Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2021-08-13 20:29	bum-0.exe 42d14493d70781dbb667f48ed49b3883 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	9 Keyword trend analysis Info http://www.carmelodesign.com/p2io/?Dz=N1c5K3PjC0viFOIgeR7Z0k8Uw9B7cwaCQzeNFWpedVjl04LWmNZIIwAVMJfWqJKb/L1NUNJg&lnud=Txll_2G http://www.cleanxcare.com/p2io/?Dz=pxlxKDN2MotDZDPtsB4Bv4ohCC0AYWvU81HhH938ZriMjSGbLHz+dyrLkdFSJvUjFQmrBLsu&lnud=Txll_2G http://www.essentiallyourscandles.com/p2io/?Dz=tOwaJov3Qh/So8Abi3+vLu8KpTdHs2Vuljr6rtQHuYg94Ec45hj5yXZ1J0+xHcOVWF/IMli4&lnud=Txll_2G - rule_id: 1553 http://www.malcorinmobiliaria.com/p2io/?Dz=X0EtArFEUual2LrizL+JDvaaIJih4TPXrew0ftkRNgE5xhBEnMYnqlEM9Znbjzoaa6WF3j6b&lnud=Txll_2G - rule_id: 1719 http://www.adultpeace.com/p2io/?Dz=4oufm6g7w9cVhgu+mDBWoA8I6Q2bNaX51teMhl/6i5f1woTl8Y4Ohfe29cQ9y7IaJQfIj0iK&lnud=Txll_2G - rule_id: 1554 http://www.untylservice.com/p2io/?Dz=L8zxg9SOaofWzoyPv00N4yNSfvs8vmV6MzKbpPLG03vcM8SdHJJ++2zBKn8m8TZ8Pf8jLpz7&lnud=Txll_2G - rule_id: 1546 http://www.totally-seo.com/p2io/?Dz=TySV6YYxUBKYb4HOwOCoDLKT5SC+Z4HfI/KqKrWSPqp5raNcMGgDmwJErp1xJY1yPtBpBPJW&lnud=Txll_2G - rule_id: 3721 http://www.zmzcrossrt.xyz/p2io/?Dz=tbodHACq9TgEm1QCflemmH955SxRRtof3zi2445TBfF16F/HFiIOFPSeH8a5z8Uvje9sxZdT&lnud=Txll_2G - rule_id: 1573 http://www.thriveglucose.com/p2io/?Dz=bgEje2qqVLxeqLNVlwWQjpUULYzLZlDcA+G1vxfW8Jz/ro52V1dcg5nZt+TpVqb/WeIjD6oW&lnud=Txll_2G - rule_id: 1568	18 Info www.malcorinmobiliaria.com(160.121.176.84) www.carmelodesign.com(34.102.136.180) www.cleanxcare.com(78.31.67.91) www.totally-seo.com(198.49.23.144) www.zmzcrossrt.xyz(75.2.73.220) www.essentiallyourscandles.com(23.227.38.74) www.untylservice.com(2.57.90.16) www.adultpeace.com(163.44.239.73) www.thriveglucose.com(184.168.131.241) 160.121.176.84 - mailcious 184.168.131.241 - mailcious 163.44.239.73 - mailcious 34.102.136.180 - mailcious 2.57.90.16 - mailcious 99.83.185.45 23.227.38.74 - mailcious 198.185.159.144 - mailcious 78.31.67.91 - mailcious	3	7	8.2	M	27	ZeroCERT

2	2021-08-13 20:20	vbc.exe a258ac40b5c62c1ac1124ace071c69dd PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	9 Keyword trend analysis Info http://www.3503322.com/o9pi/?JR-=mIG2xLW65f/VY2T7w/n5w3CohzNjrv59+Q+RRLKIWVzRM3IbGYEkjA8oEFQSpfhxI62o55rd&ob30qv=R2JDx2 http://www.ypassociatesfue.com/o9pi/?JR-=vJomEIO82ceFaeQdGLXRxUlnCwW32HRBD6KZ4caxEoTRh0t+XtMFapojsRpKLHNlWhKIhEvP&ob30qv=R2JDx2 http://www.triplerb.net/o9pi/?JR-=8LaaYBm3TSp0+Dsx63LIWRHbTa3sjACgPwATmM7mqou8RBHT8Uw6M3CNCc2vcCxOxjhGpp/k&ob30qv=R2JDx2 http://www.ambientcommunity.com/o9pi/?JR-=y3S9oTK7ZTucHHHaCr+21MXTMaess5Kpzx7PDWAO8SVqgAMxhMAouzFjMrnVr8YtRm2uWSCI&ob30qv=R2JDx2 http://www.xn--u9jy72gkoryg6abnb.com/o9pi/?JR-=dw42vcc5H4cJtOS2xFTuvaFHfjF2n7qc0CL/kbiqYyrqDrRUwY25eQioZqzEDrHsyKZ/3+Jp&ob30qv=R2JDx2 http://www.natjurals.com/o9pi/?JR-=7gA2nshU5oHcBaZY+ijQuPNpnYwMStAdL6cHORIxWU958uWY5q/GQE3Q+KIcK4hDlf6TgzHT&ob30qv=R2JDx2 http://www.rimanchallenge.com/o9pi/?JR-=Ryj/ZHe86eGzdfhYpxxiW1EUL3bgOORdifsAzXuDJZVsJm+RzRFHhoTWBkx5uSPCD90XO6NN&ob30qv=R2JDx2 http://www.facilmkt.com/o9pi/?JR-=U2rBSRZonOR8QiGC5jupmy09eLApZ5QLMo35m9jcydH8ukRQYzN10iXvj8MOBJVycEsRfwTX&ob30qv=R2JDx2 http://www.cityedirectory.com/o9pi/?JR-=z/X5Ze4UBjOWalfkHW1NeAdw2uJ9YkKssi0Q0RRRmjAem/VT1deVvUmI69DgCb1bDTAfesF6&ob30qv=R2JDx2	18 Info www.ambientcommunity.com(34.102.136.180) www.xn--u9jy72gkoryg6abnb.com(133.167.77.233) www.triplerb.net(34.102.136.180) www.signtosavelives.info() www.cityedirectory.com(103.224.182.243) www.facilmkt.com(145.239.189.1) www.rimanchallenge.com(118.27.99.26) www.3503322.com(154.91.194.130) www.natjurals.com(162.241.216.125) www.ypassociatesfue.com(66.235.200.146) 66.235.200.146 - malware 154.91.194.130 118.27.99.26 - mailcious 34.102.136.180 - mailcious 162.241.216.125 133.167.77.233 145.239.189.1 103.224.182.243 - suspicious	1		8.2	M	27	ZeroCERT

3	2021-08-13 20:08	.svchost.exe a1c4645815d0ab06831f62042cfa0da0 PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Detects VirtualBox suspicious process VMware anti-virtualization Windows ComputerName Cryptographic key Software	1 Keyword trend analysis	3	1		12.4	M	32	ZeroCERT

4	2021-08-13 20:07	312321312312_.exe 733546d80cc58bf61df0f32cd9f78bec RAT PWS .NET framework BitCoin Generic Malware UPX Malicious Library AntiDebug AntiVM OS Processor Check .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName Cryptographic key Software crashed	2 Keyword trend analysis	4	2	1	11.6	M	14	ZeroCERT

5	2021-08-13 09:49	wealthzx.exe a36b4d2566935944f7281dae1be18d5b PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed		1			11.8		27	ZeroCERT

First
1
Last
Total : 5cnts