Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
44026	2021-01-08 09:19	9WYIIhxH9L2WReqC3.dll bbb4ae6e86a6f44cf8ff27af3144f98f VirusTotal Malware PDB suspicious privilege Malicious Traffic Checks debugger buffers extracted Creates shortcut RWX flags setting unpack itself malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Windows Browser Advertising ComputerName DNS Cryptographic key	2 Keyword trend analysis	4		2	10.8	M	36	ZeroCERT

44027	2021-01-08 09:18	CreamNoteSetup_204_fNd51r4pd0_... 67e68935fc4f53a7a505353979210cd5 VirusTotal Malware AutoRuns Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself AppData folder malicious URLs installed browsers check Windows Browser ComputerName Firmware DNS	1 Keyword trend analysis	5			8.6		44	ZeroCERT

44028	2021-01-07 18:48	dvh.msi 95c152becccd85709530c7b6a1f489fb VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check ComputerName					4.8		29	ZeroCERT

44029	2021-01-07 15:35	svchost.exe 23a939174dc18c9dee0bb29cd7c3e859 VirusTotal Malware Buffer PE AutoRuns Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process malicious URLs IP Check Tofsee Windows	2 Keyword trend analysis	5	1		10.6	M	48	ZeroCERT

44030	2021-01-07 15:33	update.exe 383fec0cd20be62b6c12ea79664a2234 VirusTotal Malware DNS					2.8	M	42	ZeroCERT

44031	2021-01-07 15:22	rrrrr.exe 57dc4e64ee42edabebdd28b88479bd87 VirusTotal Malware AutoRuns Malicious Traffic Check memory Checks debugger unpack itself Tofsee Windows DNS	3 Keyword trend analysis Info http://redirector.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe http://r7---sn-3u-bh2lz.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe?cms_redirect=yes&mh=Sd&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lz&ms=nvh&mt=1609999938&mv=m&mvi=7&pl=18&shardbypass=yes https://update.googleapis.com/service/update2?cup2key=10:2412808232&cup2hreq=0422a0f053dc550015119d6a33d7a57c8d6546991ab052f0d4096ef109c84e5b	3	1		5.2	M	34	ZeroCERT

44032	2021-01-07 15:22	Shipppy.exe 35d3f86c5715649c8a4273e6a52b0b54 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName					12.4	M	25	ZeroCERT

44033	2021-01-07 12:31	Great_money_bin.exe b7eab6cec14c7e38271290aab595dbcd Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	4 Keyword trend analysis	2	1		14.8	M	41	ZeroCERT

44034	2021-01-07 12:30	normal_sig.exe 57e519ee214aa9d177cf54135296f28b VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Windows DNS Cryptographic key		1			9.4	M	40	ZeroCERT

44035	2021-01-07 11:08	7.exe d17b424e6865ccfc1f790313c85347e2 VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs IP Check DNS	1 Keyword trend analysis	3	1		11.2	M	46	ZeroCERT

44036	2021-01-07 11:07	4BAJ5O.doc 8d7c388e144427e46654e1f1d75de590 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee		14 Info astrologiaexistencial.com(31.22.4.141) - malware mail.ninosindigochile.cl(104.248.239.10) - mailcious mirvalgroup.com(167.99.163.124) - mailcious walkerswebshop.com(149.255.62.16) - mailcious unimedunihealth.com(172.67.201.73) - mailcious www.dirgantaratuba.com(202.67.13.163) - mailcious wp.gensoukyou.org(172.67.188.124) - mailcious 104.248.239.10 - mailcious 104.31.64.148 - mailcious 31.22.4.141 - malware 104.27.135.101 - mailcious 149.255.62.16 - mailcious 202.67.13.163 - mailcious 167.99.163.124 - mailcious	1		6.2	M	41	ZeroCERT

44037	2021-01-07 11:05	4BAJ5O.doc 8d7c388e144427e46654e1f1d75de590 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee		14 Info astrologiaexistencial.com(31.22.4.141) - malware unimedunihealth.com(172.67.201.73) - mailcious mirvalgroup.com(167.99.163.124) - mailcious walkerswebshop.com(149.255.62.16) - mailcious mail.ninosindigochile.cl(104.248.239.10) - mailcious www.dirgantaratuba.com(202.67.13.163) - mailcious wp.gensoukyou.org(172.67.188.124) - mailcious 104.248.239.10 - mailcious 31.22.4.141 - malware 149.255.62.16 - mailcious 104.31.64.148 - mailcious 202.67.13.163 - mailcious 167.99.163.124 - mailcious 104.27.134.101	1		6.0	M	41	ZeroCERT

44038	2021-01-07 11:04	4BAJ5O.doc 8d7c388e144427e46654e1f1d75de590 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS		14 Info astrologiaexistencial.com(31.22.4.141) - malware mail.ninosindigochile.cl(104.248.239.10) - mailcious mirvalgroup.com(167.99.163.124) - mailcious walkerswebshop.com(149.255.62.16) - mailcious unimedunihealth.com(104.27.135.101) - mailcious www.dirgantaratuba.com(202.67.13.163) - mailcious wp.gensoukyou.org(104.31.65.148) - mailcious 104.248.239.10 - mailcious 31.22.4.141 - malware 149.255.62.16 - mailcious 104.31.64.148 - mailcious 202.67.13.163 - mailcious 167.99.163.124 - mailcious 104.27.134.101	1		6.6	M	41	ZeroCERT

44039	2021-01-07 11:03	7.exe d17b424e6865ccfc1f790313c85347e2 VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs IP Check DNS	1 Keyword trend analysis	3	1		11.2	M	46	ZeroCERT

44040	2021-01-07 10:44	4BAJ5O.doc 8d7c388e144427e46654e1f1d75de590 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS		14 Info astrologiaexistencial.com(31.22.4.141) - malware mail.ninosindigochile.cl(104.248.239.10) - mailcious mirvalgroup.com(167.99.163.124) - mailcious walkerswebshop.com(149.255.62.16) - mailcious unimedunihealth.com(172.67.201.73) - mailcious www.dirgantaratuba.com(202.67.13.163) - mailcious wp.gensoukyou.org(172.67.188.124) - mailcious 104.248.239.10 - mailcious 31.22.4.141 - malware 149.255.62.16 - mailcious 202.67.13.163 - mailcious 167.99.163.124 - mailcious 104.27.134.101 172.67.188.124	1		6.4	M	37	ZeroCERT