Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2024-10-12 18:51	eTtB15lCedJYw3r.exe 3a53cf89d9ecac1bd67359b6cc9e722c .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself ComputerName					2.2	M	23	ZeroCERT

2	2024-10-12 11:29	Um9L61WgOApLFKJ.exe 3f6058dbb64084df7f3da0a1cb23a872 Generic Malware Malicious Library .NET framework(MSIL) Antivirus DNS AntiDebug AntiVM PE File .NET EXE PE32 Malware download Nanocore Cobalt Strike NetWireRC VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows RAT ComputerName DNS Cryptographic key DDNS		2	5		13.4	M	24	ZeroCERT

3	2024-10-12 09:36	tIelklVKfumqUfa.exe 75893771b8664b9e896e38274c6a052d Generic Malware Malicious Library .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Telegram suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	6	9 Info ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET HUNTING Telegram API Domain in DNS Lookup ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check		14.6	M	27	ZeroCERT

4	2024-10-12 09:35	aeGTitPRCz9BKKQ.exe 0d1ae777c0410769dae40033758321b9 Generic Malware Malicious Library .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Telegram suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	6	9 Info ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI ET HUNTING Telegram API Domain in DNS Lookup		16.0	M	41	ZeroCERT

First
1
Last
Total : 4cnts