Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
3781	2020-12-16 16:46	david.exe 384a7bebd1c1bae53b14e1f02e10fa94 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger					11.4	M		ZeroCERT

3782	2020-12-16 16:46	endyx.scr 6835b462ca256cacbda46400eb1bb7e0 Browser Info Stealer Malware download FTP Client Info Stealer Azorult VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder malicious URLs sandbox evasion anti-virtualization installed browsers check Ransomware Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	2	3		16.4	M	23	ZeroCERT

3783	2020-12-16 18:16	henryx.scr d4f8d10203aece68bcd02d1f0fb27def Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger					13.4	M	22	ZeroCERT

3784	2020-12-16 18:16	https://zoomba619.blogspot.com... 56b8523d141dbaf1c146b923049c9cb5 Dridex VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	29 Keyword trend analysis Info https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png https://zoomba619.blogspot.com/favicon.ico https://www.google.com/css/maia.css https://fonts.googleapis.com/css?family=Open+Sans:300 https://www.google-analytics.com/analytics.js https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff https://www.blogger.com/img/share_buttons_20_3.png https://www.blogger.com/dyn-css/authorization.css?targetBlogID=2525772521150521786&zx=d19d8632-1056-4b48-b43e-bad47871dfbb https://www.blogger.com/static/v1/v-css/281434096-static_pages.css https://www.blogger.com/static/v1/widgets/3416767676-css_bundle_v2.css https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://zoomba619.blogspot.com/p/c3.html%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://zoomba619.blogspot.com/p/c3.html%26bpli%3D1&passive=true&go=true https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff https://zoomba619.blogspot.com/p/c3.html https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png https://www.blogger.com/static/v1/jsbin/376796862-ieretrofit.js https://www.gstatic.com/og/_/js/k=og.qtm.en_US.QgY6lxWvAPk.O/rt=j/m=q_d,qawd,qmd,qsd,qmutsd,qapid/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtb,qhtt/d=1/ed=1/rs=AA2YrTvod91nzEJFOvvfJUrn6_vLwwY0bw https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg https://fonts.googleapis.com/css?lang=ko&family=Product+Sans\|Roboto:400,700 https://www.blogger.com/img/blogger-logotype-color-black-1x.png https://www.blogger.com/static/v1/widgets/2195516358-widgets.js https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js https://www.gstatic.com/og/_/ss/k=og.qtm.y0v8--8W2Xg.L.I9.O/m=qawd,qmd/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtb,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTtSLvQ9QxDR2uHIB3mSbhYF7uJInw https://resources.blogblog.com/img/icon18_edit_allbkg.gif https://ssl.gstatic.com/gb/images/p1_799229b0.png https://resources.blogblog.com/img/icon18_wrench_allbkg.png https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.GhYSaDTWhs4.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_CcmyUNBPTBtz4hsH0C6OHKqodVQ/cb=gapi.loaded_0 https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fzoomba619.blogspot.com%2Fp%2Fc3.html&bpli=1 https://www.blogger.com/blogin.g?blogspotURL=https://zoomba619.blogspot.com/p/c3.html	21 Info zoomba619.blogspot.com(172.217.161.33) - mailcious resources.blogblog.com(172.217.26.41) www.google.com(216.58.220.132) www.gstatic.com(172.217.26.35) ssl.gstatic.com(172.217.25.195) accounts.google.com(172.217.175.77) www.google-analytics.com(216.58.197.142) apis.google.com(216.58.197.206) fonts.gstatic.com(172.217.161.67) fonts.googleapis.com(172.217.25.74) www.blogger.com(172.217.26.41) 216.58.199.4 - suspicious 216.58.199.10 172.217.26.141 172.217.163.238 216.58.199.105 172.217.174.201 172.217.161.129 142.250.199.67 172.217.31.238 - suspicious 172.217.161.131	3		5.0			guest

3785	2020-12-16 18:22	I2WExplorer.exe af710d76a71abcd42c396ffc0e12cda2 VirusTotal Malware PDB suspicious privilege Check memory Checks debugger unpack itself					2.4	M	36	ZeroCERT

3786	2020-12-16 18:23	Lab15-03.exe bfadb08f07304b6b293707e4f9c9f1a9 VirusTotal Malware Malicious Traffic buffers extracted malicious URLs sandbox evasion WriteConsoleW Tofsee Windows DNS crashed	6 Keyword trend analysis Info http://redirector.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe http://www.practicalmalwareanalysis.com/tt.html http://r7---sn-3u-bh2lz.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe?cms_redirect=yes&mh=Sd&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lz&ms=nvh&mt=1608110186&mv=m&mvi=7&pl=18&shardbypass=yes https://update.googleapis.com/service/update2 https://practicalmalwareanalysis.com/tt.html https://update.googleapis.com/service/update2?cup2key=10:177881428&cup2hreq=016457274a4079e7110e64f6d35cb10690bff0ad17ff457e6357bf2cfadfac2e	4	4		5.8	M	45	ZeroCERT

3787	2020-12-17 08:59	Lab16-01.exe 7faafc7e4a5c736ebfee6abbbc812d80 VirusTotal Malware Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows					4.6	M	40	ZeroCERT

3788	2020-12-17 09:01	Lab15-03-pr.exe cf30e80afa4570f94a066d0264c5a3da VirusTotal Malware malicious URLs sandbox evasion WriteConsoleW crashed	2 Keyword trend analysis	2			3.4	M	45	ZeroCERT

3789	2020-12-17 09:16	OSW.exe f0e54257937a0cce319faf635a3e1f98 VirusTotal Malware Check memory Checks debugger unpack itself malicious URLs ComputerName					2.4	M	15	ZeroCERT

3790	2020-12-17 09:18	prosperx.scr 9c13e16c165b2a914fd342729e7e919c VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows DNS Cryptographic key		1			9.0	M	23	ZeroCERT

3791	2020-12-17 09:36	prosperx.scr 9c13e16c165b2a914fd342729e7e919c VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows DNS Cryptographic key		1			9.0	M	23	ZeroCERT

3792	2020-12-17 09:37	svchost.exe d543a59ba12985acaf4134c3ff427b86 NetWireRC VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Checks Bios Detects VirtualBox suspicious process malicious URLs VMware anti-virtualization Windows ComputerName DNS Cryptographic key DDNS Software		2	1		16.8	M	43	ZeroCERT

3793	2020-12-17 09:49	diego.png.exe d8a449d9a8aa11d58db91e3dc2387595 VirusTotal Malware unpack itself DNS					2.4	M	17	ZeroCERT

3794	2020-12-17 09:50	winlog.exe 926682b2da9a8406bcb427da6a9e00ac Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Trojan DNS Software	1 Keyword trend analysis	2	8 Info ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET INFO DNS Query for Suspicious .ga Domain ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1		14.4	M	46	ZeroCERT

3795	2020-12-17 10:04	http://www.hahae.co.kr/new3/IS... 06cfdaf0990fcd6ace527e1ae005e36f Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	2	3		4.6			ZeroCERT

First
Previous
251
252
253
254
255
256
257
258
259
260
Next
Last
Total : 48,352cnts