Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2023-06-11 22:31	Deathmatics.exe 3bcc1eb867ab61418fe7a99dcffa3734 PWS .NET framework RAT UPX .NET EXE PE File PE32 Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Report Cryptocurrency wallets Cryptocurrency Telegram suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder IP Check Tofsee Ransomware WhiteSnake Stealer Browser Email ComputerName DNS Software	5 Keyword trend analysis	14 Info r3.i.lencr.org(104.76.70.102) ip-api.com(208.95.112.1) x1.i.lencr.org(104.76.70.102) api.telegram.org(149.154.167.220) 104.76.70.102 167.86.115.218 65.21.49.163 89.46.80.136 149.154.167.220 185.189.159.121 138.201.197.74 - mailcious 208.95.112.1 5.181.12.94 - mailcious 129.151.210.129 - mailcious	6 Info ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] WhiteSnake Stealer Reporting Request (Outbound) ET POLICY External IP Lookup ip-api.com ET HUNTING Telegram API Domain in DNS Lookup	2	12.2	M	48	ZeroCERT

2	2022-06-14 17:51	vbc.exe d4520b272c06d8cccd15fdc37b2f30fd PWS[m] RAT SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Disables Windows Security Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	1 Keyword trend analysis	4	3		14.8	M	34	ZeroCERT

3	2022-03-19 12:18	vbc.exe 86eaf435f35e874faa7067031edbda31 AgentTesla RAT browser info stealer Google Chrome User Data Create Service Socket Code injection Sniff Audio KeyLogger Escalate priviledges Downloader AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Remote Code Execution DNS		3			10.4	M	45	ZeroCERT

4	2021-08-16 10:42	AcrobatDC.exe aba32a475dcafdf4c6357205803e4cc0 Generic Malware Antivirus AntiDebug AntiVM PE File .NET EXE PE32 Malware download NetWireRC VirusTotal Malware powershell Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files ICMP traffic unpack itself Windows utilities suspicious process WriteConsoleW BitRAT Windows ComputerName Cryptographic key crashed keylogger		4	2		15.8	M	34	ZeroCERT

5	2021-06-08 11:42	Invoice~details012.exe 6cad5773b9830105a0862848919987ce AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself crashed					8.6	M	23	ZeroCERT

First
1
Last
Total : 5cnts