Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
9181	2021-03-08 09:11	A4ge7vE97nKzwZk.exe 4bf1d28524782e3de6d241c2bb625b5e Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces malicious URLs installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	1		15.2		38	ZeroCERT

9182	2021-03-08 09:03	A4ge7vE97nKzwZk.exe 4bf1d28524782e3de6d241c2bb625b5e Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces malicious URLs installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	1		14.2		38	ZeroCERT

9183	2021-03-06 19:03	updatewin.exe 9010fa92cc83afe00fab38703e6ffa77 VirusTotal Malware suspicious privilege Malicious Traffic unpack itself malicious URLs Tofsee DNS	1 Keyword trend analysis	2	2	1	4.0	M	58	ZeroCERT

9184	2021-03-06 18:28	5.exe 6a50d5e91b193be284aa02106ee35e97 VirusTotal Malware malicious URLs Tofsee crashed		2	1		2.2	M	58	ZeroCERT

9185	2021-03-06 09:21	http://goaqaba.com/ccwidd/4426... d41d8cd98f00b204e9800998ecf8427e VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	2		5.2	M		ZeroCERT

9186	2021-03-06 09:20	8.iosssappp.exe df60756a8e33b721b357bd7242f4881a Dridex TrickBot VirusTotal Malware Report suspicious privilege Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Kovter ComputerName DNS crashed	1 Keyword trend analysis	4	3		6.6	M	18	ZeroCERT

9187	2021-03-05 13:51	PO_2287_Scanned.pdf.exe efa6aa4c9687bdefad45af4771bf5ad5 VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs Tofsee Windows DNS	1 Keyword trend analysis	3	1		13.6	M	26	ZeroCERT

9188	2021-03-05 13:50	PI_1037_Scanned_0547.pdf.exe 37997ca39c9a900255366c354ca2ebbb VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs Tofsee Windows	1 Keyword trend analysis	3	1		8.4	M	21	ZeroCERT

9189	2021-03-05 13:39	MARBLE-SAMPLE-PICTURES.exe 81d474f480901c0244d0d90e88da15f4 Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection buffers extracted Creates executable files RWX flags setting unpack itself malicious URLs Tofsee Windows Remote Code Execution DNS	1 Keyword trend analysis	4	1		10.8		34	ZeroCERT

9190	2021-03-04 11:16	march loki.exe 5a4946a36347f1caa46109245b2b95c5 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Tofsee Windows	1 Keyword trend analysis	2	1		11.0	M	35	ZeroCERT

9191	2021-03-04 10:56	139my-6.5.exe 9804ed103792d5c7db767fa5e1876013 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Detects VMWare AppData folder malicious URLs WriteConsoleW VMware Tofsee Interception Windows Exploit DNS crashed	11 Keyword trend analysis Info http://www.139my.com/images/bg_91my.jpg http://www.139my.com/favicon.ico http://www.139my.com/images/footer_91my.jpg http://www.139my.com/Index_img/1Index_c1_r5.jpg http://www.139my.com/ http://www.139my.com/images/bg2.jpg http://www.139my.com/images/banner_91my.jpg http://www.139my.com/Index_Top/New_Au.css http://hi.baidu.com/139my139my/blog/item/ed869ea73e60a2ee37d3ca18.html https://c.cnzz.com/core.php?web_id=1277040139&t=z https://s5.cnzz.com/z_stat.php?id=1277040139&web_id=1277040139	15 Info c.cnzz.com(222.188.8.250) www.178stu.com(103.133.95.9) wg.400wg.com() s5.cnzz.com(222.188.8.250) hi.baidu.com(183.232.231.225) - mailcious www.139my.com(103.133.92.211) cnzz.mmstat.com(205.204.101.182) z9.cnzz.com(203.119.129.115) 183.232.231.225 218.94.207.228 103.133.95.9 106.11.251.20 222.188.8.250 103.133.92.211 106.11.84.7	1		12.2	M	37	ZeroCERT

9192	2021-03-03 13:43	Zbfuzznn.exe 6de779f5005c94b57b3d8c72765d9f40 VirusTotal Malware Buffer PE AutoRuns Code Injection Check memory buffers extracted Creates executable files RWX flags setting unpack itself malicious URLs Tofsee Windows Remote Code Execution	1 Keyword trend analysis	2	1		10.4	M	24	ZeroCERT

9193	2021-03-03 13:35	SPE_010_317_041.pdf.exe 25e061381c6e2503e84950f3c76b3c3e Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4		16.0	M	28	ZeroCERT

9194	2021-03-03 11:43	8.buddy.exe 25396a0ab1c93e8505b3f7e56ba2f0e1 Dridex TrickBot VirusTotal Malware Report suspicious privilege Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself Check virtual network interfaces malicious URLs Kovter ComputerName DNS crashed	1 Keyword trend analysis	8	7 Info ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) ET CNC Feodo Tracker Reported CnC Server group 7 ET CNC Feodo Tracker Reported CnC Server group 3 ET CNC Feodo Tracker Reported CnC Server group 2 ET CNC Feodo Tracker Reported CnC Server group 17 ET CNC Feodo Tracker Reported CnC Server group 1		8.0	M	15	ZeroCERT

9195	2021-03-03 10:23	setup_2-2.exe 0d93d4c4e466675bca3fb9705654e9c7 VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself malicious URLs AntiVM_Disk suspicious TLD VM Disk Size Check installed browsers check Tofsee Ransomware Browser ComputerName DNS	1 Keyword trend analysis	4	3		7.8	M	23	ZeroCERT

First
Previous
611
612
613
614
615
616
617
618
619
620
Next
Last
Total : 10,230cnts