Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
346	2020-06-30 14:04	asdfg.exe b726f090cc523eaa9861ca0c9a748493 Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization installed browsers check Windows Browser Email ComputerName	20 Keyword trend analysis Info http://ademg.ug/msvcp140.dll http://ademg.ug/main.php http://ademg.ug/sqlite3.dll http://ademg.ug/nss3.dll http://ademg.ug/ http://ademg.ug/vcruntime140.dll http://ademg.ug/mozglue.dll http://ademg.ug/softokn3.dll http://ademg.ug/freebl3.dll http://gadem.ug/az2.exe https://gadem.ug/az2.exe https://ademg.ug/softokn3.dll https://ademg.ug/sqlite3.dll https://ademg.ug/freebl3.dll https://ademg.ug/mozglue.dll https://ademg.ug/msvcp140.dll https://ademg.ug/nss3.dll https://ademg.ug/vcruntime140.dll https://ademg.ug/main.php https://ademg.ug/	3			18.4		44

347	2020-06-30 14:05	asdfg.exe b726f090cc523eaa9861ca0c9a748493 Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization installed browsers check Windows Browser Email ComputerName	20 Keyword trend analysis Info http://ademg.ug/msvcp140.dll http://ademg.ug/main.php http://ademg.ug/sqlite3.dll http://ademg.ug/nss3.dll http://ademg.ug/ http://ademg.ug/vcruntime140.dll http://ademg.ug/mozglue.dll http://ademg.ug/softokn3.dll http://ademg.ug/freebl3.dll http://gadem.ug/az2.exe https://gadem.ug/az2.exe https://ademg.ug/softokn3.dll https://ademg.ug/sqlite3.dll https://ademg.ug/freebl3.dll https://ademg.ug/mozglue.dll https://ademg.ug/msvcp140.dll https://ademg.ug/nss3.dll https://ademg.ug/vcruntime140.dll https://ademg.ug/main.php https://ademg.ug/	3			18.4		44

348	2020-06-30 14:07	asdfg.exe b726f090cc523eaa9861ca0c9a748493 Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization installed browsers check Windows Browser Email ComputerName	20 Keyword trend analysis Info http://ademg.ug/msvcp140.dll http://ademg.ug/main.php http://ademg.ug/sqlite3.dll http://ademg.ug/nss3.dll http://ademg.ug/ http://ademg.ug/vcruntime140.dll http://ademg.ug/mozglue.dll http://ademg.ug/softokn3.dll http://ademg.ug/freebl3.dll http://gadem.ug/az2.exe https://gadem.ug/az2.exe https://ademg.ug/softokn3.dll https://ademg.ug/sqlite3.dll https://ademg.ug/freebl3.dll https://ademg.ug/mozglue.dll https://ademg.ug/msvcp140.dll https://ademg.ug/nss3.dll https://ademg.ug/vcruntime140.dll https://ademg.ug/main.php https://ademg.ug/	3			18.4		44

349	2020-06-30 14:11	asdfg.exe b726f090cc523eaa9861ca0c9a748493 Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization installed browsers check Windows Browser Email ComputerName	20 Keyword trend analysis Info http://ademg.ug/msvcp140.dll http://ademg.ug/main.php http://ademg.ug/sqlite3.dll http://ademg.ug/nss3.dll http://ademg.ug/ http://ademg.ug/vcruntime140.dll http://ademg.ug/mozglue.dll http://ademg.ug/softokn3.dll http://ademg.ug/freebl3.dll http://gadem.ug/az2.exe https://gadem.ug/az2.exe https://ademg.ug/softokn3.dll https://ademg.ug/sqlite3.dll https://ademg.ug/freebl3.dll https://ademg.ug/mozglue.dll https://ademg.ug/msvcp140.dll https://ademg.ug/nss3.dll https://ademg.ug/vcruntime140.dll https://ademg.ug/main.php https://ademg.ug/	3			18.4		44

350	2020-06-30 14:13	asdfg.exe b726f090cc523eaa9861ca0c9a748493 Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization installed browsers check Windows Browser Email ComputerName	20 Keyword trend analysis Info http://ademg.ug/msvcp140.dll http://ademg.ug/main.php http://ademg.ug/sqlite3.dll http://ademg.ug/nss3.dll http://ademg.ug/ http://ademg.ug/vcruntime140.dll http://ademg.ug/mozglue.dll http://ademg.ug/softokn3.dll http://ademg.ug/freebl3.dll http://gadem.ug/az2.exe https://gadem.ug/az2.exe https://ademg.ug/softokn3.dll https://ademg.ug/sqlite3.dll https://ademg.ug/freebl3.dll https://ademg.ug/mozglue.dll https://ademg.ug/msvcp140.dll https://ademg.ug/nss3.dll https://ademg.ug/vcruntime140.dll https://ademg.ug/main.php https://ademg.ug/	3			18.4		44

