f0517dccdde6f0fe9859019fab223d PWS[m] RedLine stealer[m] RAT PWS .NET framework Generic Malware Antivirus Confuser .NET Malicious Library Malicious Packer UPX AntiDebug AntiVM PE32 .NET EXE PE File OS Processor Check PE64 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder WriteConsoleW installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	7 Keyword trend analysis Info https://bbuseruploads.s3.amazonaws.com/92650141-3771-4ef6-8487-a8ce5ad2e240/downloads/03f126aa-6017-4520-92a2-c8112a6addd7/Task24Watch.exe?response-content-disposition=attachment%3B%20filename%3D%22Task24Watch.exe%22&AWSAccessKeyId=ASIA6KOSE3BNDUXZPH56&Signature=avwBuxkhd4Xgyixj2PMoYGET0Cg%3D&x-amz-security-token=FwoGZXIvYXdzEC4aDEMf0%2F1ULRFra9C9SSK%2BAbVGxqOnGdvkQMEFBU0%2FF5kg6%2F4%2B0yBwTTPvUtiH8w9tjKMGuLIxouTSkyQPrmjHeqIuFXZoArYMHNan31MSIqcqQKgid1H5NS8ddkcKVW%2BhLj3OrmzhfPqif6CPZl1d6fUMX6wNPUdFX9ck2y7y2tn%2FGpmOAG2M5LDLEVeKC6yW1z5uxNT3isa69%2FTZk1uGwRJuKOV%2BvKyorHoxEf9ndewrbcqH4XNC38rhiWOPr9jrq5IEKnCVSHKkGvwUvSYo64%2FRnwYyLQEHG3flYspuy3K0djwJevY7Qp07PgKYmJk9mkBYg1wuoNRORGhmYCzHwiDmaw%3D%3D&Expires=1676955379 https://bitbucket.org/rpoverka/zhopa/downloads/MainModule.exe https://bitbucket.org/rpoverka/zhopa/downloads/xmrig.exe https://bbuseruploads.s3.amazonaws.com/92650141-3771-4ef6-8487-a8ce5ad2e240/downloads/b3a0e12f-e350-4a5c-8239-1cb38b0ef068/xmrig.exe?response-content-disposition=attachment%3B%20filename%3D%22xmrig.exe%22&AWSAccessKeyId=ASIA6KOSE3BNJFRFBCRB&Signature=Igv5ADbIOFzJ%2FL1GdVUwoZJ1ANQ%3D&x-amz-security-token=FwoGZXIvYXdzEC4aDGmgGod9JRtPIJ5J4iK%2BAZ%2BQf48tgsYZfpo4Jv0ino2j8ZYKs9z3%2F4NzmPnRh8UjeASue%2FAqqStw1rcdJ1Q4OZPvB9TxKnagXZ4zUSHd%2BMoCmzQTTS%2FEJ4X7Jet0ittMt%2BwyEeZlQpBVreTLIyHR7YL9OLNMvuZ%2BNo5LL4F%2FYZiU5tAhJG9ymJHifuKiVUG%2F7ws5w%2BEtN6zXSPHZgF0ke%2BCfYANSVAaxz9nGIdD4w2EDsUUiZP%2BdvKALJrgY19BYakB2ZKockBrXLbvh4XoonJDRnwYyLaJSIHYriwNaDqOPi%2FmZw7OZUkogXNtLqHRkzUkMTDnv8aSn%2BZV7kaEstYBcdg%3D%3D&Expires=1676955428 https://bitbucket.org/rpoverka/zhopa/downloads/Task24Watch.exe https://bbuseruploads.s3.amazonaws.com/92650141-3771-4ef6-8487-a8ce5ad2e240/downloads/09293685-2c5d-4159-86d9-08c57e8e8de5/MainModule.exe?response-content-disposition=attachment%3B%20filename%3D%22MainModule.exe%22&AWSAccessKeyId=ASIA6KOSE3BNHLH2DZ7U&Signature=VFctTT15Oy1pCiaL50jPJ9FZjcw%3D&x-amz-security-token=FwoGZXIvYXdzEC4aDDlI4D0qJzDCLyV4sCK%2BATydA3JWrOh0cMOubezBVsXQR%2FU%2FxdqqCLfVyEmUqPgTWhLBPz5Zr5czddzsszsXHFjm1b9fwf0uSHkEq4y2CN6%2FZUsbdan4z2fd%2BjyC1AMdnaLr8W2WfpqEeTejTc9MrV1ptPEmwh%2BBAfQqD9A181S7BqhEy%2FzCiyvgPI8AQX2OJWvVbkdii83pzDQX6IWqUeaNaDx1vvVHQxH8tKUVPDiuO866bid5YIcvKCQpUgEJQXfHf9aZ%2BIlfNUYYjEko3Y7RnwYyLcKnJ4pxJmRnLWX47kqvK7YZM5DPIMVEnGMVLokXa6L%2BO%2FHbDJlhZEVB96P2tA%3D%3D&Expires=1676955237 https://transfer.sh/get/CxkjoH/96f0043345016b4bce68c3029a06ef3d.exe	9	5 Info ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in TLS SNI) ET POLICY Observed DNS Query to File Transfer Service Domain (transfer .sh) ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in DNS Lookup)		13.4	M	12	ZeroCERT

4	2021-11-22 11:33	8169_1637332082_2783.exe e8f62b71d429c0f6dfde158e746828b2 RAT PWS .NET framework Generic Malware PE64 PE File .NET EXE VirusTotal Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows utilities Check virtual network interfaces suspicious process Tofsee Windows Cryptographic key crashed	1 Keyword trend analysis	4	1		10.0		40	ZeroCERT

5	2021-04-13 10:13	ClubHousePC.exe bfca5d2ddd8840dc1f6c49309bbe1924 Azorult .NET framework AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI ICMP traffic unpack itself Collect installed applications Check virtual network interfaces installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	4			13.8	M	7	ZeroCERT

First
1
Last
Total : 5cnts