Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2021-09-03 17:13	YrNDgSzymnK3JhV.exe ad4b527e8240812756aa003af27b9e48 RAT Generic Malware Admin Tool (Sysinternals etc ...) Anti_VM AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows Browser ComputerName Cryptographic key crashed		1			11.6		43	ZeroCERT

2	2021-08-25 10:20	BIN.exe 5d4344f2c377b22297ddeb0c98fa3e4b RAT Generic Malware Admin Tool (Sysinternals etc ...) Anti_VM AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key	8 Keyword trend analysis Info http://www.lifestylebykendra.com/n8ba/?nJ=fB7/mPW/ruvPmtL6yqh18GEo+pmrDDvkC2/sjgfP5cDoKdtRPCAp8bKliJ6x32STw1Q/kqMf&FX=5jUhfzdH4nzh1Hy http://www.effthisshit.com/n8ba/?nJ=wvsH14ZSz0siwCJ0WZ7f577/2+XlynZuqKUxNHapwnMaKOPmHki2oQq42X6xgcg0wJFGMxWg&FX=5jUhfzdH4nzh1Hy http://www.teamtacozzzz.com/n8ba/?nJ=uqosld0zfpGxpF7GdKEGpsNAFVDy7sF9OlzkJIZYKKMkxYJdqG4dKl671u+Sw1rnVpvrEbSg&FX=5jUhfzdH4nzh1Hy http://www.realestatetriggers.com/n8ba/?nJ=n8TD7XnX89zuSbP58nBeh3tzZAQgQeWKsc2+IkWBltSEviQ+PLSZjVJvy6KT3dkrgmsNkIj4&FX=5jUhfzdH4nzh1Hy http://www.luvlauricephotography.com/n8ba/?nJ=aWNKG/taKBNfCTuu4Vj0SXUYkQfuxKmtF2ZiRSbsdtsSpEbKckOota+0q4X8rvKC1g36gkpu&FX=5jUhfzdH4nzh1Hy http://www.wata-6-rwem.net/n8ba/?nJ=3L5ihXTb1ZAIiZeQQ1ofy4E3vvyAqMsnNRcELDg21zBW0aHgJVTBKs4AxgBVBpUYHrcqdaDW&FX=5jUhfzdH4nzh1Hy http://www.narrowpathwc.com/n8ba/?nJ=RqoVB/kTevwYNrpQ68VGCKAD0SwVXhGBA25gncTDeHVSc/TtzgJJgXlZbrh2RaVrYM4D7bqC&FX=5jUhfzdH4nzh1Hy - rule_id: 4154 http://www.wowmovies.today/n8ba/?nJ=aMSSVD0nNfZbrhMjVgmTME26uPdJofKdhkPkwitatQPtKeCql0jRJLGvKH9x7dpkGf+IfgZ0&FX=5jUhfzdH4nzh1Hy	18 Info www.shopliyonamaaghin.net() - mailcious www.teamtacozzzz.com(34.102.136.180) www.luvlauricephotography.com(208.91.197.13) www.aprendelspr.com() - mailcious www.nycabl.com() www.realestatetriggers.com(34.98.99.30) www.effthisshit.com(184.168.131.241) www.lifestylebykendra.com(34.102.136.180) www.wowmovies.today(99.83.154.118) www.wata-6-rwem.net(163.43.122.116) www.narrowpathwc.com(182.50.132.242) 163.43.122.116 208.91.197.13 - mailcious 184.168.131.241 - mailcious 34.102.136.180 - mailcious 99.83.154.118 - mailcious 182.50.132.242 - mailcious 34.98.99.30 - phishing	1	1	10.6	M	39	ZeroCERT

3	2021-08-25 09:21	vbc.exe 88edb353bbf9259f0e5eb0830df37086 RAT Generic Malware Admin Tool (Sysinternals etc ...) Anti_VM AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key	2 Keyword trend analysis	8	1		12.4	M	16	ZeroCERT

4	2021-08-25 09:19	fdseventeenzx.exe 19240f4b0efd2c8ed2f7fcc0835fad17 Loki PWS Loki[b] Loki.m RAT Generic Malware Admin Tool (Sysinternals etc ...) Anti_VM DNS Socket AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName Cryptographic key Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.4	M	32	ZeroCERT

First
1
Last
Total : 4cnts