Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
3766	2020-12-16 09:55	Speeder_1.0.0.3_qd13.exe a6d2cae21d592a602211a854dc4dc91a VirusTotal Malware suspicious privilege MachineGuid Malicious Traffic Check memory buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself AppData folder malicious URLs AntiVM_Disk VM Disk Size Check human activity check installed browsers check Tofsee Browser ComputerName DNS	45 Keyword trend analysis Info http://speedup.jiezhansifang.com/openapi/speedup/v1/getGameList.do?channelId=13 http://client.jiezhansifang.com/uploadRecord?channelId=13&localMac=94-DE-27-8C-32-74×tamp=20201216142854 http://resource-speedup.jiezhansifang.com/speedup/images/game/images/52c64bea221d0ee934ffe01795d39d4a.jpg http://resource-speedup.jiezhansifang.com/speedup/images/game/pubg.jpg http://resource-speedup.jiezhansifang.com/speedup/images/ad/ad-4.png https://client-revision.jiezhansifang.com/modules/constant/config_5cd1dcc.js https://client-revision.jiezhansifang.com/resource/images/layout_mask_98ae434.png https://client-revision.jiezhansifang.com/jzsf/oemJzAppKey.do?clientId=9FCC46B6-E59F-4D32-ADA9-7B39835687F2&reqId=1608096546335 https://client-revision.jiezhansifang.com/jzsf/oemJzAppKey.do?clientId=9FCC46B6-E59F-4D32-ADA9-7B39835687F2&reqId=1608096546332 https://client-revision.jiezhansifang.com/modules/util/wxLogin_feabe64.js https://client-revision.jiezhansifang.com/modules/util/helper_31ef72e.js https://res.wx.qq.com/connect/zh_CN/htmledition/js/jquery.min3696b4.js https://client-revision.jiezhansifang.com/modules/app/index_c47f623.js https://hm.baidu.com/hm.js?8603659db96c7aa11111e7d2cf361c4e https://client-revision.jiezhansifang.com/modules/util/disableScale_ad56695.js https://client-revision.jiezhansifang.com/resource/js/conf/mod-conf_c04f440.js https://client-revision.jiezhansifang.com/resource/css/qrcode.css https://client-revision.jiezhansifang.com/resource/css/client_z.png https://client-revision.jiezhansifang.com/modules/pkg/conf_db4e6ed.js https://client-revision.jiezhansifang.com/modules/pkg/coms_950264e.js https://client-revision.jiezhansifang.com/resource/js/modjs/1.0.13/mod_0f4920e.js https://client-revision.jiezhansifang.com/authInfo?clientId=9FCC46B6-E59F-4D32-ADA9-7B39835687F2&reqId=1608096546331 https://open.weixin.qq.com/connect/qrconnect?appid=wxaaa8da95fe65628e&scope=snsapi_login&redirect_uri=https%3A%2F%2Freg.jiezhansifang.com%2Fthirdparty%2Fwechat%2Fcallback.do&state=83ab9561022ec376dd0d18f99888529d&login_type=jssdk&self_redirect=true&style=undefined&href=https://client-revision.jiezhansifang.com/resource/css/qrcode.css https://client-revision.jiezhansifang.com/modules/pkg/page-common_ea1051e.js https://client-revision.jiezhansifang.com/resource/css/client.css https://client-revision.jiezhansifang.com/modules/util/channel_5c9966b.js https://client-revision.jiezhansifang.com/modules/pkg/lib_c4b765a.js https://lp.open.weixin.qq.com/connect/l/qrconnect?uuid=091dIIJr1ugJFa19&_=1608096569904 https://lp.open.weixin.qq.com/connect/l/qrconnect?uuid=091dIIJr1ugJFa19&_=1608096569905 https://lp.open.weixin.qq.com/connect/l/qrconnect?uuid=091dIIJr1ugJFa19&_=1608096569906 https://lp.open.weixin.qq.com/connect/l/qrconnect?uuid=091dIIJr1ugJFa19&_=1608096569907 https://hm.baidu.com/hm.gif?kb=0&cc=1&ck=1&cl=24-bit&ds=1024x768&vl=434&et=0&fl=13.0&ja=1&ln=ko&lo=0&rnd=1178776312&si=8603659db96c7aa11111e7d2cf361c4e&su=https%3A%2F%2Fclient-revision.jiezhansifang.com%2F%3Fclient%3Dxm%26qd%3D13%23login&v=1.2.80&lv=1&api=6_0&sn=64253&r=0&ww=17&ct=!!