Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
43546	2021-02-02 13:40	scr.dll 8a7fa2352851fddec50f91833637dc69 VirusTotal Malware Malicious Traffic Checks debugger buffers extracted unpack itself DNS	1 Keyword trend analysis	1			4.4	M	35	ZeroCERT

43547	2021-02-02 13:39	self.exe 27493edfa85af8660f2c05f5eddf2969 Malware download Azorult Dridex TrickBot VirusTotal Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs Kovter Browser ComputerName DNS	1 Keyword trend analysis	1	6 Info ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET MALWARE AZORult Variant.4 Checkin M2 ET MALWARE Win32/AZORult V3.2 Client Checkin M4 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1	1	11.0	M	50	ZeroCERT

43548	2021-02-02 13:37	pzf3d4h.zip.exe d91d846f2cd5f791cfae21bec49fb3d5 VirusTotal Malware PDB unpack itself DNS crashed					3.0	M	10	ZeroCERT

43549	2021-02-02 13:36	rbv9d79.zip.exe ebca4076e0a420caf420bdcd98c91d3c VirusTotal Malware PDB unpack itself malicious URLs					2.6	M	11	ZeroCERT

43550	2021-02-02 13:24	Protected Client.vbs b8e153cc0bec4b58809b9d323cc55303 VirusTotal Malware powershell Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI ICMP traffic unpack itself Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Windows Java ComputerName DNS Cryptographic key DDNS keylogger		6	2		15.8	M	6	ZeroCERT

43551	2021-02-02 13:23	private.png.exe f7fc343cbf86f08c7b529ab451677752 VirusTotal Malware Buffer PE Check memory buffers extracted Creates executable files unpack itself AppData folder malicious URLs DNS crashed					5.4	M	19	ZeroCERT

43552	2021-02-02 12:13	pp.exe 7b8047fdbb913497713a07aeed0d0f4c VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs ComputerName DNS		1			10.2	M	47	ZeroCERT

43553	2021-02-02 11:42	pebro.exe ac4cd44715d6bcee3624efeaf5b7b107 Browser Info Stealer Malware download FTP Client Info Stealer Azorult VirusTotal Email Client Info Stealer Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder malicious URLs sandbox evasion anti-virtualization installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	1	3		15.0	M	19	ZeroCERT

43554	2021-02-02 11:37	pe.exe 40b3185fce9e7d377a4835d5c0420502 VirusTotal Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs ComputerName DNS		1			11.6	M	47	ZeroCERT

43555	2021-02-02 11:33	ndu.exe 57f69ad1d8f4ca03de19053597368a8d Browser Info Stealer Malware download FTP Client Info Stealer Azorult VirusTotal Email Client Info Stealer Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder malicious URLs sandbox evasion anti-virtualization installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	1	3		15.2	M	20	ZeroCERT

43556	2021-02-02 11:29	kali.jpg.exe 185dd5ec503c683da355a50e70f25c68 Dridex Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed		2	3		5.2			ZeroCERT

