Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
43696	2021-01-27 13:22	1231231_2.jpg.exe b008725bb8ca0183fee229b56ad3d5da					0.2			ZeroCERT

43697	2021-01-27 13:22	1231231.jpg.exe 64e0711b80f30c41e3d72449d8876427					0.2			ZeroCERT

43698	2021-01-27 11:22	winlog3.exe 7ba711ebd28bee528484cbef1d995c91 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	12.6	M	22	ZeroCERT

43699	2021-01-27 11:21	1231231.jpg.exe 64e0711b80f30c41e3d72449d8876427					0.2			ZeroCERT

43700	2021-01-27 10:48	winlog.exe a902a824ed15b2081c52cba6e82ca58e VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder malicious URLs sandbox evasion Browser					5.2	M	37	ZeroCERT

43701	2021-01-27 10:48	winlog2.exe 08b8c50f3ca0402a66ad4b76ed784a9e Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response		14.6	M	23	ZeroCERT

43702	2021-01-27 10:43	vbc3.exe 83d88e7de6a615fa35f6d3e3ea36864f VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder malicious URLs sandbox evasion Browser					4.8	M	18	ZeroCERT

43703	2021-01-27 10:43	vbc2.exe 7ba711ebd28bee528484cbef1d995c91 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		13.6	M	22	ZeroCERT

43704	2021-01-27 10:26	topboyz.exe 525bd43fc894917b14589dae941d9f00 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName DNS crashed					11.4	M	17	ZeroCERT

43705	2021-01-27 10:26	vbc.exe b94f6fe6c0a12f51cefa10222036b2e8 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Check virtual network interfaces suspicious process malicious URLs Tofsee Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1		15.0	M	29	ZeroCERT

43706	2021-01-27 10:13	regasm2.exe 38a5f186d08c8301634a43a63feb8e7a Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software		1			13.0	M	28	ZeroCERT

43707	2021-01-27 10:13	svch.exe afdbbb87787a1ebaf87245fce4b0fc07 Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection Check memory buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities malicious URLs Tofsee Windows DNS DDNS		4	2		9.8	M	40	ZeroCERT

43708	2021-01-27 09:52	regasm.exe e6ab3de4c697f00a45320e4b7b446d8d VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself powershell.exe wrote suspicious process malicious URLs Windows ComputerName Cryptographic key					9.8	M	21	ZeroCERT

43709	2021-01-27 09:52	regasm.exe e6ab3de4c697f00a45320e4b7b446d8d Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		17.2	M	21	ZeroCERT

43710	2021-01-27 09:52	prosperz.scr e9a4170da6f905c790a109185ec43e9c VirusTotal Malware Check memory Checks debugger unpack itself malicious URLs ComputerName crashed					2.8	M	24	ZeroCERT