Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2023-08-07 09:24	C3.exe 113206f6a06da35df94d8cd455b3091c Redline RedLine stealer Emotet Generic Malware .NET framework(MSIL) Admin Tool (Sysinternals etc ...) UPX WinRAR Malicious Library Antivirus PWS AntiDebug AntiVM BitCoin .NET EXE PE File PE32 ZIP Format OS Processor Check DLL Browser Info Stealer RedLine FTP Client Info Stealer VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Collect installed applications powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW installed browsers check Tofsee Ransomware Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	9	9 Info ET ATTACK_RESPONSE RedLine Stealer - CheckConnect Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET ATTACK_RESPONSE Win32/LeftHook Stealer Browser Extension Config Inbound ET POLICY External IP Lookup Domain (myip .opendns .com in DNS lookup) SURICATA HTTP unable to match response to request ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	1	20.2	M	55	ZeroCERT

First
1
Last
Total : 1cnts