Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2021-10-22 09:14	buildz.exe 8daa272f411b68ce0bfbb42c9785bf3c PWS Loki[b] Loki.m AgentTesla browser info stealer [m] Generic Malware task schedule Malicious Library UPX ScreenShot DGA Socket DNS Internet API Http API AntiDebug AntiVM PE File OS Processor Check PE32 Malware download Dridex Malware Microsoft AutoRuns PDB Code Injection Checks debugger buffers extracted Creates executable files unpack itself Windows utilities AppData folder malicious URLs suspicious TLD WriteConsoleW Tofsee Windows ComputerName Remote Code Execution DNS crashed	2 Keyword trend analysis	8	12 Info ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) ET DNS Query to a .top domain - Likely Hostile ET DNS Query for .to TLD ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Potential Dridex.Maldoc Minimal Executable Request ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET INFO HTTP Request to a .top domain ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING Possible EXE Download From Suspicious TLD	1	11.6	M		ZeroCERT

First
1
Last
Total : 1cnts