Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2024-07-24 07:22	server.exe fea9e6588163a319883a3b4d9b1f48fe Hide_EXE Generic Malware Downloader Antivirus Create Service Socket DGA ScreenShot Escalate priviledges PWS Sniff Audio SMTP DNS Code injection Internet API KeyLogger Anti_VM AntiDebug AntiVM PE File .NET EXE PE32 Lnk Format GIF Format VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process AppData folder malicious URLs Windows ComputerName Cryptographic key crashed keylogger		2	1		15.8	M	59	guest

2	2022-10-23 12:09	server.exe fea9e6588163a319883a3b4d9b1f48fe PWS[m] RAT NPKI Gen1 Hide_EXE Generic Malware Downloader Anti_VM Antivirus Malicious Packer UPX Malicious Library ScreenShot Create Service DGA Socket DNS SMTP Internet API Code injection Sniff Audio KeyLogger Escalate priviledges AntiDebug AntiVM PE32 .N Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Telegram Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself suspicious process AppData folder malicious URLs WriteConsoleW Tofsee Ransomware BitRAT Windows Browser Email ComputerName DNS Cryptographic key Software keylogger Password		6	6 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (BitRAT) ET HUNTING Telegram API Domain in DNS Lookup ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET POLICY XenArmor Password Recovery License Check		21.8	M	25	ZeroCERT

3	2022-10-23 11:55	Rckjlz.exe 54e5e90fbafdf6f051f2c89da50a4b95 PWS[m] RAT Generic Malware Downloader Antivirus Anti_VM Code injection Create Service DGA Socket ScreenShot DNS SMTP Internet API Sniff Audio KeyLogger Escalate priviledges AntiDebug AntiVM PE32 .NET EXE PE File GIF Format Malware download VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs AntiVM_Disk VM Disk Size Check BitRAT Windows ComputerName Cryptographic key crashed keylogger	2 Keyword trend analysis	4	11 Info ET MALWARE PE EXE or DLL Windows file download disguised as ASCII ET MALWARE PE EXE or DLL Windows file download Text M2 ET HUNTING [TW] Likely Hex Executable String ET INFO Executable Download from dotted-quad Host ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET SHELLCODE Common 0a0a0a0a Heap Spray String SSLBL: Malicious JA3 SSL-Client Fingerprint detected (BitRAT)		15.0		20	ZeroCERT

4	2022-10-23 11:55	install.exe 9628afc9116db52960422b598996d19f PWS[m] RAT Generic Malware Downloader Antivirus Anti_VM Create Service DGA Socket ScreenShot DNS SMTP Internet API Code injection Sniff Audio KeyLogger Escalate priviledges AntiDebug AntiVM PE32 .NET EXE PE File GIF Format Malware download VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process malicious URLs AntiVM_Disk VM Disk Size Check BitRAT Windows ComputerName DNS Cryptographic key keylogger	2 Keyword trend analysis	5	11 Info ET MALWARE PE EXE or DLL Windows file download disguised as ASCII ET MALWARE PE EXE or DLL Windows file download Text M2 ET HUNTING [TW] Likely Hex Executable String ET INFO Executable Download from dotted-quad Host ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (BitRAT) ET SHELLCODE Common 0a0a0a0a Heap Spray String		15.0	M	30	ZeroCERT

First
1
Last
Total : 4cnts