Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
44056	2021-01-06 15:17	ZyItXvsE7HAYNVDosaf9.dll 54137e29f5a9215a5149a8a500713bb7 VirusTotal Malware PDB Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	1		1	7.8	M	21	ZeroCERT

44057	2021-01-06 15:17	bQMEU4cxOsvWqLu.dll 10da945d47add24cb0a8772a6d377cfa VirusTotal Malware PDB suspicious privilege Malicious Traffic Checks debugger buffers extracted Creates shortcut RWX flags setting unpack itself malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Windows Browser Advertising ComputerName DNS Cryptographic key	1 Keyword trend analysis	1		1	8.4	M	21	ZeroCERT

44058	2021-01-06 15:10	t01.exe 13b933ccb839a2ec8f0819c10ffd07e5 VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder malicious URLs suspicious TLD sandbox evasion WriteConsoleW Tofsee Windows Browser ComputerName DNS crashed	19 Keyword trend analysis Info http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAoEcNCWvIoSyJCm34Ju7Es%3D http://api.abbtv.xyz/m.php?md5=r2/uPodKSdqmi6FTPg/hYOaNdtXPe+Hpir6I73vQAOykkz6E10kkloDy http://api.m.taobao.com/rest/api3.do?api=mtop.common.getTimestamp http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSmVYFXwi%2FRq9wx3PKhB8lC%2FFYUyAQUkZ9eMRWuEJ%2BtYMH3wcyqSDQvDCYCEA9XJzvKHSzUawu5%2FQ%2By7Xk%3D http://daidai.b.shopdomain1.com/zver/fdb865a78b7fbd6ebafee7be28102bc8.zip?t=1609913148&k=5e4a924819be0b4561db3ddaca24df02 http://daidai.b.shopdomain1.com/zver/803a06ca447f396d221f0eea5793afa8.zip?t=1609913148&k=ed2cfc765fc0dbdebd2e6aeb8403ee2c http://daidai.b.shopdomain1.com/zver/c0d949e07383d858dbd8089a1e3d0dea.zip?t=1609913148&k=f577cc632c9a23d20e18320f0e42b222 http://107.150.57.11/222009/seoc.txt http://api.abbtv.xyz/c.php?pid=1055&md5=t2fpPo9OUavP0uoUdh3QOLs= http://byd1.pw.pw2020.top/zzz http://daidai.b.shopdomain1.com/zver/a344120888a2bb58aa8ff184f5d04aad.zip?t=1609913148&k=addc8aef01b8c0716e31bbdcff9d5f53 http://byd1.pw.pw2020.top/checkver http://daidai.b.shopdomain1.com/zver/533be31bdc274d74a96789a8ed8b29f2.zip?t=1609913148&k=d7beddd10f3c6e60b46094eceecdf9d2 http://pv.sohu.com/cityjson http://27.155.88.97:161/?c=Public&a=get_config http://daidai.b.shopdomain1.com/mver/v004/loi.exe?t=1609913141&k=1dd0b807a9090f2117815a2de16d1bb1 https://www.baidu.com/search/error.html https://www.baidu.com/s?wd=%E4%BC%A0%E5%A5%871.76&rsv_spt=1&rsv_iqid=0xaaf59d1500006520&issp=1&f=8&rsv_bp=1&rsv_idx=2&ie=utf-8&rqlang=cn&tn=baiduhome_pg&rsv_enter=0&rsv_dl=tb&oq=php%25E6%258F%2590%25E7%25A4%25BA%25E7%25BC%25BA%25E5%25B0%2591vc&inputT=12034&rsv_t=609bRtxrszLYUSDBPXsu0koLprea06wFI%2BC9423nht452qfIw6q1uZ6hmNI4%2FdM1Rf9A&rsv_pq=8b7e2d7e0002ba7c&rsv_sug3=37&rsv_sug1=24&rsv_sug7=100&bs=php%E6%8F%90%E7%A4%BA%E7%BC%BA%E5%B0%91vc https://imglf3.nosdn.127.net/img/T0Jid3A3NGx6NGYwR1RURm53bXUvVnBSMnp4Kyt6NW1rUi9lN29ITDhYSlhOTWxnSHFpMVhRPT0.gif	23 Info 202020.ip138.com() api.abbtv.xyz(202.124.251.73) api.m.taobao.com(106.11.52.98) byd1.pw.pw2020.top(47.57.139.0) www.baidu.com(119.63.197.139) pv.sohu.com(175.100.207.230) ocsp.dcocsp.cn(47.246.4.188) sdd34dfgfg.xyzs666.xyz(39.98.228.46) imglf3.nosdn.127.net(119.206.200.181) daidai.b.shopdomain1.com(124.115.135.1) 198.11.136.96 27.155.89.1 175.100.207.230 107.150.57.11 140.205.160.4 47.246.59.232 - mailcious 202.124.251.73 27.155.88.97 47.57.139.0 47.116.6.217 119.206.200.181 - malware 39.98.228.46 119.63.197.151	4		21.0	M	52	ZeroCERT

