Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2021-07-19 11:00	id27315002.php 291192d5184d78dc4f49972a092598d8 BitCoin Process Kill Generic Malware UPX FindFirstVolume CryptGenKey AntiDebug AntiVM PE File Device_File_Check OS Processor Check PE32 PNG Format .NET EXE MSOffice File JPEG Format Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder WriteConsoleW installed browsers check Tofsee Windows Exploit Browser ComputerName DNS Cryptographic key Software crashed	12 Keyword trend analysis Info http://usa01.info/app/files/ap/id27315002.php http://densalenge.xyz/ http://usa01.info/users/content/id03084901/mmow.txt - rule_id: 2934 http://usa01.info/users/content/id03084901/mmow.txt http://usa01.info/books/userpaths/birbik/harrypotter2.txt http://tstamore.info/ - rule_id: 2931 http://tstamore.info/ http://usa01.info/function/v2tmp/momomoomomom.php - rule_id: 2936 http://usa01.info/function/v2tmp/momomoomomom.php https://iplogger.com/1Fd397 https://api.ip.sb/geoip https://iplogger.com/1Fs397	13 Info tstamore.info(45.139.184.124) api.ip.sb(104.26.12.31) usa01.info(45.139.184.124) iplogger.com(88.99.66.31) densalenge.xyz(85.192.56.21) www.binance.com(52.84.150.4) 88.99.66.31 - mailcious 52.84.150.20 172.67.75.172 85.192.56.21 104.21.21.221 - mailcious 104.21.78.28 - mailcious 45.139.184.124 - malware	7 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET USER_AGENTS Suspicious User-Agent (Installed OK) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP ET INFO TLS Handshake Failure SURICATA Applayer Detect protocol only one direction SURICATA HTTP unable to match response to request	3	16.6	M	22	ZeroCERT

2	2021-07-19 10:49	compan.exe ec079fbd394ed8838d2c8d062bbf1f39 BitCoin Process Kill Generic Malware Themida Packer UPX FindFirstVolume CryptGenKey AntiDebug AntiVM PE File Device_File_Check OS Processor Check PE32 PNG Format .NET EXE JPEG Format MSOffice File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces suspicious process AppData folder WriteConsoleW VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware Cryptographic key Software crashed	9 Keyword trend analysis Info http://usa01.info/users/content/id03084901/mmow.txt http://usa01.info/app/files/ap/id27315003.php http://usa01.info/function/v2tmp/momomoomomom.php http://usa01.info/books/userpaths/birbik/harrypotter3.txt http://tstamore.info/ http://kurinogti.info/ https://iplogger.com/1Fb797 https://iplogger.com/1Fn797 https://api.ip.sb/geoip	10	8 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET USER_AGENTS Suspicious User-Agent (Installed OK) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP ET INFO Packed Executable Download ET INFO TLS Handshake Failure SURICATA Applayer Detect protocol only one direction SURICATA HTTP unable to match response to request		17.0	M	23	ZeroCERT

First
1
Last
Total : 2cnts