Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2023-09-14 07:46	Services.exe e962e5b9badb08fa227761855fedf45f UPX Malicious Library VMProtect PE File PE32 VirusTotal Malware Remote Code Execution					2.4		61	ZeroCERT

2	2023-09-06 07:48	Services.exe ca7502cd02a0a170d9f4305c18410126 PrivateLoader RedLine Infostealer RedLine stealer Generic Malware Malicious Library UPX VMProtect .NET framework(MSIL) Confuser .NET Malicious Packer PWS SMTP AntiDebug AntiVM PE File PE32 OS Processor Check .NET EXE PE64 DLL Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Check virtual network interfaces suspicious process AppData folder suspicious TLD sandbox evasion WriteConsoleW anti-virtualization IP Check installed browsers check PrivateLoader Tofsee Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	27 Keyword trend analysis Info http://94.142.138.131/api/firegate.php - rule_id: 32650 http://94.156.253.187/download/WWW14_n.exe http://45.9.74.80/super.exe - rule_id: 36063 http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://94.142.138.131/api/firecom.php http://45.15.156.229/api/firegate.php - rule_id: 36052 http://apps.identrust.com/roots/dstrootcax3.p7c http://94.142.138.131/api/tracemap.php - rule_id: 28311 http://193.42.32.118/api/tracemap.php http://www.maxmind.com/geoip/v2.1/city/me http://230809204625331.nes.dtf99.top/f/fikim0809331.exe - rule_id: 36062 https://preconcert.pw/setup294.exe - rule_id: 36162 https://psv4.userapi.com/c235131/u44017378/docs/d5/eb6fe76df516/red.bmp?extra=ME0T5ttRod9kvT9aKKSwe-oAdBL69d6YUKjB4zWwRSSWsFL7VU3KidZTPIhbjE0zWgoso1_RHm-VuqcNV5k7SY-fZDpTkZFPHptlTeudtXPzawqATgpx9GnpEDrul3HPvZeDLFV3JEzI7tmA https://vk.com/doc44017378_668913178?hash=82bcV2gCZ1FH8Z8HToaxuiwCiEN2mz2z1qfoXJTCPC0&dl=ErxeeY7X3LIyZIBiZ0QDMkzCLk2vvDO29uX36h22aek&api=1&no_preview=1#u9 https://dzen.ru/?yredirect=true https://sun6-20.userapi.com/c909618/u44017378/docs/d36/c9a88b9c7135/PL_Client.bmp?extra=tJtT3z6UbzYseJPa76j1zRBj1wmyid3YaDvAzaMsz31tqOzwexxS6SL75PPvYs4H2kzJbhj1WI3RcZekL6A_lMuCQ7wlgzvR82UbZKpo_7rDNXDLKPfZIU6wTZ5q87vSoPPRjK5zIRkegmYD https://vk.com/doc44017378_668897025?hash=9izn0TzhC6Gq52AYs6wKluNJs8IMGa5IygoIE2NWiZX&dl=RzpPQgkrU5Bo3xTNnupfnzibo1sU36B0QqzJYdEUq3c&api=1&no_preview=1#redcl https://psv4.userapi.com/c909328/u44017378/docs/d20/80a165d7642a/3c8fttmg7n06dp.bmp?extra=nuZcn5b8fGh0uPRKfbUAXX0VAMxL-cYveJG88PCotdD--pDq-7gxijOyIWQPtaUUAWSIRH_w1wstuzNboJLwKcBxW1Y6MIjCb1xhxyymyAxolfvAbMP9rCDe9gfZUPLDuOK0pAEC8-MuwAkw https://sun6-23.userapi.com/c909618/u44017378/docs/d58/502f8d1b7c6f/Synapse.bmp?extra=7ymvw_aFwN4_Uj7FsOWPKcOeA3Uvoj8EikYjHvdatt0X3JP-3DmTnc04rqW9o15Tpv6WRsx3NGvtPS7zQz6ZuNvop6Jj1TXski6zguIEMge-ITDtAes8MpdXIiCKNbvKN4nbBz6NMzSp29ZK https://vk.com/doc44017378_668850966?hash=seNAc9XpZGb24lXnAxVAwPiPVaSTe6IiTQaY7IFhggw&dl=A9mazd4TmUx700iSSJAZzZTPnbX30hG5PEtIhQs2FVw&api=1&no_preview=1#utube