Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2021-08-17 09:43	zxcvb.exe 2cae1b3be4c37e8f0ca5dac99dbbac17 PWS Loki[b] Loki.m RAT Gen1 Gen2 Generic Malware UPX Malicious Library Malicious Packer DNS Socket KeyLogger HTTP Internet API ScreenShot Http API Steal credential AntiDebug AntiVM PE File .NET EXE PE32 JPEG Format DLL OS Processor Check GIF Format Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Buffer PE suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check Tofsee Ransomware OskiStealer Stealer Windows Browser Email ComputerName DNS crashed Password	13 Keyword trend analysis Info http://kullasa.ac.ug/nss3.dll http://185.163.45.248//l/f/VAuJUXsBPvGyIjkLtOpJ/d657180f13db0ff9b8ee6da6bdfe300a7ea52ed9 http://kullasa.ac.ug/msvcp140.dll http://kullasa.ac.ug/ http://myproskxa.ac.ug/index.php http://185.163.45.248/ http://kullasa.ac.ug/vcruntime140.dll http://kullasa.ac.ug/softokn3.dll http://kullasa.ac.ug/mozglue.dll http://185.163.45.248//l/f/VAuJUXsBPvGyIjkLtOpJ/cd7c869b70884aeb0988dc2ac3b497411564fd4d http://kullasa.ac.ug/main.php http://kullasa.ac.ug/sqlite3.dll http://kullasa.ac.ug/freebl3.dll	6	8 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET DROP Spamhaus DROP Listed Traffic Inbound group 25 ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2 ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)		24.4	M	15	ZeroCERT

First
1
Last
Total : 1cnts