44059	2021-01-06 15:07	svchost.exe 652933b7afdca42443a2e1dfff9d1f86 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself suspicious process malicious URLs		1			8.8	M	41	ZeroCERT

44060	2021-01-06 15:01	ur8OY9q.dll abaa79f4507f407c45a7be571488ef38 VirusTotal Malware PDB suspicious privilege Malicious Traffic Checks debugger buffers extracted Creates shortcut RWX flags setting unpack itself malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check installed browsers check Windows Browser Advertising ComputerName DNS Cryptographic key	1 Keyword trend analysis	1		1	8.8	M	23	ZeroCERT

44061	2021-01-06 14:59	QPR-3067.exe 1d11abb9dac9b15823d1bcad2b8b3675 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software		1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2		17.8	M	27	ZeroCERT

44062	2021-01-06 14:57	nmode.exe 4abfa113c1177d7123f6e7974cb55824 VirusTotal Malware unpack itself					2.6	M	26	ZeroCERT

44063	2021-01-06 14:50	JwwiQ.dll de04eb856b0b4b5efd8fed0fb99ccb79 VirusTotal Malware PDB Malicious Traffic Checks debugger buffers extracted Creates shortcut RWX flags setting unpack itself malicious URLs sandbox evasion installed browsers check Windows Browser Advertising ComputerName DNS Cryptographic key		1			7.6	M	26	ZeroCERT

44064	2021-01-06 14:50	BavwKzfNo6hxk.dll 9d7b87ffd95d99fd6116b9903905ed5d VirusTotal Malware PDB suspicious privilege Malicious Traffic Checks debugger buffers extracted Creates shortcut RWX flags setting unpack itself malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Windows Browser Advertising ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	1		1	9.2	M	24	ZeroCERT

44065	2021-01-06 14:42	M21Y.dll e8321185b16458d8b3c0bbbbcf1f4c83 VirusTotal Malware PDB Checks debugger RWX flags setting unpack itself sandbox evasion					3.8		36	조광섭

44066	2021-01-06 14:39	BavwKzfNo6hxk.dll 9d7b87ffd95d99fd6116b9903905ed5d VirusTotal Malware PDB suspicious privilege Malicious Traffic Checks debugger buffers extracted Creates shortcut RWX flags setting unpack itself malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check installed browsers check Windows Browser Advertising ComputerName DNS Cryptographic key	1 Keyword trend analysis	1			8.8	M	24	조광섭

44067	2021-01-06 14:17	BavwKzfNo6hxk.dll 9d7b87ffd95d99fd6116b9903905ed5d VirusTotal Malware PDB Check memory crashed					2.2	M	24	조광섭

44068	2021-01-06 14:15	BavwKzfNo6hxk.dll 9d7b87ffd95d99fd6116b9903905ed5d VirusTotal Malware PDB					1.8	M	24	조광섭

44069	2021-01-06 14:13	M21Y.dll e8321185b16458d8b3c0bbbbcf1f4c83 VirusTotal Malware PDB					2.0		36	조광섭

44070	2021-01-06 14:09	M21Y.dll e8321185b16458d8b3c0bbbbcf1f4c83 VirusTotal Malware PDB					2.0		36	조광섭