https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://db-ip.com/ https://vk.com/doc44017378_668777192?hash=bErtt2Itw8CZPTouyuXblBKb3pLfVImQzvGWnZ4CyVs&dl=vm2AArvcYQaQAETnMlmPKTg0CoqMAAqRh2fogvAYbWP&api=1&no_preview=1#tmwvr https://sso.passport.yandex.ru/push?uuid=bc95c885-a33d-4f0b-a172-5792d56f2b99&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue https://sun6-21.userapi.com/c235131/u44017378/docs/d58/cc01f1bebaed/tmvwr.bmp?extra=q1LcznyK48tN8Wen35rZ4SsDNwN0UeWZ55tLITfBZg-6OTIEQfzGqel91B2rOXtWrIKTnt-LHmOoR4Rgiv5jb_s-93At_nSn5l0lxswHLYTdEqposLIc_-NG6GXefWaiEN4nocBNujY4KphO https://sun6-21.userapi.com/c909628/u44017378/docs/d11/7f1a7c274f11/WWW1.bmp?extra=ibUwsIlBLQfXz5F54C2lVB4_UNTN1SYsuHJjPdJG1kmKXbQKYUdmzOpzkBzvq_CQ0kTWEzPmDitIXdL62nwV1Wz6vYHp9FTHjt_sDl-d0N1MlyijNg1uwrPaBxnTvlsmksXyhzo9dFkQw3Dx https://sergejbukotko.com/7725eaa6592c80f8124e769b4e8a07f7.exe	57 Info db-ip.com(104.26.5.15) ipinfo.io(34.117.59.81) sun6-23.userapi.com(95.142.206.3) dzen.ru(62.217.160.2) preconcert.pw(172.67.197.101) - malware psv4.userapi.com(87.240.190.76) twitter.com(104.244.42.129) telegram.org(149.154.167.99) sun6-20.userapi.com(95.142.206.0) - mailcious api.db-ip.com(104.26.4.15) red.mk(141.95.126.89) - malware ironhost.io(104.21.57.237) sso.passport.yandex.ru(213.180.204.24) api.myip.com(172.67.75.163) 230809204625331.nes.dtf99.top(94.156.35.76) - malware yandex.ru(77.88.55.60) iplis.ru(148.251.234.93) - mailcious sun6-21.userapi.com(95.142.206.1) - mailcious www.maxmind.com(104.18.146.235) vk.com(87.240.132.67) - mailcious sergejbukotko.com(172.67.214.144) 148.251.234.93 - mailcious 104.18.146.235 104.18.145.235 93.186.225.194 - mailcious 172.67.197.101 87.240.137.140 87.240.129.133 - mailcious 23.32.56.80 62.217.160.2 104.26.5.15 179.43.158.2 208.67.104.60 - mailcious 176.123.9.85 - mailcious 149.154.167.99 - mailcious 193.42.32.118 172.67.75.166 172.67.193.129 172.67.75.163 121.254.136.18 34.117.59.81 94.156.253.187 - malware 141.95.126.89 - malware 104.244.42.65 - suspicious 213.180.204.24 45.9.74.80 - malware 94.142.138.131 - mailcious 185.225.73.32 - mailcious 104.21.59.53 45.15.156.229 - mailcious 104.26.9.59 95.142.206.3 95.142.206.1 - mailcious 95.142.206.0 - mailcious 85.208.136.10 - mailcious 185.225.74.51 77.88.55.60	22 Info ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET DNS Query to a .pw domain - Likely Hostile SURICATA Applayer Mismatch protocol both directions SURICATA TLS invalid record type SURICATA TLS invalid record/traffic ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer Activity (Response) ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET DNS Query to a .top domain - Likely Hostile ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET INFO HTTP Request to a *.top domain ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Response)	7	23.8	M	52	ZeroCERT

First
1
Last
Total : 2cnts