Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2024-08-04 13:42	jf.exe d161e13cf0731d0b55ad38d6a38cdc21 CoinMiner Generic Malware Downloader UPX Malicious Library Confuser .NET Malicious Packer Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence F VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW IP Check Tofsee Interception Windows ComputerName Amazon Alibaba DNS	4 Keyword trend analysis	150 Info cm.bilibili.com(164.52.47.54) 7b42f7424e8c39d30019cf95ef41ef02.rdt.tfogc.com(175.4.55.179) ss0.baidu.com(185.10.104.109) vd6.l.qq.com(129.226.107.33) game.kde.qq.com(129.226.103.24) pcupd.com(139.196.217.38) hector.baidu.com(39.156.68.81) passport-plugin.hao184.com(61.170.80.232) accounts.google.com(64.233.188.84) search.sogoucdn.com(43.159.81.60) clientservices.googleapis.com(142.250.198.3) s3m6.mdvdns.com(104.192.108.23) m4.publicimg.browser.qq.com(43.152.15.45) dhrest.2345.com(180.163.196.140) t12.baidu.com(111.225.213.36) s3m6.fenxi.com(61.170.81.233) web.50bangzh.com(180.101.190.124) iwan.video.qq.com(124.156.190.80) eclick.baidu.com(111.206.208.190) i.news.qq.com(38.60.181.105) bd-js1.2345.com(112.25.90.131) data.ab.qq.com(43.154.254.142) dgss0.bdstatic.com(45.113.192.82) ckmap.mediav.com(180.163.247.134) www.baidu.com(119.63.197.139) www.2345.com(163.181.22.236) pcbrowser.dd.qq.com(111.3.90.95) daohang.qq.com(43.154.240.84) xy117x158x188x37xy.mcdn.bilivideo.cn(117.158.188.37) vfiles.gtimg.cn(211.152.132.216) data.bilibili.com(164.52.0.98) s1.mdvdns.com(112.65.69.52) ca8ac9a6f86c4d42a7e731d17aa125db.rdt.tfogc.com(113.141.160.228) dss2.bdstatic.com(185.10.104.109) gss0.bdstatic.com(45.113.192.82) pbaccess.video.qq.com(43.155.124.103) www.google.com(142.250.76.132) oth.str.beacon.qq.com(14.22.9.180) d9bfba694e0c428248140c78286d3793.rdt.tfogc.com(58.19.46.75) code.bdstatic.com(103.235.45.242) tv.puui.qpic.cn(38.60.181.35) r3---sn-j5o7dn7e.gvt1-cn.com(113.108.239.196) www-cdn.2345cdn.net(180.163.207.108) dhrest-static.2345.com(180.163.147.217) newtab.browser.qq.com(43.135.106.42) pb.sogou.com(36.155.166.212) 183ac55a26eb8ed3211e476f89a40d34.rdt.tfogc.com(111.4.66.14) static.res.qq.com(36.250.242.247) kde.qq.com(129.226.103.169) content-autofill.googleapis.com(142.250.206.202) hmcdn.baidu.com(124.239.243.48) checkip.amazonaws.com(52.221.143.66) b33fca1920f4832d8e3dfbf4c7432b50.rdt.tfogc.com(113.141.160.48) snowflake.qq.com(43.129.2.170) sofire.bdstatic.com(60.190.116.48) adsmind.gdtimg.com(211.152.132.216) api.bilibili.com(164.52.44.50) pss.bdstatic.com(103.235.45.242) apd-ugcvlive.apdcdn.tc.qq.com(211.152.132.216) st.tencent-cloud.com(211.152.132.216) hm.baidu.com(111.45.3.198) - mailcious 9d215ea2cab88371652c1ef094554b8f.rdt.tfogc.com(183.214.144.2) ss1.baidu.com(185.10.104.109) f7.baidu.com(103.235.45.243) xy120x209x212x19xy.mcdn.bilivideo.cn(120.209.212.19) zj-cn-live-comet.chat.bilibili.com(47.103.12.10) cdn.nfa.qq.com(42.177.83.82) b60ec859c86b068d2351ce983cebdb01.rdt.tfogc.com(175.4.55.182) as1.m.hao123.com(42.81.8.130) publiclog.zhiyan.tencent-cloud.net(121.14.77.149) p0.qhimg.com(54.192.175.113) imgcdn.toutiaoyule.com(111.47.229.228) bdb4e1d1d90392c080815d268dfe7f87.rdt.tfogc.com(183.214.52.52) pcwup.imtt.qq.com(14.22.9.100) b0218760c889395ec69a3305b7ab05fa.rdt.tfogc.com(183.214.52.58) pos.baidu.com(103.235.46.94) sapi-wzdh.2345.com(47.102.123.53) optimizationguide-pa.googleapis.com(172.217.161.234) otheve.beacon.qq.com(129.226.106.210) 6252cfceac8fd2546906f4522c07fff2.rdt.tfogc.com(219.144.77.71) jx.cdn.qhstatic.com(104.192.108.192) vr.gdt.qq.com(43.159.118.117) mbd.baidu.com(103.235.47.212) dhps.2345.com(180.163.203.99) s3m4.fenxi.com(175.6.254.74) passport.baidu.com(45.113.194.250) index-api.2345.com(180.101.190.124) www-stream.2345cdn.net(163.181.22.205) 6ad41852c351bbdf31590130781c1f5c.rdt.tfogc.com(175.153.180.110) v.gdt.qq.com(43.159.118.117) 0a0a389bc8b2293cdc7b734e9cf84e2f.rdt.tfogc.com(113.141.160.198) www.sogou.com(119.28.109.132) v.qq.com(23.7.212.166) rpt.gdt.qq.com(43.159.118.117) quickstart.imtt.qq.com(129.226.103.233) sc0.hao123img.com(58.254.180.65) lupic.cdn.bcebos.com(60.188.66.35) ipsad.l.qq.com(43.129.2.69) www.bilibili.com(164.52.44.50) daohang.browser.qq.com(43.154.240.84) 256c3d9bfaf9b50b26a3007eed50f82a.rdt.tfogc.com(111.4.66.8) hw-v2-web-player-tracker.biliapi.net(101.91.136.148) mc.minibai.com(118.24.85.16) live.bilibili.com(164.52.47.54) live-s3m.mediav.com(111.174.12.100) sfp.safe.baidu.com(36.110.219.204) www.591888.vip(38.147.189.238) ltscsy.qq.com(116.162.208.149) 430df5a0d910a183ce55ba9aa34a065f.rdt.tfogc.com(111.4.66.17) www.hao123.com(103.235.46.98) hotlist.imtt.qq.com(43.154.240.245) puui.qpic.cn(23.210.247.59) dns.google(8.8.4.4) b.bdstatic.com(117.68.52.48) ssxd.mediav.com(112.65.69.51) 35d956a39c11b2a14f588d401b8eb2ea.rdt.tfogc.com(183.95.181.108) api.live.bilibili.com(164.52.47.54) h.trace.qq.com(129.226.102.234) cpro.baidustatic.com(220.169.152.38) aegis.qq.com(43.137.221.145) www.hao774.com(61.170.79.225) 3924a2b0e8a2c4ef0b5b941a5d29f50f.rdt.tfogc.com(183.214.52.49) max-l.mediav.com(180.163.247.134) www.aliyunpay.shop(118.178.125.54) wup.imtt.qq.com(43.154.240.161) 46accc8a55ff111839e2072af218a509.rdt.tfogc.com(183.214.144.4) arms-retcode.aliyuncs.com(47.96.83.41) beacon.cdn.qq.com(211.152.132.208) wn.pos.baidu.com(182.61.200.11) qbuniplugin.html5.qq.com(43.135.106.117) topnews.imtt.qq.com(101.32.212.153) novel.html5.qq.com(129.226.107.80) webrtcpunch.video.qq.com(119.147.179.227) config.ab.qq.com(43.159.234.88) i2.hdslb.com(122.10.154.135) trpcpb.imtt.qq.com(129.226.107.205) cn-sccd-cu-01-09.bilivideo.com(101.206.209.10) sofire.baidu.com(36.110.192.107) hectorstatic.baidu.com(113.142.207.38) 118.24.85.16 47.96.87.99 38.147.189.238 124.223.105.161 47.97.204.105 139.196.217.38 - malware 118.178.125.54 116.62.214.53 47.98.133.194 60.12.184.62 18.138.132.100	5 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Dotted Quad Host ZIP Request ET INFO Observed External IP Lookup Domain (checkip .amazonaws .com) in TLS SNI ET INFO External IP Lookup Domain in DNS Lookup (checkip .amazonaws .com) ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com)		15.4	M	47	ZeroCERT

