Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
43531	2021-02-03 13:12	falcon.exe e2f9153e98fc360d1fedc0f16853bfb5 VirusTotal Malware Checks debugger unpack itself Advertising DNS		42 Info afegikbfggin.bazar() befhilcehhio.bazar() bdeijlcdgijo.bazar() cffiildfhiio.bazar() aegijkbeiijn.bazar() cdfhjkddhhjn.bazar() bdehikcdghin.bazar() ddfgkledhgko.bazar() cfggildfigio.bazar() ddghjledihjo.bazar() cdegikddggin.bazar() adehilbdghio.bazar() aefgjkbehgjn.bazar() begiklceiiko.bazar() adggikbdigin.bazar() ddehiledghio.bazar() adfhilbdhhio.bazar() deeijleegijo.bazar() cdghikddihin.bazar() ddgikmediikp.bazar() dfeiikefgiin.bazar() cdghjlddihjo.bazar() cefgjmdehgjp.bazar() edggklfdigko.bazar() deehimeeghip.bazar() ccggikdcigin.bazar() dfegjlefggjo.bazar() dcghjlecihjo.bazar() cefikkdehikn.bazar() dceiklecgiko.bazar() beggikceigin.bazar() bcfhklcchhko.bazar() bcfijmcchijp.bazar() acghklbcihko.bazar() dfgijkefiijn.bazar() 35.211.96.150 51.254.25.115 34.220.167.220 87.98.175.85 94.16.114.254 95.217.190.236 54.190.50.234	1		4.4	M	33	ZeroCERT

43532	2021-02-03 12:36	du.exe bfc6d784ac40e0aa03c2889b5fe7d661 Browser Info Stealer Malware download FTP Client Info Stealer Azorult VirusTotal Email Client Info Stealer Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder malicious URLs sandbox evasion anti-virtualization installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	4		15.2	M	25	ZeroCERT

43533	2021-02-03 12:34	document_v145210.doc 5dd959549672b84b8fe17d62683f96ec VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Tofsee Windows Exploit DNS crashed		3	6 Info ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.2	M	26	ZeroCERT

43534	2021-02-03 12:30	document_s451200.doc 990834310f31f02dff5a8b287ec0a1e8 VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Tofsee Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	3	7 Info ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.2	M	27	ZeroCERT

43535	2021-02-03 12:29	control.png.exe d86867b4002b5bf520e5dfa150853a1f Dridex TrickBot Malware suspicious privilege buffers extracted ICMP traffic RWX flags setting unpack itself Check virtual network interfaces malicious URLs Kovter ComputerName DNS crashed		3	2		7.2			ZeroCERT

43536	2021-02-03 12:24	capi.exe 3b5082e38db89105b8ad73a0293dd597 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS crashed					13.6	M	12	ZeroCERT

43537	2021-02-03 12:22	987298.jpg.exe c433a2deac4cdf824b610e8af2dcb912 Remote Code Execution					0.8			ZeroCERT

43538	2021-02-02 15:25	bro.exe 93c2ab80b52f0bf827f2b9ddd0c04909 VirusTotal Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs ComputerName DNS		1			10.8	M	48	ZeroCERT

43539	2021-02-02 14:01	svchost.exe 2642dc49b3e9491b5bb8ed32e3c9dec5 PDB DNS					0.8			ZeroCERT

43540	2021-02-02 13:57	vbc2.exe b9609685b1685626956a7d93edca6c49 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName crashed					10.0	M	50	ZeroCERT

43541	2021-02-02 13:56	vbc.exe 9e775de8441c5ae5316582ba3830c4e2 VirusTotal Malware Check memory RWX flags setting unpack itself DNS					2.4	M	20	ZeroCERT

43542	2021-02-02 13:47	vbc.exe 9e775de8441c5ae5316582ba3830c4e2 VirusTotal Malware Check memory RWX flags setting unpack itself					1.8	M	20	ZeroCERT

43543	2021-02-02 13:45	ufWRvtPr7bkBF.exe 8c3241c55785b304bfd03e24b16efb63 VirusTotal Malware Remote Code Execution					2.0	M	56	ZeroCERT

43544	2021-02-02 13:44	ubtrfi.zip.exe d57f8957ceb00c74cc3aeab23ecf47be VirusTotal Malware PDB unpack itself					1.8	M	11	ZeroCERT

43545	2021-02-02 13:43	TEMP.so.exe f160c057fded2c01bfdb65bb7aa9dfcc Malware download Amadey VirusTotal Malware Malicious Traffic Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS	1 Keyword trend analysis	1	1		6.8	M	50	ZeroCERT