Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1681	2020-09-09 14:48	45141-1-dwg.exe 5cd227fba2588fda12f796a48b9820a1 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed					13.8		43	admin

1682	2020-09-09 16:28	rocky.exe 88f57c6bdaf928f966e6eb3af3a76754 Malware download Azorult VirusTotal Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger unpack itself malicious URLs Tofsee ComputerName DNS crashed	3 Keyword trend analysis	1	2		5.6		21	admin

1683	2020-09-09 16:30	Invoice.doc ebce1c0994dcafe4f1d61ba700384f62 VirusTotal Malware buffers extracted unpack itself malicious URLs					3.6	M	23	admin

1684	2020-09-09 16:34	smileycryp.exe 69a49bdb06b9bfd1caac9134189712d5 VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization					2.4	M	23	admin

1685	2020-09-09 16:34	cjcry.exe c81aa84184c65eb076884a70ab78e9c0 VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization					2.6	M	39	admin

1686	2020-09-09 16:38	linkscry.exe e85c736613726f5253e17817a1513055 VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization					2.8	M	41	admin

1687	2020-09-09 16:41	190219 KOPA19021312zip.exe 5f9d278f8a75ecc772990a4dcd816963 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities Checks Bios Detects VirtualBox suspicious process malicious URLs WriteConsoleW VMware anti-virtualization Windows Browser Email ComputerName Cryptographic key Software crashed					16.2		16	admin

1688	2020-09-09 16:41	Offer-ART200904-20phz.exe 39f083bf241eb90c900c26460e25fa6c Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed					13.8		11	admin

1689	2020-09-09 16:45	Offer-ART200904-20phz.exe 39f083bf241eb90c900c26460e25fa6c Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed					13.2		11	admin

1690	2020-09-09 16:45	no6 punch stripper.exe 5cd227fba2588fda12f796a48b9820a1 VirusTotal Malware Check memory Checks debugger unpack itself					2.4		43	admin

1691	2020-09-09 16:49	win32.vbs 7b0cb55597567f179e36baaea872775d VirusTotal Malware VBScript powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI heapspray wscript.exe payload download Creates shortcut ICMP traffic unpack itself Windows utilities Check virtual network interfaces malicious URLs WriteConsoleW Windows ComputerName DNS Cryptographic key Dropper		3			10.0		3	admin

1692	2020-09-09 16:49	PO6953593463400_Request_For_Qu... ccdd4ec72569bf8d4e4aff011f7fd3a7 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName					7.6		36	admin

1693	2020-09-09 17:02	PO9849643600442-MRQ2020_Reques... c5622cbc1895ab0a4f4d56806fee2c3e Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed					13.6		31	admin

1694	2020-09-09 18:08	owen.exe 5b8581c0ccc653c877bd5e579074c165 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed					13.6		16	admin

