Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2023-04-06 10:11	DHL Express_9552656186.exe e343faf5fe885af866a45e8922e3e012 Loki_b Loki_m PWS .NET framework Socket DNS PWS[m] AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software crashed	2 Keyword trend analysis	1	5 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	1	14.0		52	ZeroCERT

2	2023-03-29 09:57	vbc.exe 4f57c474b77a208ee4d212894b3512d2 PWS .NET framework Generic Malware Antivirus AntiDebug AntiVM .NET EXE PE32 PE File FormBook Malware download VirusTotal Malware powershell PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis Info http://www.drandl.com/g2fg/?q6A=CWwfQMcOabB0OYvUL0KuV3yjiiJTTZBBzAVKPdJMLdwkoV04TnCmBs4eZSctpt7zb3Z0AbHn&rTFDm=GBLpaD_PA8odIr - rule_id: 18888 http://www.usdp.trade/g2fg/?q6A=sSeyT3cu/Fh8IMYE4dkXfPG02cBaSDgP+UeXcTNSXack25VwISfgZcRXRsMt/2RRVYEm+imk&rTFDm=GBLpaD_PA8odIr - rule_id: 10296	5	2	2	11.8	M	37	ZeroCERT

First
1
Last
Total : 2cnts