Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
44011	2021-01-08 17:13	payment245.xls c2ca4d5f2632597023b6cf5b496fb4ed VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key		2	1		8.8	M	26	guest

44012	2021-01-08 17:10	vantuz_2021.exe 740e559929463320cb8e0403fd35a097 VirusTotal Malware unpack itself Remote Code Execution					3.2	M	44	guest

44013	2021-01-08 10:51	WaterMarkRemover.exe 73d1583d003191b60372cd63764bce02 VirusTotal Malware powershell suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key		3	3		12.4	M	43	ZeroCERT

44014	2021-01-08 10:51	vbc.exe f2db9ace8c84cbfb127296232821973a Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software		2			11.8		16	ZeroCERT

44015	2021-01-08 10:46	Steal.exe ca24b394814edff32602cadf7d8d2f01 Browser Info Stealer VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check Windows Browser ComputerName DNS Cryptographic key crashed					12.4	M	43	ZeroCERT

44016	2021-01-08 10:45	sek750_2021.exe c6f6ed1f84712740a7ee2faa2e1fff9b VirusTotal Malware unpack itself Remote Code Execution					3.2	M	52	ZeroCERT

44017	2021-01-08 10:40	order2.exe 358f58e43fcdd8d0fe0233c24f684314 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed keylogger					14.0	M	43	조광섭

44018	2021-01-08 10:33	order2.exe 358f58e43fcdd8d0fe0233c24f684314 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed keylogger					14.0	M	43	조광섭

44019	2021-01-08 10:29	order2.exe 358f58e43fcdd8d0fe0233c24f684314 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser Email ComputerName Cryptographic key Software crashed keylogger					12.8	M	43	ZeroCERT

44020	2021-01-08 10:27	paymentinv.xls f81192d7fb07ca8b5179a607b5a57a97 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key		2	1		8.6	M	19	ZeroCERT

44021	2021-01-08 10:26	paymentinv.xls f81192d7fb07ca8b5179a607b5a57a97 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName Cryptographic key		2	1		8.0	M	19	ZeroCERT

44022	2021-01-08 10:18	order2.exe 358f58e43fcdd8d0fe0233c24f684314 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger					13.4	M	43	ZeroCERT

44023	2021-01-08 10:18	Order.exe dfb36482f957f18a3bdfc42572d66afa Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c Buffer PE suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Cryptographic key Software		2	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2		14.6	M	36	ZeroCERT

44024	2021-01-08 09:45	mscore-thx86.dll 5123f37e5543e688352a302a439a281a Emotet Dridex TrickBot VirusTotal Malware Check memory Checks debugger buffers extracted RWX flags setting unpack itself Kovter DNS		1	1		6.0	M	35	ZeroCERT

44025	2021-01-08 09:30	CreamNoteSetupV25_223_InMqWgu9... fd32312fa875278f76fdce036347917a VirusTotal Malware AutoRuns Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself AppData folder malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser ComputerName Firmware	1 Keyword trend analysis	6			7.8	M	42	ZeroCERT