Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2023-06-11 23:55	FineC0de.exe d86704134f65f0ebe87032f76864db5a Downloader UPX Socket PWS[m] Http API ScreenShot AntiDebug AntiVM .NET EXE PE File PE32 Malware download VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Stealer Windows DNS	8 Keyword trend analysis Info http://5.42.64.41:1337/mozglue.dll http://5.42.64.41:1337/libcrypto.dll http://5.42.64.41:1337/freebl3.dll http://5.42.64.41:1337/s?id=9a48fc56-3aef-47c0-98e0-4ed262d612ec http://5.42.64.41:1337/sqlite3.dll http://5.42.64.41:1337/softokn3.dll http://5.42.64.41:1337/?id=9a48fc56-3aef-47c0-98e0-4ed262d612ec http://5.42.64.41:1337/nss3.dll	1	10 Info ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2		8.6	M	49	ZeroCERT

2	2023-02-10 18:32	sm7.exe 9f472e5c47f63d675b9789790ace2ad1 RAT UPX AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware					2.0	M	59	ZeroCERT

First
1
Last
Total : 2cnts