Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2022-01-01 19:58	Selap.exe aff7cf93b494c088fb991bebde49df9a GhostCringe GhostRAT NSIS Malicious Library UPX PE File PE32 Malware download VirusTotal Open Directory Malware GhostRAT AutoRuns Check memory Checks debugger Creates executable files RWX flags setting unpack itself Detects VMWare AntiVM_Disk sandbox evasion VMware VM Disk Size Check Windows Exploit Browser RAT Backdoor Trojan DNS crashed		2	9 Info ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server ET MALWARE Backdoor family PCRat/Gh0st CnC traffic ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET EXPLOIT_KIT DRIVEBY Likely Evil EXE with no referer from HFS webserver (used by Unknown EK) ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET INFO Dotted Quad Host DLL Request		8.4	M	54	ZeroCERT

2	2021-05-24 17:28	run.exe 63a11a44eeb7ee8c76f834d4435f4af3 GhostCringe GhostRAT PE File PE32 OS Processor Check Malware download VirusTotal Open Directory Malware GhostRAT AutoRuns Check memory Checks debugger Creates executable files RWX flags setting unpack itself Detects VMWare AntiVM_Disk sandbox evasion VMware VM Disk Size Check Windows Exploit Browser RAT Backdoor Trojan DNS crashed	2 Keyword trend analysis	1	9 Info ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server ET MALWARE Backdoor family PCRat/Gh0st CnC traffic ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET EXPLOIT_KIT DRIVEBY Likely Evil EXE with no referer from HFS webserver (used by Unknown EK) ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET INFO Dotted Quad Host DLL Request	1	9.0	M	48	guest

3	2021-05-21 11:16	run.exe 63a11a44eeb7ee8c76f834d4435f4af3 PE File PE32 OS Processor Check Malware download VirusTotal Open Directory Malware GhostRAT AutoRuns Check memory Checks debugger Creates executable files RWX flags setting unpack itself Detects VMWare AntiVM_Disk sandbox evasion VMware VM Disk Size Check Windows Exploit Browser RAT Backdoor Trojan DNS crashed	1 Keyword trend analysis	1	9 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server ET MALWARE Backdoor family PCRat/Gh0st CnC traffic ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 ET POLICY PE EXE or DLL Windows file download HTTP ET EXPLOIT_KIT DRIVEBY Likely Evil EXE with no referer from HFS webserver (used by Unknown EK) ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET INFO Dotted Quad Host DLL Request		10.0	M	48	ZeroCERT

4	2021-05-21 10:22	run.exe e57416e1935a33a9f173da150d8daa05 Gen1 Gen2 PE File PE32 OS Processor Check DLL Malware download VirusTotal Open Directory Malware GhostRAT AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files RWX flags setting unpack itself Detects VMWare AppData folder AntiVM_Disk sandbox evasion VMware VM Disk Size Check Windows Exploit Browser RAT Backdoor Trojan DNS crashed	8 Keyword trend analysis Info http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHv1Dj%2BciPJEWH5JNtwL5Y07mRqwQUxBF%2BiECGwkG%2FZfMa4bRTQKOr7H0CEArIzKqFYmE3jrS4gQrE3QI%3D http://users.qzone.qq.com/fcg-bin/cgi_get_portrait.fcg?uins=12345678 http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D http://43.129.230.36/System1.dll http://139.155.178.173:888/NetSyst96.dll http://43.129.230.36/8908.exe http://139.155.178.173:888/360diao.exe https://users.qzone.qq.com/fcg-bin/cgi_get_portrait.fcg?uins=12345678	6	10 Info ET INFO Executable Download from dotted-quad Host ET ADWARE_PUP User-Agent (Mozilla/4.0 (compatible)) ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server ET MALWARE Backdoor family PCRat/Gh0st CnC traffic ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 ET POLICY PE EXE or DLL Windows file download HTTP ET EXPLOIT_KIT DRIVEBY Likely Evil EXE with no referer from HFS webserver (used by Unknown EK) ET INFO Dotted Quad Host DLL Request ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP		10.6		48	ZeroCERT

First
1
Last
Total : 4cnts