Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
3691	2020-12-11 09:02	https://bak0-store.com/cfg/3.d... f0cd43674b0d3acd51027faed428f39c VirusTotal Malware Tofsee	2 Keyword trend analysis	2	1		0.8		10	ZeroCERT

3692	2020-12-11 10:33	sorv.png.exe 4b4b4f795f03dd4bd84759cf7da0eae9 VirusTotal Malware PDB unpack itself malicious URLs ComputerName DNS					3.2	M	39	ZeroCERT

3693	2020-12-11 10:34	googlechrome_3843.exe c9aba0e418f93cfbe9bd12bb7757df94 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName					10.4		47	ZeroCERT

3694	2020-12-11 10:49	vbc.exe 59791e3f4e0d6b47cb8ed51c9ebf5708 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS					11.0	M	49	ZeroCERT

3695	2020-12-11 10:50	tyd5o0iynmhcl.jpeg.exe 1e2f620d3f4e47a4b43e72b3645f73ec VirusTotal Malware Check memory heapspray unpack itself Java					2.8	M	9	ZeroCERT

3696	2020-12-11 11:02	vbc2.exe b27e14119c9ec903014300caff12f6bf VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName Cryptographic key crashed					11.4	M	42	ZeroCERT

3697	2020-12-11 11:23	coxk8.exe c226055b158c763deb6e8c12210e6a3a unpack itself					1.2			r0d

3698	2020-12-11 11:34	3.dotm f0cd43674b0d3acd51027faed428f39c VirusTotal Malware unpack itself malicious URLs					3.0	M	10	ZeroCERT

3699	2020-12-11 11:34	FWSoOkisTysdyTr.exe 1170578f5b1ba09cd66681ec545a65d2 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Software		1			14.8	M	20	ZeroCERT

3700	2020-12-11 11:42	svchost.exe ea5a8d3c78da8dff27c17d36e97e8c81 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Creates shortcut unpack itself suspicious process AntiVM_Disk VM Disk Size Check installed browsers check Tofsee Browser Email ComputerName Trojan DNS Software	1 Keyword trend analysis	4	11 Info ET INFO DNS Query for Suspicious .ga Domain SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		7.0	M	5	ZeroCERT

3701	2020-12-11 11:42	soft.exe 6fdb7328d15d2ee2ad9f6b072054a7be VirusTotal Malware Malicious Traffic Check memory Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows DNS	2 Keyword trend analysis	2			6.6	M	58	ZeroCERT

3702	2020-12-11 12:15	win32.exe 9194a15c419ca38f3a7801503b8650ea Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Trojan DNS Software	1 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	14.0	M	37	ZeroCERT

3703	2020-12-11 12:15	vbc.exe 57f70f5f34b309b444bc08eb765e353e Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Software		1			13.8	M	39	ZeroCERT

3704	2020-12-11 17:50	svchost.exe ea5a8d3c78da8dff27c17d36e97e8c81 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Creates shortcut unpack itself suspicious process malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Tofsee Browser Email ComputerName DNS Software		4	2		8.2	M	18	r0d

3705	2020-12-11 18:35	7eCddpJGSBLnWFD.exe a9c4a016d08ff940dfc11c0742131c79 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4		11.6	M	20	ZeroCERT

First
Previous
241
242
243
244
245
246
247
248
249
250
Next
Last
Total : 48,320cnts