Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
43666	2021-01-27 17:21	winlog4.exe 8fdff316f12069a8982756b946d065f4 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Tofsee Browser Email ComputerName DNS Software	1 Keyword trend analysis	1	1		12.8	M	25	ZeroCERT

43667	2021-01-27 17:21	winlog5.exe 880b987607e4a382fc7e8364a36872ad Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		12.6	M	28	ZeroCERT

43668	2021-01-27 17:16	winlog2.exe 5c0de7259a084a9f9acab766469540ee Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates executable files unpack itself AppData folder malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response		11.6	M	37	ZeroCERT

43669	2021-01-27 17:16	winlog3.exe 9021643741f28e6a7032d8fe3fcd20f1 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates executable files unpack itself AppData folder malicious URLs sandbox evasion installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		10.4	M	25	ZeroCERT

43670	2021-01-27 17:09	winlog.exe 73e25f09d4c7e66c2f126f49e47154aa VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName DNS crashed					10.2	M	23	ZeroCERT

43671	2021-01-27 17:07	win32.exe 9a91670d7b36a98bd317682b9099d18a VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs					7.8	M	31	ZeroCERT

43672	2021-01-27 16:48	vbc4.exe 374fb48a959a96ce92ae0e4346763293 FTP Client Info Stealer VirusTotal Malware Check memory Checks debugger unpack itself Remote Code Execution DNS Software					3.2	M	5	ZeroCERT

43673	2021-01-27 16:48	wilson.exe 62b0fc496f6adea7a67a190ad894860e VirusTotal Malware unpack itself					2.0	M	24	ZeroCERT

43674	2021-01-27 16:29	vbc3.exe 39ba271319dcef35476700b3aa141728 VirusTotal Malware Check memory Checks debugger unpack itself DNS					2.4	M	14	ZeroCERT

43675	2021-01-27 16:29	vbc2.exe fd95e58d1a70aee961371bc1c9ae33e8 VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	22	ZeroCERT

43676	2021-01-27 16:24	vbc.exe aed013a0fa9eb5298f703977eccc3589 Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself suspicious process malicious URLs WriteConsoleW Windows DNS Cryptographic key	2 Keyword trend analysis	6			10.8	M		ZeroCERT

43677	2021-01-27 16:22	Remittance.vbs fd817f13d8f40443e28b746269663532 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger WMI Creates shortcut ICMP traffic unpack itself Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName Cryptographic key		4	1		9.0	M	5	ZeroCERT

43678	2021-01-27 16:05	regasm.exe 4e1afa007fd09702d491d16427c295b5 VirusTotal Malware Check memory Checks debugger unpack itself					1.8	M	39	ZeroCERT

43679	2021-01-27 16:04	qjt6pg.rar.exe aa8578417627ddb4e6912e9d6cb0eaf4 VirusTotal Malware PDB unpack itself DNS crashed					3.2	M	26	ZeroCERT

43680	2021-01-27 15:30	palata.exe 62b0fc496f6adea7a67a190ad894860e unpack itself DNS					1.8	M		ZeroCERT