Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
3811	2020-12-18 12:16	CKC.exe 5fa29b2a0a86144477ff75ad70fe603d Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process malicious URLs WriteConsoleW IP Check Tofsee Windows Cryptographic key crashed	8 Keyword trend analysis	4	2		10.0	M		ZeroCERT

3812	2020-12-18 15:40	Jormungandr4.exe 13b9ee8bc19bde796a4c17a8e082e5a4 VirusTotal Malware Check memory RWX flags setting unpack itself DNS					3.2	M	47	ZeroCERT

3813	2020-12-18 15:40	jEgLNI40Ro9O775.exe 7f267b65bf69ce79699d4893158df1ce VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs	6 Keyword trend analysis Info http://www.whereinthezooareyou.com/e66m/?7n=DIL8tOhcg9HP3GwfV7qlioXlfu61iezVxIewch9gOr11yg86URjwoHMDV8tdy2sPgTSrBSzm&SZ=Y4C0ilYp7ZstNr7 http://www.helpwithutilitypaymentsnow.info/e66m/ http://www.helpwithutilitypaymentsnow.info/e66m/?7n=FEBAs7i0n4z6X0AiZh/5DZVdGmu7EkYB9YilD3B809caGLX74ShuCT+CLCnCyqApewF4Hhwd&SZ=Y4C0ilYp7ZstNr7 http://www.whereinthezooareyou.com/e66m/ http://www.momos-fast.com/e66m/ http://www.momos-fast.com/e66m/?7n=mxB+TmBlf/svbcyv5zfKBRhZ9+bTIZrwDTYgjpnV+ollFfetE9VJXIqqR6fiqHo7v3thMxx/&SZ=Y4C0ilYp7ZstNr7	10			9.2	M	16	ZeroCERT

3814	2020-12-18 16:18	loader.hta eb55d80407a08dbfa854c7e6ebc7178a VirusTotal Malware malicious URLs					1.8		3	ZeroCERT

3815	2020-12-18 16:18	net.exe a5965a9592a240bcaaaaafdcfaef13d2 VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself malicious URLs anti-virtualization installed browsers check Windows Browser ComputerName Cryptographic key					6.2	M	28	ZeroCERT

3816	2020-12-18 16:47	loader.hta eb55d80407a08dbfa854c7e6ebc7178a VirusTotal Malware malicious URLs crashed					1.4		3	ZeroCERT

3817	2020-12-18 16:48	regasm.exe 2dd315281d64b04beca11cc61101baaa VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs DNS					6.4	M	20	ZeroCERT

3818	2020-12-18 17:47	win32.exe 6179cc7f3caa1ab44cf06fc4917813e4 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Trojan DNS Software	1 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.0	M	46	ZeroCERT

3819	2020-12-18 17:47	svchost.exe 50b29294dbc99f5c880e59ce9e08c983 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Trojan DNS Software	1 Keyword trend analysis	2	10 Info ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO DNS Query for Suspicious .ga Domain ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.2	M		ZeroCERT

3820	2020-12-18 17:53	102w.jpg.exe 7ee7f1272a292fff71d189f5f3b908ca VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName Cryptographic key	2 Keyword trend analysis	2	1		7.8	M	16	ZeroCERT

3821	2020-12-18 17:53	kg.exe 8c29b3b5d7de4173ce340ff4c2dffe10 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS crashed					12.8	M	26	ZeroCERT

3822	2020-12-18 18:31	svchost.exe ed427d483fedf9e80f4a3cbba7638b06 VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Detects VirtualBox suspicious process malicious URLs VMware anti-virtualization ComputerName Software	1 Keyword trend analysis	3			13.8	M	11	ZeroCERT

3823	2020-12-18 18:31	regasm.exe 4578b188645f157291b8081faf680a4a Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Trojan DNS Software		2	10 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		13.6	M	22	ZeroCERT

3824	2020-12-18 18:37	vbc.exe f653761c51d9032885abee7c4da9b06c VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	25	ZeroCERT

3825	2020-12-18 18:37	winlog.exe ded64e567dba740ae8a47527ae486651 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Trojan DNS Software	1 Keyword trend analysis	2	8 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Fake 404 Response	1	13.6	M	25	ZeroCERT

First
Previous
251
252
253
254
255
256
257
258
259
260
Next
Last
Total : 48,352cnts