2	2024-04-19 13:12	js.exe 269a3d770289d6442ad0b01e03276a10 Generic Malware Malicious Library UPX PE File DllRegisterServer dll PE32 OS Processor Check VirusTotal Malware Check memory buffers extracted Creates executable files RWX flags setting unpack itself AppData folder AntiVM_Disk sandbox evasion VM Disk Size Check Windows Browser ComputerName Remote Code Execution DNS	1 Keyword trend analysis	1	4		7.6	M	47	ZeroCERT

3	2024-02-22 11:54	RuntimeBroker.exe 75484c429d668b95a287bde3ebb46fc8 Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) UPX PE32 PE File MZP Format OS Processor Check VirusTotal Malware Malicious Traffic unpack itself DNS crashed	3 Keyword trend analysis	1	1		4.0		51	ZeroCERT

4	2023-08-28 07:37	religionprosig.exe 3eb7278ffb8ab7d3f190a56756239e64 Gen1 Emotet Generic Malware Downloader Malicious Library UPX Antivirus Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API FTP KeyLogger AntiDebug AntiVM PE File CAB VirusTotal Malware powershell AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Remote Code Execution Cryptographic key	2 Keyword trend analysis	2	3		8.8	M	20	ZeroCERT

5	2023-04-16 16:22	113.exe 9a75a6d3afd26306f563d96dc2517225 Gen1 Emotet PWS .NET framework RAT Malicious Library CAB PE File PE32 .NET EXE VirusTotal Malware AutoRuns PDB Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder AntiVM_Disk VM Disk Size Check Tofsee Windows Remote Code Execution		2	2		4.6	M	42	ZeroCERT

First
1
Last
Total : 5cnts