Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2024-07-20 20:34	AppGate018ver1.exe 8f8f6a36a8b827ceaae1228fd2669002 Vidar Client SW User Data Stealer LokiBot Gen1 Emotet ftp Client info stealer Generic Malware Themida Packer Malicious Library UPX ASPack .NET framework(MSIL) Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File PE64 OS Processor Che Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Cryptocurrency Miner Malware Telegram AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Detects VirtualBox Detects VMWare Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VMware Firewall state off anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Interception Windows Discord Browser RisePro ComputerName Firmware DNS Software crashed CoinMiner	10 Keyword trend analysis Info http://176.111.174.109/psyzh - rule_id: 40370 http://77.105.133.27/download/123p.exe - rule_id: 40857 http://91.103.252.177/api/twofish.php http://apps.identrust.com/roots/dstrootcax3.p7c http://94.232.45.38/eee01/eee01.exe - rule_id: 39938 http://91.103.252.177/api/crazyfish.php http://77.105.133.27/download/th/space.php - rule_id: 40856 https://steamcommunity.com/profiles/76561199743486170 - rule_id: 41270 https://db-ip.com/demo/home.php?s= https://iplogger.org/1nhuM4.js	28 Info db-ip.com(104.26.5.15) pool.hashvault.pro(131.153.76.130) - mailcious api64.ipify.org(104.237.62.213) api.myip.com(172.67.75.163) steamcommunity.com(23.66.133.162) - mailcious iplogger.org(104.21.4.208) - mailcious t.me(149.154.167.99) - mailcious ipinfo.io(34.117.59.81) cdn.discordapp.com(162.159.134.233) - malware lop.foxesjoy.com(172.67.159.232) - malware 149.154.167.99 - mailcious 176.111.174.109 - malware 96.7.99.225 172.67.75.163 104.26.4.15 162.159.130.233 - malware 94.232.45.38 - malware 104.21.66.124 - malware 104.237.62.213 79.137.192.13 - malware 91.103.252.177 89.111.172.64 - mailcious 77.105.133.27 - mailcious 78.46.255.249 - mailcious 34.117.59.81 121.254.136.9 172.67.132.113 131.153.76.130 - mailcious	26 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io) ET INFO TLS Handshake Failure ET DROP Spamhaus DROP Listed Traffic Inbound group 8 ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO Executable Download from dotted-quad Host ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET DROP Spamhaus DROP Listed Traffic Inbound group 30 ET INFO Observed Discord Domain (discordapp .com in TLS SNI) SURICATA Applayer Mismatch protocol both directions ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING Redirect to Discord Attachment Download ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET INFO Packed Executable Download ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE RisePro TCP Heartbeat Packet ET INFO Observed Telegram Domain (t .me in TLS SNI) ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET POLICY IP Check Domain (iplogger .org in TLS SNI)	5	28.4	M	15	ZeroCERT

First
1
Last
Total : 1cnts