351	2020-06-30 14:14	asdfg.exe b726f090cc523eaa9861ca0c9a748493 Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization installed browsers check Windows Browser Email ComputerName	20 Keyword trend analysis Info http://ademg.ug/msvcp140.dll http://ademg.ug/main.php http://ademg.ug/sqlite3.dll http://ademg.ug/nss3.dll http://ademg.ug/ http://ademg.ug/vcruntime140.dll http://ademg.ug/mozglue.dll http://ademg.ug/softokn3.dll http://ademg.ug/freebl3.dll http://gadem.ug/az2.exe https://gadem.ug/az2.exe https://ademg.ug/softokn3.dll https://ademg.ug/sqlite3.dll https://ademg.ug/freebl3.dll https://ademg.ug/mozglue.dll https://ademg.ug/msvcp140.dll https://ademg.ug/nss3.dll https://ademg.ug/vcruntime140.dll https://ademg.ug/main.php https://ademg.ug/	3			18.4		44

352	2020-06-30 14:54	3e9f05acde528ea5fd7ca9d0c2af0e... b726f090cc523eaa9861ca0c9a748493 Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check human activity check installed browsers check Ransomware Windows Browser Email ComputerName DNS	34 Keyword trend analysis Info http://ademg.ug/msvcp140.dll http://ademg.ug/main.php http://ademg.ug/sqlite3.dll http://34.105.129.68/file_handler/file.php?hash=3e12d9389b984a67f2e25d1332aee3aac7bf0eb0&js=ef517d2d75a824fb5b1ce6f2d011b43d5245f9a1&callback=http://34.105.129.68/gate http://34.105.129.68/gate/libs.zip http://gadem.ug/nw.exe http://barcla.ug/index.php http://ademg.ug/nss3.dll http://ademg.ug/vcruntime140.dll http://ademg.ug/mozglue.dll http://ademg.ug/softokn3.dll http://34.105.129.68/gate/sqlite3.dll http://ademg.ug/ http://ademg.ug/freebl3.dll http://gadem.ug/rac2.exe http://gadem.ug/az2.exe http://34.105.129.68/gate/log.php https://gadem.ug/az2.exe https://ademg.ug/softokn3.dll https://ademg.ug/sqlite3.dll https://ademg.ug/freebl3.dll https://ademg.ug/mozglue.dll https://ademg.ug/msvcp140.dll https://ademg.ug/nss3.dll https://ademg.ug/vcruntime140.dll https://ademg.ug/main.php https://ademg.ug/ https://gadem.ug/rac2.exe https://barcla.ug/index.php https://34.105.129.68/gate/log.php https://34.105.129.68/gate/sqlite3.dll https://34.105.129.68/gate/libs.zip https://34.105.129.68/file_handler/file.php?hash=3e12d9389b984a67f2e25d1332aee3aac7bf0eb0&js=ef517d2d75a824fb5b1ce6f2d011b43d5245f9a1&callback=http://34.105.129.68/gate https://gadem.ug/nw.exe	7			23.4		44

353	2020-06-30 15:07	3e9f05acde528ea5fd7ca9d0c2af0e... b726f090cc523eaa9861ca0c9a748493 Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check human activity check installed browsers check Ransomware Windows Browser Email ComputerName DNS	40 Keyword trend analysis Info http://ademg.ug/ http://gadem.ug/ds1.exe http://ademg.ug/mozglue.dll http://ademg.ug/freebl3.dll http://gadem.ug/rac2.exe http://ademg.ug/sqlite3.dll http://gadem.ug/ac.exe http://gadem.ug/nw.exe http://ademg.ug/softokn3.dll http://34.105.129.68/gate/log.php http://gadem.ug/ds2.exe http://ademg.ug/vcruntime140.dll http://34.105.129.68/gate/libs.zip http://34.105.129.68/gate/sqlite3.dll http://34.105.129.68/file_handler/file.php?hash=73739f374a6dc4ccb5aba5fbbcd57d8b88c27a52&js=ec733c93ae96657879512a46c199a10686dae961&callback=http://34.105.129.68/gate http://ademg.ug/msvcp140.dll http://ademg.ug/main.php http://34.105.129.68/gate/libs.zip http://34.105.129.68/gate/libs.zip http://gadem.ug/az2.exe http://ademg.ug/nss3.dll http://barcla.ug/index.php https://gadem.ug/az2.exe https://ademg.ug/softokn3.dll https://ademg.ug/sqlite3.dll https://ademg.ug/freebl3.dll https://ademg.ug/mozglue.dll https://ademg.ug/msvcp140.dll https://ademg.ug/nss3.dll https://ademg.ug/vcruntime140.dll https://ademg.ug/main.php https://ademg.ug/ https://gadem.ug/rac2.exe https://barcla.ug/index.php https://34.105.129.68/gate/log.php https://34.105.129.68/gate/sqlite3.dll https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/file_handler/file.php?hash=73739f374a6dc4ccb5aba5fbbcd57d8b88c27a52&js=ec733c93ae96657879512a46c199a10686dae961&callback=http://34.105.129.68/gate https://gadem.ug/nw.exe https://gadem.ug/ac.exe https://gadem.ug/ds1.exe https://gadem.ug/ds2.exe	7			23.8		44

