Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2021-11-24 10:30	DFGXCVXVUIOU.exe ec46b84c7a3e55896233429ae3807b87 Lokibot PWS Loki[b] Loki.m RAT Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software	4 Keyword trend analysis	4	10 Info ET INFO Observed Free Hosting Domain (.000webhostapp .com in DNS Lookup) ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed SSL Cert for Free Hosting Domain (.000webhostapp .com)	1	13.4		24	ZeroCERT

2	2021-11-07 09:55	GRSDFSDGSD.exe b7426df3b449ae7ec217cfdbdc36f242 RAT Generic Malware PE File PE32 .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee ComputerName		2	2		2.8		23	ZeroCERT

3	2021-10-16 12:39	FYI.exe d100485ad14f8463450278591b10c698 RAT Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself human activity check Windows DNS Cryptographic key DDNS		3	1		13.8		28	ZeroCERT

4	2021-08-11 09:32	vbc.exe 7107c22585cca5ac62b9fe39dbd9daaa RAT Generic Malware Admin Tool (Sysinternals etc ...) Antivirus AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download VirusTotal Malware powershell Buffer PE PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process Windows ComputerName DNS Cryptographic key	10 Keyword trend analysis Info http://www.closingdesk.net/att3/?KthP4=GsT/GE4yQym50NkzpnDYpUFWFP0JBGMx2Io5jh4kUE+zUkmY0A2BqVjN4Z5OnoQKtrELn3gs&XvLHH=z8oHspOXAT http://www.eating4mentalhealth.com/att3/?KthP4=NGHqP/WmY43AEEmby83dM/CZnK2YQu/3UaoZMnoqWhU3VwpL/zIDj6H84r9j8abI7+jqJZ5f&XvLHH=z8oHspOXAT http://www.otherneeds.com/att3/?KthP4=2ckD7tohQe+TRCnFutacO/ftpwr3/NA0my0Fr3tbR8W2BRYcNOFAv3ITtYYvnQSOvtCCZiHB&XvLHH=z8oHspOXAT http://www.advancedrecyclinginc.com/att3/?KthP4=zLvVfZQvvpIAsaq9rSGGcBUvJapcJdtSr/7laRWsFiVuVy1Z5Gm9+7C9CH2noid3L+TUKmAb&XvLHH=z8oHspOXAT http://www.thameensa.com/att3/?KthP4=HafOlTTWHUE9rCc9yof1pQPG6Pw7b9BUglHuAcvcO1fyzne8j05tmsXHQP7egYr5eU/TT1lf&XvLHH=z8oHspOXAT http://www.travelscappadocia.com/att3/?KthP4=+5e0lDgeNLVRHwnIiwJ5eoDVaUzG8FsHDr0RYq+9Lz8oFts6A/WK7WX14JwcdZ8zKJMLh9gr&XvLHH=z8oHspOXAT http://www.seedmanusa.com/att3/?KthP4=bl1/oe+By879MNRbO0zvdm9HRh+Lq3wOy0iwYsoyTqoS2GCIFufS4ceb6qA2Lb+dYg0Ake5H&XvLHH=z8oHspOXAT http://www.arkhuman.com/att3/?KthP4=IrwlC2cb1N3pmdGXWpuqfoz51285d0czL0T3TYzestP/hjZ/V7YBRrtaH/VOTaIb23oo6eax&XvLHH=z8oHspOXAT http://www.womenshealthnewyork.com/att3/?KthP4=v+1cRGoWU9EaeIHTng3tsxrZlljsY6RwA5zikQjpgr7vKHCXQvUt7mc8QmtxbIQCe5o1gbTQ&XvLHH=z8oHspOXAT http://www.quisroyalfactory.com/att3/?KthP4=zWFlTFAKSu1EkaVo/5prGFM9KihehIlfEQ5DNKVrF5OhOZVRDFOZboyqEzXvzBtQqvNZrwvf&XvLHH=z8oHspOXAT	21 Info www.closingdesk.net(209.99.40.222) www.cnaiyouyue.com() www.advancedrecyclinginc.com(184.168.131.241) www.quisroyalfactory.com(23.227.38.74) www.eating4mentalhealth.com(184.168.131.241) www.seedmanusa.com(34.102.136.180) www.bifboawdq.icu() www.herobet147.com() www.arkhuman.com(199.59.242.153) www.womenshealthnewyork.com(54.185.178.6) www.travelscappadocia.com(182.50.132.242) www.thameensa.com(52.59.120.70) www.otherneeds.com(34.102.136.180) 184.168.131.241 - mailcious 18.197.248.23 209.99.40.222 - mailcious 34.102.136.180 - mailcious 199.59.242.153 - mailcious 182.50.132.242 - mailcious 23.227.38.74 - mailcious 54.185.178.6	2		11.0	M	28	ZeroCERT

First
1
Last
Total : 4cnts