Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
43756	2021-01-24 15:37	86QEWWFXW.doc 7258d39f41a2bbf908aa0da116d71785 Vulnerability VirusTotal Malware Malicious Traffic ICMP traffic unpack itself malicious URLs Windows DNS	1 Keyword trend analysis	4	3		7.2	M	36	ZeroCERT

43757	2021-01-24 15:35	bfDxx9wOnZ6L.dll 7a2719feebfc1580305490f1393a8b5b VirusTotal Malware					1.2	M	35	ZeroCERT

43758	2021-01-24 10:45	winlog.exe 209a9397bb6c68626ff785164388a65d Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response		14.0	M	41	ZeroCERT

43759	2021-01-24 10:45	vbc2.exe 10801c62dc23ddb26ffd88b67c43c657 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName Cryptographic key crashed					10.6	M	45	ZeroCERT

43760	2021-01-24 10:38	PATOTO.pdf.exe c7b57a6ecc4533c754e1c04789e242d0 Browser Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS crashed	2 Keyword trend analysis	6	5		17.8	M	12	ZeroCERT

43761	2021-01-24 10:37	vbc.exe c3d0ab8f849d88b7f0ff0020670a11e1 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs	3 Keyword trend analysis Info http://www.sh-ruidiclub.com/kna/?MJBx=+nx195h0NbafDtQp1QPBDOHdjCmMRQ8aKErdSAt88BDsc/u/TtSX5WL4qDGYhxz6osxlOxMX&U8kx=9rGDCxG8rZSPD4o http://www.melonicwater.com/kna/?MJBx=9oI7M79+QRbmhM2oxlAzxuYXzqnn3T2ubU0puNYb8AxxNo35UCQOq0sw66B6q0lorE5JaewK&U8kx=9rGDCxG8rZSPD4o http://www.nosyboats.com/kna/?MJBx=cgL5PBhyQayUAmaGlB2Ygqz7ix1/ecfu/XtkZEW3lCqxOcQMRXMgxa44V/QPEhaODSJalgde&U8kx=9rGDCxG8rZSPD4o	6			9.4	M	25	ZeroCERT

43762	2021-01-24 10:23	lv.exe 0d6e899aa1a131fc917e5814d562a06b VirusTotal Malware AutoRuns Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities Checks Bios Detects VMWare suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check Windows ComputerName crashed	1 Keyword trend analysis	2	1		11.6	M	46	ZeroCERT

43763	2021-01-24 10:20	GHoTgzOL9Cy.dll 08667fc58fec60e818c3344ed718a1dd VirusTotal Malware					1.0	M	21	ZeroCERT

43764	2021-01-22 18:29	bbc.exe 19f207b20b1d2a05aba1a1eb59da54d2 VirusTotal Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself AppData folder malicious URLs ComputerName DNS crashed					5.0	M	34	ZeroCERT

43765	2021-01-22 18:27	c3.dll 81f401defa8faa2e4745590bc4f6c008 VirusTotal Malware PDB unpack itself					1.8	M	23	ZeroCERT

43766	2021-01-22 18:26	alex.scr 45a72653fb1d34a564f611c1f3594c02 VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces DNS	4 Keyword trend analysis Info http://193.239.147.103/base/FAB1A25ABF3F57F3030F40686667A161.html - rule_id: 225 http://193.239.147.103/base/8C0599C1B9B3E6070FB750C30A6E4DE5.html - rule_id: 225 http://193.239.147.103/base/2C9EBDF8639D920DAD88AE504A55F6CC.html - rule_id: 225 http://193.239.147.103/base/DBB21AAEE02CC39BE17503128FDCD072.html - rule_id: 225	1		4	3.6	M	13	ZeroCERT

43767	2021-01-22 18:25	abdulx.scr 093581879b31e72cb9f58572e92a326b Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed keylogger	5 Keyword trend analysis Info http://193.239.147.103/base/A835403D21646D38831BEFB4AACEE40A.html - rule_id: 225 http://193.239.147.103/base/B958C53208B4018959CAB8F85D1BE96B.html - rule_id: 225 http://193.239.147.103/base/B8D7291260DCC598FA98C5584014FB4A.html - rule_id: 225 http://193.239.147.103/base/359D3681998052C40556FFBF15816F76.html - rule_id: 225 https://api.ipify.org/	3	1	4	15.4	M	16	ZeroCERT

43768	2021-01-22 18:21	3XvbkMuarDL4nbwCq3qfQ.dll 08667fc58fec60e818c3344ed718a1dd VirusTotal Malware					1.0	M	21	ZeroCERT

43769	2021-01-22 18:04	xax7k4mlp.zip.exe b613ab3eef642e50999219c6bc103c24 Malware download Dridex TrickBot VirusTotal Malware PDB MachineGuid Malicious Traffic Checks debugger unpack itself Collect installed applications installed browsers check Kovter Browser ComputerName DNS crashed		1	2		6.8	M	35	ZeroCERT

43770	2021-01-22 17:10	worked.exe a8417cfd71637c7371986737cff269cf VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS	2 Keyword trend analysis	4			10.6	M	23	ZeroCERT