43557	2021-02-02 11:24	hkcmd.exe d7c6ddd2feb3c305103f5c3cbb81ba01 VirusTotal Malware suspicious privilege Malicious Traffic unpack itself Windows utilities suspicious process AppData folder Tofsee Windows DNS	14 Keyword trend analysis Info http://www.cbrealvitalize.com/bw82/ - rule_id: 171 http://www.thedancehalo.com/bw82/?q6A=TJmBUVi76XvdedvdT4XTiNg0xow+eIDVhd+PvrNB1pQf64xZGmJKzxet+DQnJGM605l+3b5o&rTIHm=GBLHRF_P88oplF - rule_id: 174 http://r7---sn-3u-bh2lz.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe?cms_redirect=yes&mh=Sd&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lz&ms=nvh&mt=1612232416&mv=m&mvi=7&pl=18&shardbypass=yes http://www.ramjamdee.com/bw82/?q6A=G5V/jI1nKTLenhjjo/i12Eg93VLS1Yw8/shPcO2Rcy1fy6ap4Ji+a3XMw6iEqnOAalcXPDfF&rTIHm=GBLHRF_P88oplF http://www.wmarquezy.com/bw82/ - rule_id: 181 http://www.thedancehalo.com/bw82/ - rule_id: 174 http://www.wmarquezy.com/bw82/?q6A=/EPqbtSARGzilFdTRYE1urAc3bDaNMBRSm6tJpb+ckA41wFrw7Re59/hr+veajPbLei9XJ0s&rTIHm=GBLHRF_P88oplF - rule_id: 181 http://redirector.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe http://www.rizrvd.com/bw82/?q6A=AJ+QNFfrOFbXfaBH3oQHABBFVni950JEMBOKAlzmtW9JOrHkbqbPArp20lyvTn0sGIZMgptI&rTIHm=GBLHRF_P88oplF - rule_id: 170 http://www.rizrvd.com/bw82/?q6A=AJ+QNFfrOFbXfaBH3oQHABBFVni950JEMBOKAlzmtW9JOrHkbqbPArp20lyvTn0sGIZMgptI&rTIHm=GBLHRF_P88oplF http://www.rizrvd.com/bw82/ - rule_id: 170 http://www.cbrealvitalize.com/bw82/?q6A=QMz1n+xx2KiD30AmT9IbdZVffunkwaB1v+iSpZgJgwTVZu6PNQxJOIJjV5QBJp9Es7YbcplQ&rTIHm=GBLHRF_P88oplF - rule_id: 171 http://www.ramjamdee.com/bw82/ https://update.googleapis.com/service/update2?cup2key=10:3587760924&cup2hreq=b5973943769c1b90e1b64c5aecb7f4917a6723d3f17cfa38379a1fba2a7a22b8	27 Info www.learnplaychess.com(103.250.186.248) - mailcious www.illfingers.com(162.241.217.138) - mailcious www.thedancehalo.com(34.102.136.180) - mailcious www.h2oturkiye.com(94.73.146.42) - mailcious www.thrivezi.com(52.23.148.124) - mailcious www.healthyfifties.com(198.20.125.69) - mailcious www.rizrvd.com(34.102.136.180) - mailcious www.wmarquezy.com(192.0.78.25) - mailcious www.cbrealvitalize.com(34.102.136.180) - mailcious www.dealsonwheeeles.com(182.50.132.242) - mailcious r7---sn-3u-bh2lz.gvt1.com(59.18.45.210) www.leadeligey.com(192.0.78.24) - mailcious www.ramjamdee.com(34.102.136.180) www.ninasangtani.com(34.102.136.180) - mailcious www.texasdryroof.com(34.102.136.180) - mailcious www.engageautism.info(34.102.136.180) - mailcious 172.217.26.35 162.241.217.138 - mailcious 59.18.45.210 52.23.148.124 - mailcious 34.102.136.180 - mailcious 94.73.146.42 - mailcious 172.217.161.78 - phishing 103.250.186.248 - mailcious 182.50.132.242 - mailcious 192.0.78.25 - mailcious 198.20.125.69 - mailcious	1	8	6.8	M	56	ZeroCERT

43558	2021-02-02 11:14	guy.exe e492cdbd78ea81ea8e634524441a22a4 VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs ComputerName DNS		1			9.8	M	43	ZeroCERT

43559	2021-02-02 11:08	guy.exe e492cdbd78ea81ea8e634524441a22a4 VirusTotal Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs ComputerName DNS		1			11.2	M	43	ZeroCERT

43560	2021-02-02 11:06	cobaltstrike_shellcode.exe 93a1ae6fb7152ff6e8fa76f88e14658d Dridex TrickBot VirusTotal Malware Malicious Traffic unpack itself malicious URLs Kovter ComputerName DNS	1 Keyword trend analysis	1	1		5.2		60	r0d