Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2021-08-27 16:03	XssVEsUTA4UMkp4.exe 4adabacc6bf40958b67967c7af0e3491 RAT PWS .NET framework Generic Malware PSW Bot LokiBot ZeusBot AntiDebug AntiVM PE File .NET EXE PE32 Malware download VirusTotal Malware IoC AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName DNS Cryptographic key	3 Keyword trend analysis	3	2		14.8	M	19	ZeroCERT

2	2021-08-27 16:01	Ne82jq7vKJ7NcDn.exe 7852a7b27bdb9d5120ca3fa917d7f9ca RAT PWS .NET framework Generic Malware PSW Bot LokiBot ZeusBot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk suspicious TLD WriteConsoleW VM Disk Size Check Tofsee Windows ComputerName DNS Cryptographic key	3 Keyword trend analysis	2	2		13.8	M	27	ZeroCERT

3	2021-08-27 15:57	odinakazx.exe 8e6f8cd375efaba9d88c2930af3dc10e RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key	10 Keyword trend analysis Info http://www.saradiba.com/9t6k/?Q2M=SaAIu3lDcv+vsCPEIS9ktArTHiKz1YFeYbUTdQKH4UquSylUrUTL+fcGQi1rQUC7DYHomt5O&D81d7=Abihu4dh7n2x1dkp http://www.urne24.online/9t6k/?Q2M=XEZUsmhefmfw3QKQE5ZrpuI8N7oVWrtY0zr9qFGtaUataE1TE0DCRND7FOKibblEWaB5niCz&D81d7=Abihu4dh7n2x1dkp http://www.schoolphysician.com/9t6k/?Q2M=aZxCmALwA5R5+eIwzrzpi1QpWfsvyjuzp/cxNNZ9Jwezj0NN8vNJ2pHGntbNv+WmK2oIJIQQ&D81d7=Abihu4dh7n2x1dkp http://www.prosgra.com/9t6k/?Q2M=YfuNKs3Bp4F47rpu49Idp1lfSZU1BgghPs0n2TaEVn9WjWyXIXXb35zMgdSBzSSQ/y+/7+Gc&D81d7=Abihu4dh7n2x1dkp http://www.duancanhoastralcity.com/9t6k/?Q2M=1USpb1Bk7NLatI5NohBEA9PujVfNP1PKGiDc81iHBltTqKOkZ5Hh2NRwQh24DsrsAEaWcebH&D81d7=Abihu4dh7n2x1dkp http://www.bergenfiel.com/9t6k/?Q2M=s8oaEA8cRNw5vMBu8Wk/8KdaqRJ5o00PvD4f6j6ZUxj7LCZqhH83R1BxbYpwJodvEKoz6erO&D81d7=Abihu4dh7n2x1dkp http://www.gsmits.com/9t6k/?Q2M=DHXsxYVj36jYo9XSI0k8aBI122PK8jbY2KWdAli3CiKs+89pIe70JNlIpSp++nfgfBz+S8aX&D81d7=Abihu4dh7n2x1dkp http://www.360453.com/9t6k/?Q2M=MXszZjiL5m8KYwVoSSySw2FqEqiBnWUcZ0I4A0KIaxlfgU1OBx983PfdxSJageOZ61F/gpnc&D81d7=Abihu4dh7n2x1dkp http://www.aattonline.com/9t6k/?Q2M=aJf7vz7Dx/mfgwFQoEPDi39K9rl7e15T/XCFbiUDsI43rh1ubaT7oKUwDh9OfXBPQgY/TkJX&D81d7=Abihu4dh7n2x1dkp http://www.dheeclinical.com/9t6k/?Q2M=zn2Kb1z3vtYkfsTCUqtcWPMExFY7OxSYFyUydnPl9DXioHsibwlGw2F9p0OONFz0CLg9SXRH&D81d7=Abihu4dh7n2x1dkp	22 Info www.duancanhoastralcity.com(54.169.219.94) www.saradiba.com(156.225.32.15) www.schoolphysician.com(208.109.65.254) www.gsmits.com(34.98.99.30) www.dheeclinical.com(172.67.129.175) www.urne24.online(89.31.143.1) www.cpsolivera.com(166.88.88.81) www.360453.com(103.110.62.64) www.bergenfiel.com(192.187.111.219) www.prosgra.com(47.89.240.186) www.aattonline.com(165.3.91.100) 166.88.88.81 208.109.65.254 89.31.143.1 - mailcious 103.110.62.64 54.169.219.94 165.3.91.100 47.89.240.186 192.187.111.219 - mailcious 156.225.32.15 104.21.1.179 34.98.99.30 - phishing	2		8.0	M	35	ZeroCERT

4	2021-08-27 15:42	bigshoezx.exe 61e17d354f8529a203207e491cab779e RAT PWS .NET framework Generic Malware Malicious Packer Malicious Library SSL DNS Socket SMTP Escalate priviledges KeyLogger Internet API ScreenShot Dynamic Dns persistence AntiDebug AntiVM PE File .NET EXE PE32 JPEG Format DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Check virtual network interfaces AppData folder malicious URLs IP Check Tofsee Windows Browser Advertising Google Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	7 Keyword trend analysis Info http://xred.site50.net/syn/SSLLibrary.dll http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 http://checkip.dyndns.org/ https://freegeoip.app/xml/175.208.134.150 https://www.dropbox.com/s/dl/fzj752whr3ontsm/SSLLibrary.dll https://www.000webhost.com/migrate?static=true https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1	18 Info mail.nclanka.lk(162.214.77.81) www.000webhost.com(104.19.185.120) checkip.dyndns.org(132.226.247.73) freedns.afraid.org(69.42.215.252) freegeoip.app(104.21.19.200) xred.site50.net(153.92.0.100) docs.google.com(172.217.26.46) - mailcious xred.mooo.com() www.dropbox.com(162.125.84.18) - mailcious 95.181.157.213 162.214.77.81 153.92.0.100 - mailcious 172.217.26.46 - mailcious 104.19.185.120 69.42.215.252 172.67.188.154 158.101.44.242 162.125.84.18	8 Info ET INFO DYNAMIC_DNS Query to .dyndns. Domain ET POLICY External IP Lookup - checkip.dyndns.org SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA Applayer Detect protocol only one direction ET INFO DYNAMIC_DNS Query to Abused Domain .mooo.com SURICATA SMTP invalid reply ET POLICY Dropbox.com Offsite File Backup in Use ET HUNTING Suspicious User-Agent Containing .exe		21.6	M	31	ZeroCERT

First
1
Last
Total : 4cnts