Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
43846	2021-01-20 16:01	IMG_06176.pdf af5e99b838ae10dbc1e7cedc58413b06 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	15.0	M	25	guest

43847	2021-01-20 15:59	vbc.exe 80c7f8dde5eef2dd1866d5af37512bd4 VirusTotal Malware Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName					7.6	M	26	guest

43848	2021-01-20 15:58	IMG_06635.pdf 1eea31c7530595a01a054ad9f86b9dc3 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key					9.2	M	26	guest

43849	2021-01-20 15:57	IMG_010357.pdf 23a53bec3e0bf43ec47af722a6aac7cb VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key					9.2	M	23	guest

43850	2021-01-20 14:23	dira2.exe 9d706a2b53e06d2d9a6fbada380f26e0 suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs					7.8			guest

43851	2021-01-20 14:07	dira1.exe 966bd3909e4a80e50fee52f34ccc5123 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs					8.4		15	guest

43852	2021-01-20 14:01	5555555555_3.jpg.exe 5a7124b7931574592d1f64b4fb5e1b26					0.2			ZeroCERT

43853	2021-01-20 14:01	5555555555_2.jpg.exe 5a7124b7931574592d1f64b4fb5e1b26					0.2			ZeroCERT

43854	2021-01-20 13:31	vbc.exe 06904ee5e04abada43cb86d7a0457b5e Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Checks Bios Detects VirtualBox suspicious process malicious URLs WriteConsoleW VMware anti-virtualization Windows ComputerName DNS Software	1 Keyword trend analysis	2			14.6	M		guest

43855	2021-01-20 13:31	mykc.exe 0f04beb334b2a2f38f8c9f9c7ad73a42 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		12.6	M	20	guest

43856	2021-01-20 12:23	msg.exe 5064de995195186fe9388b8c0501e921 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself Tofsee Windows ComputerName Remote Code Execution DNS	5 Keyword trend analysis Info http://redirector.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe http://r7---sn-3u-bh2lz.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe?cms_redirect=yes&mh=Sd&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lz&ms=nvh&mt=1611112577&mv=m&mvi=7&pl=18&shardbypass=yes https://code.jquery.com/jquery-3.3.1.min.js https://update.googleapis.com/service/update2?cup2key=10:1487032191&cup2hreq=09fbd78a9dfeb5f2064cece5178eb0344c74773d40cc784d8b9b84f4a5c1845b https://update.googleapis.com/service/update2	4	4		4.2	M	19	guest

43857	2021-01-20 12:23	IMG_80137.pdf.exe 581632a12c1a592209d0601ed1636e81 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs VMware IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4		14.4	M	28	guest

43858	2021-01-20 11:36	IMG_010357.pdf.exe 23a53bec3e0bf43ec47af722a6aac7cb VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows DNS Cryptographic key	3 Keyword trend analysis Info http://www.superpuzzlegames.com/irux/?svXtHJ=2iapA2hgNxbkqB+V3u0+Xd2V1shViYkFrtCLp+QMfnnR5qOnJ92QZtuvpJQvSgF7++1rGUml&2dz=o8bda http://www.brandceowd.com/irux/?svXtHJ=0j08RdxtSpDHU9TkerM5ZOvUTqlAPm16yNUa+g09cIUfHbvYECcPfZRc8Hm786neoGWYBKsx&2dz=o8bda http://www.vitajwb.com/irux/?svXtHJ=aBotwqjg2eiYH47IGGoy+MUHm1L4CQH2ldwuphkct0CNUc4k50Kxap/IYnC7QwCwjRlLOhwZ&2dz=o8bda	7			10.6	M	23	guest

43859	2021-01-20 11:35	dira2.exe f3d7308ba02ae2418b7133bb54af2f2f VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	20	guest

43860	2021-01-20 10:43	dira1.exe 24f9d7832d2ec8673c62aea51e58717e VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs	8 Keyword trend analysis Info http://www.gdsjgf.com/bw82/?DVldV=7KG5rMnLNS/F00cUwyvwq06b8xrmRTVdiDQe9ch18oMrwrVTJ7b27kzNH/2ON0tx/WWBZXRB&mnSl=TjPx - rule_id: 173 http://www.fundamentaliemef.com/bw82/?DVldV=QkMkuxh2ucRr9ojg29qxLCumVyd+gOetBgu1JsTmwOgL/DJgKhnBU0B9lDpy4Ze2TSwBzgSC&mnSl=TjPx http://www.primajayaintiperkasa.com/bw82/?DVldV=wrrAqmPMotLOmGS72WH0DKo+XC/be1kQGrF1UVobNasmDfIbiwM8Vd2XCaV73rqOjx2tl8Jj&mnSl=TjPx http://www.acdfr.com/bw82/?DVldV=34+qQ3Lt3V5D9l8cKqrMS1QrJzDj13fhTkCMqePtkuCvgsCPLavUD8Zp6RlBnjfacsD8BAWJ&mnSl=TjPx http://www.primajayaintiperkasa.com/bw82/ http://www.acdfr.com/bw82/ http://www.gdsjgf.com/bw82/ - rule_id: 173 http://www.fundamentaliemef.com/bw82/	15 Info www.gdsjgf.com(34.102.136.180) - mailcious www.primajayaintiperkasa.com(103.253.212.114) www.gmobilet.com() www.fundamentaliemef.com(104.238.220.186) www.medkomp.online(81.200.118.106) - mailcious www.dealsonwheeeles.com(182.50.132.242) - mailcious www.acdfr.com(199.34.228.73) www.magnabeautystyle.com(184.168.131.241) - mailcious 199.34.228.73 184.168.131.241 - mailcious 103.253.212.114 34.102.136.180 - mailcious 81.200.118.106 - mailcious 104.238.220.186 - mailcious 182.50.132.242 - mailcious		2	8.8	M	26	guest