&u=https%3A%2F%2Fclient-revision.jiezhansifang.com%2F&tt=%E5%8A%A0%E9%80%9F%E5%99%A8 https://reg-saas.whweidu.com/thirdparty/wechat/login/qrcode/get.do?clientId=9FCC46B6-E59F-4D32-ADA9-7B39835687F2&appKey=a22c30c4c6dd4316a189cfe47c91571b&callbackURI=https%3A%2F%2Fclient-revision.jiezhansifang.com%2Fjzsf%2FoemLoginCallback&callback=jQuery19107494205348593246_1608096546333&reqId=1608096546334 https://lp.open.weixin.qq.com/connect/l/qrconnect?uuid=091dIIJr1ugJFa19&_=1608096569903 https://lp.open.weixin.qq.com/connect/l/qrconnect?uuid=091dIIJr1ugJFa19&_=1608096569908 https://reg-saas.whweidu.com/thirdparty/wechat/login/qrcode/get.do?clientId=9FCC46B6-E59F-4D32-ADA9-7B39835687F2&appKey=a22c30c4c6dd4316a189cfe47c91571b&callbackURI=https%3A%2F%2Fclient-revision.jiezhansifang.com%2Fjzsf%2FoemLoginCallback&callback=jQuery19107494205348593246_1608096546336&reqId=1608096546337 https://hm.baidu.com/hm.gif?kb=0&cc=1&ck=1&cl=24-bit&ds=1024x768&vl=434&et=0&fl=13.0&ja=1&ln=ko&lo=0&rnd=77078479&si=8603659db96c7aa11111e7d2cf361c4e&su=https%3A%2F%2Fclient-revision.jiezhansifang.com%2F&v=1.2.80&lv=1&api=4_0&sn=64253&r=0&ww=17&ct=!!&u=https%3A%2F%2Fclient-revision.jiezhansifang.com%2F%23login&tt=%E5%8A%A0%E9%80%9F%E5%99%A8 https://client-revision.jiezhansifang.com/?client=xm&qd=13 https://open.weixin.qq.com/connect/qrcode/091dIIJr1ugJFa19 https://client.jiezhansifang.com/uploadRecord?channelId=13&localMac=94-DE-27-8C-32-74×tamp=20201216142854 https://open.weixin.qq.com/connect/qrconnect?appid=wxaaa8da95fe65628e&scope=snsapi_login&redirect_uri=https%3A%2F%2Freg.jiezhansifang.com%2Fthirdparty%2Fwechat%2Fcallback.do&state=3e5a8d4ab7b80ec3521f7c047e96ff8a&login_type=jssdk&self_redirect=true&style=undefined&href=https://client-revision.jiezhansifang.com/resource/css/qrcode.css https://res.wx.qq.com/connect/zh_CN/htmledition/style/impowerApp45a337.css https://client-revision.jiezhansifang.com/modules/pkg/page-login_7fc304f.js https://client-revision.jiezhansifang.com/resource/images/layout_bg-theme-1_632e2ef.png https://client-revision.jiezhansifang.com/modules/util/track_587265c.js	16 Info reg-saas.whweidu.com(47.114.110.100) lp.open.weixin.qq.com(203.205.232.67) client-revision.jiezhansifang.com(58.216.9.68) res.wx.qq.com(150.109.206.166) reg.jiezhansifang.com(47.114.110.100) client.jiezhansifang.com(58.216.9.68) resource-speedup.jiezhansifang.com(58.216.9.68) hm.baidu.com(103.235.46.191) - mailcious speedup.jiezhansifang.com(58.216.9.68) open.weixin.qq.com(203.205.239.172) 203.205.234.140 58.216.9.68 203.205.239.171 103.235.46.191 - mailcious 150.109.206.154 47.114.110.100	1		10.6	M	13	ZeroCERT

