Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2021-11-19 17:17	vbc.exe d93485214a34d7f7a47854960cf51e89 Malicious Library UPX PE File PE32 VirusTotal Malware RWX flags setting unpack itself Tofsee Remote Code Execution crashed	3 Keyword trend analysis Info https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1637309693&rver=7.3.6962.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fonedrive.live.com%2Fdownload%3Fcid%3D12E1C0826CE1E631%26resid%3D12E1C0826CE1E631%2521111%26authkey%3DADdmmgbfTgMAmYM&lc=1033&id=250206&cbcxt=sky&cbcxt=sky https://onedrive.live.com/download?cid=12E1C0826CE1E631&resid=12E1C0826CE1E631%21111&authkey=ADdmmgbfTgMAmYM https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1637309694&rver=7.3.6962.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fonedrive.live.com%2Fdownload%3Fcid%3D12E1C0826CE1E631%26resid%3D12E1C0826CE1E631%2521111%26authkey%3DADdmmgbfTgMAmYM&lc=1033&id=250206&cbcxt=sky&cbcxt=sky	4	1		3.6		19	ZeroCERT

2	2021-08-07 13:58	vbc.exe 442d2d8a7820a1c0c0ba418476d67fb0 UPX Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File PE32 FormBook Emotet Malware download VirusTotal Malware Buffer PE AutoRuns Code Injection Malicious Traffic buffers extracted Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName	19 Keyword trend analysis Info http://www.mobiessence.com/6mam/?Sjo4=KE8gpfUGztMVNWKMFV5goIwNmc44LE6Oi+XDAS05rkp2RTHle1NPjBrPfhHuDJ31Wqk/Ne1S&L6=VrM8zFVhsB3D - rule_id: 3578 http://www.gxduoke.com/6mam/ http://www.gxduoke.com/6mam/?Sjo4=XyExfHS1GLupBy3CQ8ZHaW0Gc0Et+RmWESSPg9i+4Yd9uJqL2u2pkEb3ToITDIyDz9UOIS1M&L6=VrM8zFVhsB3D http://www.besport24.com/6mam/?Sjo4=G66iPt+xvrTiSrnWMSNY3jIG1auw/RAx4P7alq3BxDAHCc2pRDbTwTzLPU1dODy6kKEhnUhc&L6=VrM8zFVhsB3D http://www.cannamalism.com/6mam/ - rule_id: 3576 http://www.marcuslafond.com/6mam/?Sjo4=DiI3F0Ylam/cMh+wU0CjHhRfuntJ8nyjZcT4nMx9uSVUWqMW4wZqmzUPNc4P48XCZ8APIRdm&L6=VrM8zFVhsB3D http://www.mobiessence.com/6mam/ - rule_id: 3578 http://www.aladinfarma.com/6mam/ http://www.hibachiexpressnctogo.com/6mam/?Sjo4=0HG4+iy4HM9z+nt9884ETIsw7S4XNgMIsS4SVeWydW0ESnQUZ/hCKdKQ9SnakUxepzgcXLa3&L6=VrM8zFVhsB3D - rule_id: 3843 http://www.hibachiexpressnctogo.com/6mam/ - rule_id: 3843 http://www.cannamalism.com/6mam/?Sjo4=kn71xoO9iU2mX4j71h7bz8HHhkUEjJyTF2/azklG2erytyCHrh0zJMDeYoghQinFk6RtaMTe&L6=VrM8zFVhsB3D - rule_id: 3576 http://www.marcuslafond.com/6mam/ http://www.lawmetricssolicitors.com/6mam/ - rule_id: 3575 http://www.lawmetricssolicitors.com/6mam/?Sjo4=4Gj0yn3nr4YWFpZH4qn2bQ/Mf+Y/K54EnXCw/FRHgkyWUNrW3vdYTE+qdBaiGkNQ4kKGGQ8H&L6=VrM8zFVhsB3D - rule_id: 3575 http://www.aladinfarma.com/6mam/?Sjo4=udSG7fe6GY9zo7ZKy45gsyroZuOYrS4qDm5Wf1a6lEkS7UZsR2SStIdy4f3tNkj1uIyko7Uw&L6=VrM8zFVhsB3D http://www.besport24.com/6mam/ https://onedrive.live.com/download?cid=7AD84143EE0A85E3&resid=7AD84143EE0A85E3%21117&authkey=AJAdp78GUbL_5Hc https://pxrvua.sn.files.1drv.com/y4m41792Y6UKDi_7UZp7ByRoAAjAR3fyuA5iLRNNt-n5jRyvXlNyKd14AGIRzIGMUxiuZSxy_OUQr16g9r2TgvRCrZoe_vEz_4NtvrBa8AX_jGkdUIjsjUoufdTv_3ia1afEYa4oWEqdjq6DFpOAnLJod7j1wVkCbTcpxNrKTwsZA9qF1vFtu4BHbu8JvVLPOMhES05MCgiLDLw6gCU58GCKQ/Fuvajutpqxzstoogzkocgvphgpfshra?download&psid=1 https://pxrvua.sn.files.1drv.com/y4m0Ahy6qtakbVJqNkNH6tYmZTEgEOjoSykrWlGKvOTvKyPaFeFtDBSJ9KqSSx7Ma9SVbVmlwIzIpWm4cqZ_oMZAUDZH5hzP6ab5BDAv8wdLz72rIkyOQyxcORZOp8AXgfeMFKPfcv79_DixtsxFSclvxVXV9FeaDrM_C_iOhzor74KUzRaC2_cwlLloLena0QmneO1vv7FrWCnXxR6wZ_lTQ/Fuvajutpqxzstoogzkocgvphgpfshra?download&psid=1	25 Info www.cannamalism.com(34.102.136.180) onedrive.live.com(13.107.42.13) - mailcious www.besport24.com(51.83.52.226) www.mobiessence.com(52.58.78.16) www.paypalticket5396173.info() www.aladinfarma.com(81.95.96.29) www.marcuslafond.com(104.247.218.105) www.freehypnosisevent.com() pxrvua.sn.files.1drv.com(13.107.42.12) www.gxduoke.com(164.88.214.172) www.hibachiexpressnctogo.com(54.230.169.100) www.coicplat.com() www.titanusedcarsworth.com() - mailcious www.lawmetricssolicitors.com(66.45.250.213) www.candlewooddmc.com() - mailcious 104.247.218.105 52.58.78.16 - mailcious 13.107.42.13 - mailcious 13.107.42.12 - malware 34.102.136.180 - mailcious 164.88.214.172 66.45.250.213 - mailcious 54.230.169.104 81.95.96.29 - suspicious 51.83.52.226	2	8 Info http://www.mobiessence.com/6mam/ http://www.cannamalism.com/6mam/ http://www.mobiessence.com/6mam/ http://www.hibachiexpressnctogo.com/6mam/ http://www.hibachiexpressnctogo.com/6mam/ http://www.cannamalism.com/6mam/ http://www.lawmetricssolicitors.com/6mam/ http://www.lawmetricssolicitors.com/6mam/	11.8	M	39	ZeroCERT

First
1
Last
Total : 2cnts