Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2024-01-30 08:13	ugorichzx.exe 0b26f7b7a37aec280212b187c006f3b7 AgentTesla PWS KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed		2	4		11.0	M		ZeroCERT

2	2024-01-26 09:28	somzx.exe e899fbf28973beed105f99e209e11be5 AgentTesla Malicious Library .NET framework(MSIL) UPX PWS KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Discord Browser Email ComputerName DNS Software crashed keylogger	1 Keyword trend analysis	4	6 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET INFO Observed Discord Domain (discordapp .com in TLS SNI)		14.0	M	40	ZeroCERT

3	2024-01-26 09:12	agodzx.exe b29fbc48ad3305f4dcab0be3145682a6 AgentTesla Malicious Library .NET framework(MSIL) UPX PWS SMTP KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed	2 Keyword trend analysis	7	6 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Lookup ip-api.com SURICATA Applayer Detect protocol only one direction		15.4	M	42	ZeroCERT

First
1
Last
Total : 3cnts