Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
2026	2020-10-13 09:18	jesu.exe 0bad1c2742b051a7faceb9dfee896986 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Windows Browser Email ComputerName Cryptographic key Software crashed					6.6	M	22	guest

2027	2020-10-13 09:28	starg.exe d65cc6dea6345e91547eae7a12c7a204 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Ransomware Windows Tor ComputerName Cryptographic key crashed					13.0	M	25	guest

2028	2020-10-13 09:29	magi.jpg.exe 6f09c7f423232ef509f90e66b1146a50 VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key	3 Keyword trend analysis	2	1		16.6	M	34	guest

2029	2020-10-13 09:30	evapicturesetup-4858.exe 03417211431d04bce8d68d62c0ca2543 VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself AppData folder malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check installed browsers check Windows Browser ComputerName DNS	10 Keyword trend analysis Info http://config.zcjczj.cn/upgrade/evapicture/InfoDes.json http://con2.zcjczj.cn/evapicture4858.xml http://info.zcjczj.cn/4858.html http://api.zcjczj.cn/port.php?redata=Xyoxq2DlH4jt%2FtRxws4nz%2BTI%2Bcs0o64QgOx9Wp5CdBkahaPL%2FHfZ%2FSmC4cIeY22y8kqsr8uYHr32T2%2FMOk0UKWjg33HMjcGcwqraYVB1bhKot77GXEpDGT7Z7i9AplUsTYyJBS185GXX78FD4u6s%2F6ukvyct%2F7XR40Smo48oh5pN3RUVfQZSHzbSFGKhmuyg%2BQ%2F7KFIv1gHz4rFScb0Pqg%3D%3D&verify=266296f875337984bb9f558adf655d49&time=1602557160&ver1.0.0.1&act=1 http://config.zcjczj.cn/upgrade/evapicture/Updatebz.json http://api.zcjczj.cn/portb.php?redata=Xyoxq2DlH4jt%2FtRxws4nz%2BsHCHzuOOy9ZkexX1rM%2BYYcA6Jff39XAyO5Ngyx8RtggkTc3mRQzfeY7wg7kjjOedKd0wIzocZ4Ts61brpBMFhZzJBTGarFo%2Bhf3karOc6w1mSifQ3DIC3EtnmZ0bYf9A%3D%3D&verify=773adc30a799ade97cb9d006fcdf1952&time=1602557160&ver1.0.0.1 http://api.zcjczj.cn/port.php?redata=Xyoxq2DlH4jt%2FtRxws4nz78u17x%2BboYEIT1eWSQPAk1UHoeTdFd8Prhvhpz6%2BT%2FRXdXpIoLLRPBR0TiQDhNWr7wP24L5Br623wSFSsiu9KZba4KfWBC9TaBX8B%2FAVGYGAdqY6jIXs1bgSSZh461YdXn27obdrhe4lcXTZC0bJBvWQlIQUNA97dJBITVu%2FQQGy0qZgG543NyoFU77suVLbQ%3D%3D&verify=e6bee07895b4dfb6635b7c80ae375eae&time=1602557165&ver1.0.0.1&act=2 http://api.zcjczj.cn/port.php?redata=Xyoxq2DlH4jt%2FtRxws4nz4ezSSpqeudcZiqv1qFMmEay4pprDkT9puVxnRzw%2B1H6uQDJfapvCiBkyonhGXs7CJkfmNmm%2BCZ8%2FOqtK11%2FloCsqfWLWx7eDUeNWs2TrSw1kh6rdTpaBnPFmXrj1%2BbIW37r0Q8to7DCcGu9xh28IemcgZV%2FPzdfl0b8lN3M6tbzLHSb%2BvKVY1XQ%2F4MkV5aynQ%3D%3D&verify=29f61217c8d015d3854ca9d0199722af&time=1602557200&ver1.0.0.1&act=1 http://pv.sohu.com/cityjson http://ip.ws.126.net/ipquery	6			10.4	M	39	guest

2030	2020-10-13 09:50	svcguard.exe 3306d593ebf57425ec38bc5fbe400d06 VirusTotal Malware malicious URLs					3.0	M	20	guest

2031	2020-10-13 09:50	Xehmigm.exe 9f1f5ecb148e6e648a6a2466b29f7f2d Browser Info Stealer LokiBot Emotet Malware download FTP Client Info Stealer VirusTotal Malware c&c Buffer PE suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory buffers extracted RWX flags setting unpack itself malicious URLs installed browsers check Interception Browser ComputerName DNS Software	2 Keyword trend analysis	3	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		16.0	M	19	guest

2032	2020-10-13 09:50	cr.exe d39be521d865df3ab5f3142e22427167 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Tofsee Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed keylogger	2 Keyword trend analysis	2	1		12.2		27	guest

2033	2020-10-13 10:11	de.exe 1bdf4969e039dce5e33bc0322e5cea21 VirusTotal Malware Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs crashed					4.4	M	50	guest

2034	2020-10-13 10:23	47694201-20200919-YB449177.doc 4c99a6917c48b0dc5f30045683c43840 ENERGETIC BEAR Vulnerability VirusTotal Malware Report Malicious Traffic unpack itself malicious URLs Tofsee Windows DNS	1 Keyword trend analysis	8	8 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET CNC Feodo Tracker Reported CnC Server group 19 ET CNC Feodo Tracker Reported CnC Server group 24 ET CNC Feodo Tracker Reported CnC Server group 11 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET CNC Feodo Tracker Reported CnC Server group 17		6.8		42	guest

2035	2020-10-13 11:16	0810.gif.exe ca26ad3cfd67703c3e7a4855407725b5 VirusTotal Malware unpack itself malicious URLs WriteConsoleW ComputerName					3.0		46	guest

2036	2020-10-13 11:17	11411.xlsb 82d081156241d64397f065631a75ae80 Malware download VirusTotal Malware Creates executable files unpack itself malicious URLs Windows DNS Downloader	1 Keyword trend analysis	1	3		6.0		20	admin

2037	2020-10-13 11:17	27603.xlsb 411c832c81fcff7f4de125a18d59c7f2 Malware download VirusTotal Malware Creates executable files unpack itself malicious URLs Windows DNS Downloader	1 Keyword trend analysis	1	3		5.8		16	guest

2038	2020-10-13 11:18	31811.xlsb 77227bdd7ca19a8d74919d8668447a02 Malware download VirusTotal Malware Creates executable files unpack itself malicious URLs Windows DNS Downloader	1 Keyword trend analysis	1	3		5.8		16	guest

2039	2020-10-13 11:21	0810.gif.exe ca26ad3cfd67703c3e7a4855407725b5 VirusTotal Malware unpack itself WriteConsoleW ComputerName					2.2	M	46	admin

2040	2020-10-13 11:22	http://www.advisertours.com/08... ca26ad3cfd67703c3e7a4855407725b5 Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed	3 Keyword trend analysis	2	4		5.0	M	46	admin

First
Previous
131
132
133
134
135
136
137
138
139
140
Next
Last
Total : 48,231cnts