Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
3841	2020-12-21 21:01	usalamendallasu22.php.exe 01a6ac7d75910a5511637bb6b0fed9f2 VirusTotal Malware Check memory Checks debugger unpack itself AppData folder malicious URLs AntiVM_Disk VM Disk Size Check					3.4	M	2	guest

3842	2020-12-21 21:30	8ywcHRfZmFm1xoZFd.dll 43b363053ded0862a7984c3874a7acd4 VirusTotal Malware unpack itself					2.0		9	guest

3843	2020-12-21 21:30	4j2Lw65V9nBBpV47T6Hd.dll.exe 9695cc1ccfc3d6a85ceae9f201c499cb VirusTotal Malware Check memory unpack itself crashed					2.4		8	guest

3844	2020-12-21 21:36	8ywcHRfZmFm1xoZFd.dll 43b363053ded0862a7984c3874a7acd4 VirusTotal Malware					1.2		9	guest

3845	2020-12-21 21:39	4j2Lw65V9nBBpV47T6Hd.dll.exe 9695cc1ccfc3d6a85ceae9f201c499cb VirusTotal Malware Check memory unpack itself crashed					2.4		8	ZeroCERT

3846	2020-12-21 23:49	bee0053.exe 116ce4f2a56e0847ce02691cf4038fea VirusTotal Malware RWX flags setting unpack itself anti-virtualization					2.2	M	21	ZeroCERT

3847	2020-12-21 23:50	ara.exe e6bcda31530ea4dea50cff346ad39184 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs DNS					7.2		10	ZeroCERT

3848	2020-12-22 09:08	fa.exe 5188c198e093757a394d4bcb495f325d VirusTotal Malware AutoRuns Check memory RWX flags setting unpack itself malicious URLs AntiVM_Disk anti-virtualization VM Disk Size Check Windows					4.0	M	19	ZeroCERT

3849	2020-12-22 09:09	document.doc b95e04c849d81d07c653371b50426f5f VirusTotal Malware ICMP traffic exploit crash unpack itself malicious URLs Exploit DNS crashed		2			6.4	M	30	ZeroCERT

3850	2020-12-22 09:19	m.dll.exe c596155ad2a6b40478d30da8b8fab520 VirusTotal Malware Check memory unpack itself crashed					2.4		9	ZeroCERT

3851	2020-12-22 09:20	New.jpg.exe 8cce9e2aeeb8c84fda8f79c2619b3456 VirusTotal Malware PDB unpack itself					1.6	M	14	ZeroCERT

3852	2020-12-22 09:24	regasm.exe c07a3923461ebf2e5b1a88472c21ae32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Trojan DNS Software	1 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	14.4	M	45	ZeroCERT

3853	2020-12-22 09:25	ox.exe 346e98b8a995d5f3150c502c055de9ef Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key crashed keylogger	2 Keyword trend analysis	4	1		11.0	M	54	ZeroCERT

3854	2020-12-22 09:31	uninsxsd1218.exe a0e151a2b74b2816155c47f209761415 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory WMI Creates executable files Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS					10.6	M	41	ZeroCERT

3855	2020-12-22 09:32	svchost.exe 3ee960d7d595c82b47ce28164afed056 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Trojan DNS Software	1 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	14.8	M	47	ZeroCERT

First
Previous
251
252
253
254
255
256
257
258
259
260
Next
Last
Total : 48,350cnts