354	2020-06-30 15:22	3e9f05acde528ea5fd7ca9d0c2af0e... b726f090cc523eaa9861ca0c9a748493 Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check human activity check installed browsers check Ransomware Windows Browser Email ComputerName DNS	40 Keyword trend analysis Info http://gadem.ug/ds1.exe http://ademg.ug/mozglue.dll http://ademg.ug/freebl3.dll http://gadem.ug/rac2.exe http://ademg.ug/sqlite3.dll http://gadem.ug/ac.exe http://gadem.ug/nw.exe http://ademg.ug/softokn3.dll http://34.105.129.68/gate/libs.zip http://34.105.129.68/file_handler/file.php?hash=339ef2194750aadd17698ac9eda7ba8d3337fb39&js=8126c7c5f8600067e2fee43b9f24c665ebbe680b&callback=http://34.105.129.68/gate http://gadem.ug/ds2.exe http://ademg.ug/vcruntime140.dll http://ademg.ug/ http://34.105.129.68/gate/sqlite3.dll http://ademg.ug/msvcp140.dll http://ademg.ug/main.php http://34.105.129.68/gate/libs.zip http://34.105.129.68/gate/libs.zip http://gadem.ug/az2.exe http://ademg.ug/nss3.dll http://34.105.129.68/gate/log.php http://barcla.ug/index.php https://gadem.ug/az2.exe https://ademg.ug/softokn3.dll https://ademg.ug/sqlite3.dll https://ademg.ug/freebl3.dll https://ademg.ug/mozglue.dll https://ademg.ug/msvcp140.dll https://ademg.ug/nss3.dll https://ademg.ug/vcruntime140.dll https://ademg.ug/main.php https://ademg.ug/ https://gadem.ug/rac2.exe https://barcla.ug/index.php https://34.105.129.68/gate/log.php https://34.105.129.68/gate/sqlite3.dll https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/gate/libs.zip https://34.105.129.68/file_handler/file.php?hash=339ef2194750aadd17698ac9eda7ba8d3337fb39&js=8126c7c5f8600067e2fee43b9f24c665ebbe680b&callback=http://34.105.129.68/gate https://gadem.ug/nw.exe https://gadem.ug/ac.exe https://gadem.ug/ds1.exe https://gadem.ug/ds2.exe	7			23.8	M	44

355	2020-06-30 16:04	https://cdn1.estsecurity.com/s... f809c38f0febca37c04811e2dc51ff8e Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Windows Exploit crashed	2 Keyword trend analysis	6			4.6		1

356	2020-06-30 16:04	https://cdn1.estsecurity.com/s... f809c38f0febca37c04811e2dc51ff8e Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Windows Exploit crashed	2 Keyword trend analysis	5			4.0		1

357	2020-06-30 16:34	test.html 99cc900a9b42f261f9b677b4d1dc6e13 Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit crashed	2 Keyword trend analysis	4			4.2

358	2020-06-30 16:36	request.py 1f5a0fe476cf9c88528ccbe792552fbf malicious URLs					0.8

359	2020-06-30 18:12	vbc.exe f866deba3b9e2c4a0edacc515492f84b Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser Email ComputerName Software crashed					12.2		6

360	2020-07-01 08:40	5900785.exe 2dc4302c0d1cc5a95896b77ac1783437 VirusTotal Malware PDB					1.6		11

First
Previous
21
22
23
24
25
26
27
28
29
30
Next
Last
Total : 48,185cnts