1695	2020-09-10 09:11	http://jizhonghua.com/ da7c707c8cc7bb49761003626ca4e974 Dridex Malware Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	7 Keyword trend analysis Info http://makemoneywithus.work/selfclicks?utm_id=10893&utm_campaign=Worldwidepop+SDX&utm_source=422320963&utm_cost=0.0016 http://clkfeed.com/adServe/feed?pid=277439&cid=294967874220200910080816&ip=175.208.134.150&q=jizhonghua.com&ref=http%3A%2F%2Fclick.com.cn&num=1&ua=Mozilla%2F5.0+%28compatible%3B+MSIE+9.0%3B+Windows+NT+6.1%3B+Win64%3B+x64%3B+Trident%2F5.0%29&ar=sr&format=jsonp&callback=jCallBack http://jizhonghua.com/ http://91.210.171.250/?NTQwMDc=&qtq&SyUKM=everyone&hdSDFSDFSDf3=m3S9KIlKuZZOQawhUaGflM0zYlZW1oT8fqmhxeDwR-diMGG_kCFUQx1z9bXUbI&iiqV=border&zqgyZv=mustard&osdDGDF45=wHbQMvXcJwDJFYPIJOXASaRBKU7SFU6VwomG_drZdYH9JHT12dzUSkrttlWaC&nBwDIVDdt=difference&sPwr=community&CBygER=irreverent&bxZRiuDpZ=disagree&Muoko=everyone&LqgY=community&QICeQ=consignment&beZw=abettor&LhFeW=irreverent&KxaMzcwOTMy http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://infopicked.com/aS/feedclick?s=Ilxxar-4JDjHYSZnQRV0rUoLXZk8gkPQWEhgdNzDmljI6j6WA_S05lIUa0Wvr2aDrtKGeLDN2bDp6O7CY8H5ouesbwTUN9D1Q57WzBF2czkWE365F5gTS3p_DRrQ0jsCiUnMKG1xv31r6HPqc5_T5XfmENYXbWzNNl6RGTsBSkmXlMFIbkj4h-5dRtHe4LmDInhMOXX2INUr8S-mOoAxZTJvkUClWGz0ENjuu7QzUsUl1BQU3BX0v099TsCiSWeeyTnvlHDIIbnzq5m41NOcQYVllt_5_p5sP61vEk36mdWJCBn5z1ZvPuoj-HsUnhSzW9SSNU-oCJEk7-tFA2kJXc0qY9xeJzIdVMrynipz3hAKkCiv8Ww0dWeh1tupCjZL66KOCDZBVG0pNUdaJo8Vc5hI7WCHjQWpFGUFClm5VIEW69oOQVbmIE94el943rXl9lDr_KGxuH8uK6TIkJ2d-aKW8UFBtGeEBTCzZ1Eq1nLosq1WyHT1dm0F0lnUrx-4SezPULxWSl_AbAHEML8ResISecZGCDLOWRopVUjg18umG9Xgtyg9oWRV2iYh3gAmQa3i54wNYAb-DScVgVFATmf0gK6DZvOUhBfsNtpIEqg6qpGCO2u35rHTeC9xy5AHhuPXZARi-4udjFBVwC6keEVMZY8gLnPYz9lVIEfnyrkoxjcaJBJS16MnluCRIHPFp2xiDSsNpRd9eS9aQwJbVMdtxr6qJw60fNTqdiq1JRhYvzgSQzJgd1qd6g4yh9Qm2NSHLf7nkV5GpoasWGjiv9rRKPueLVnS05oewM7e-IaETrClojCGNTOQ3ulOftSTFeUUbd1VKyeGd8ISq8w5dGLba1BcZ4j5a7sk1oUypySVey9DRJpCDoExltt85jJM9KlsixKby2SqtUXtW1hpQ2dmdfIdrPWppiXUgwQAm4nnSlqEHLr-ww8XDAeJf7_12IRORpMYVJ7Tt2RCu7tMxktVNw4huBGkCFY0bI4wekHZes5sMWJmUS43XbTYL3bLxSsABYJaIqd_xCNVhZlbnn7tQ5ixhcbdIwYh5RgTCbPcUD3KnM8Dd5ESjCHIa-czOR6UvQrMV3YEn3pdnGSoQhDEsBke8hQZuzPa8jv1G2rAQ85Br1mO7lvSJGI47ntvbW1YByshVQc6v7Rcw1vRjcqle7RE0e3D_qNWt4B42WsdJJsf4UlnHXBR5rwrXhHhC0VSTzbzjT41WrRNEvzzSQtyUB7eEzy9uATP5jkgOBWjirkhy68Sqm75mHfsFYyMGZbJLp6YH4efclrDhJMwPFFO2qBq2csOaBciAZB4jjk74of1Y1hh5WaXHcwFmP4q5xa3P66MFsMeFvizl9p524oX80ibd2CECBk-zXXZfyDoyGn0ZFM5uMdfr4nX20vTGh7r2i-9nTAnG00LmBllGXnaMzr4fK_SWzwPMWqk_rBUKs5kwgJm6w http://p277439.infopicked.com/adServe/domainClick?ai=8eMCpQlSself0fXdZAOZhDMfLeiJuihSNtFGgzKXZQOwzUj8CXdBg9XuZGHwNDnSCKDRxlSFy7Fyz3dieb1Lu522HuPMxa_pdRePfirJtYMCozyvMhv4-LlU-hBqlV3wbM7TR-A6o2LnrG8E1DfQ9Q6HRvyXwtB8WKd9ALxRfmAtGDmB6E48Uglt7BALO2dZ6Mhp9GRTObjHX6-J19tL05c9r3PL9gX2uVeQWWNuKrie1C82mRmZMkexhrKl8GYgqUzaeYhSjwo4wze4caGpDvAdDxfNZOFVxWfBO_Pgkf9Lj9hxf0SJk0tVfUbfcXAU2dgRsl_cISdhzavJEfo6eseVq4GY9uFdESEy041wghMrAgV2R4ubIyh-8XWjYI5uvZ0tvrAyc11VkHRUwGVzse4_hxqmBidZ34_EUBB7T3W5HBHAGI8aSz1hqTgxc2azrd0OcIEX6rmPeOjcIg01sg&ui=Ilxxar-4JDjHYSZnQRV0rY-50-QI18VbLWXp3on882KiNKxwAofaTO8BE4Jd3x7A8PdPVX5axCGjirkhy68Sqm75mHfsFYyMGZbJLp6YH4efclrDhJMwPFFO2qBq2csOQ6tup0MS_HQ&si=1&oref=d3c2837da0e02e3a4a67f0afabcb8712&rb=TqxNRUmuhLY&rr=1	6	6 Info ET EXPLOIT_KIT RIG EK URI Struct Mar 13 2017 M2 ET INFO HTTP Request to Suspicious *.work Domain ET INFO Observed DNS Query to .work TLD SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex		5.6			admin

First
Previous
111
112
113
114
115
116
117
118
119
120
Next
Last
Total : 48,230cnts