3767	2020-12-16 10:37	vbc.exe ebc762f4d1d6557fcfb73fc7eb1d5b7a Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	14.2	M	46	ZeroCERT

3768	2020-12-16 10:37	win32.exe f4fccdb6286107ca3592406e356a6b5e Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName Trojan DNS Software	1 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	15.0	M	38	ZeroCERT

3769	2020-12-16 11:06	XokBnqWMZ4B9pbd.exe e9dbec32351a5bd0a3f94b8314e4d958 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser Email ComputerName DNS Software		1			17.6	M	43	ZeroCERT

3770	2020-12-16 12:23	1312.gif.1.exe b2a9a4e1656bdb5749de4f228dc9f307 VirusTotal Malware					1.8	M	41	ZeroCERT

3771	2020-12-16 12:23	1SystemWindows.exe d100a087bc378ea7fb3afc39bc164984 VirusTotal Malware PDB Malicious Traffic Check memory Checks debugger unpack itself Tofsee Windows DNS	4 Keyword trend analysis Info http://r7---sn-3u-bh2lz.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe?cms_redirect=yes&mh=Sd&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lz&ms=nvh&mt=1608088546&mv=u&mvi=7&pcm2cms=yes&pl=18&shardbypass=yes http://redirector.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe https://update.googleapis.com/service/update2?cup2key=10:785814653&cup2hreq=d24eedb90b0e27ebe0b6054a63c6cfca8e31297d6eb8148ac15b766c4c760631 https://update.googleapis.com/service/update2	2	4		3.8	M	39	ZeroCERT

3772	2020-12-16 12:50	http://54.169.255.180/.cache/A... ff1f1a2332f563aebf955780642344f1 Dridex VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	6 Info ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex		5.0		13	ZeroCERT

3773	2020-12-16 16:17	1312.gif.2.exe d41d8cd98f00b204e9800998ecf8427e					0.4			ZeroCERT

3774	2020-12-16 16:18	1312.gif.3.exe b2a9a4e1656bdb5749de4f228dc9f307 VirusTotal Malware DNS					2.4	M	41	ZeroCERT

3775	2020-12-16 16:23	5555555555.jpg.exe 613062734b9244597bee0607b8432e9f					1.0			ZeroCERT

3776	2020-12-16 16:23	chidu.exe 994caae4cc6731bdb8447a8b13314f68 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger					13.8	M	40	ZeroCERT

3777	2020-12-16 16:27	csrs.exe 3a94c5b0350d50bf1485156e75a82ded VirusTotal Malware Buffer PE Check memory buffers extracted Creates executable files unpack itself AppData folder malicious URLs					5.2	M	47	ZeroCERT

3778	2020-12-16 16:27	CKC.exe 7379d1bbf5b0a85cade31143413cf9e6 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs IP Check Windows ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	2	1		10.0	M	15	ZeroCERT

3779	2020-12-16 16:34	CKC.exe 7379d1bbf5b0a85cade31143413cf9e6 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs IP Check Windows ComputerName Cryptographic key crashed	1 Keyword trend analysis	2	1		9.4	M	15	ZeroCERT

3780	2020-12-16 16:35	damianox.scr b41a91991dcb97e8e7d43c368cc58c57 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser Email ComputerName DNS Cryptographic key Software crashed					11.6	M	22	ZeroCERT

First
Previous
251
252
253
254
255
256
257
258
259
260
Next
Last
Total : 48,346cnts