Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
44386	2020-12-24 10:31	ascvjkfd.exe 115d4ac308403ea6cffaf5d7ff23a501 Browser Info Stealer Emotet Malware download FTP Client Info Stealer Vidar Azorult VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Collect installed applications powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Ransomware Interception Zeus OskiStealer Stealer Windows Browser Email ComputerName DNS Cryptographic key Software Downloader	12 Keyword trend analysis Info http://gfbrice.ac.ug/msvcp140.dll http://gfbrice.ac.ug/main.php http://gfbrice.ac.ug/sqlite3.dll http://gfbrice.ac.ug/mozglue.dll http://gfbrice.ac.ug/softokn3.dll http://gfbrice.ac.ug/ http://gfbrice.ac.ug/vcruntime140.dll http://gfbrice.ac.ug/nss3.dll http://gfbrice.ac.ug/freebl3.dll http://darkface.ac.ug/index.php http://darkface.ac.ug/ac.exe https://cdn.discordapp.com/attachments/720918485122940978/791284356970577941/Xzor123	10 Info gfbrice.ac.ug(45.150.206.10) taenaia.ac.ug(185.140.53.149) - mailcious darkface.ac.ug(45.150.206.10) - malware cdn.discordapp.com(162.159.135.233) - malware discord.com(162.159.136.232) agentpapple.ac.ug() - mailcious 162.159.133.233 - malware 45.150.206.10 - malware 162.159.136.232 185.140.53.149 - mailcious	9 Info ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE AZORult v3.3 Server Response M2 ET MALWARE Generic - POST To .php w/Extended ASCII Characters (Likely Zeus Derivative) ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil		29.2	M	25	ZeroCERT

44387	2020-12-24 10:27	aguerox.scr 90b585b2f2737b2c4492708b54c9359d Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed keylogger	2 Keyword trend analysis	4	1		14.6	M	23	ZeroCERT

44388	2020-12-24 10:24	ac.exe d48449979ab0c5751e432b6743268ccd VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName		2			12.4	M	34	ZeroCERT

44389	2020-12-24 10:23	55555555555.jpg.exe c7f979b367bf63800dda59db4898321b DNS					1.2			ZeroCERT

44390	2020-12-24 09:47	https://popcash.net/world/go/2... 20a9e246228be4bbb6c098ff278257f3 Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	3 Keyword trend analysis Info https://tsyndicate.com/do2/direct?c=e0SEGUNHhI4YLETQgXNQBJw3DRXSOeMwTA0zNmzMmFGjRYwbMMi0oCEjx8gwYWDgaIFjDBmVZG6U2QhjhgiFY9zMOTiDhg2FYeqMcSjGDpo6OW6IkYODDo0cYnKkwWEHJgycIsSkIeMwRtYwZOwcjJEDJNCHdcQczFHDRsKBcBrqwHHDBg2Fc-AY1DFDIwyoNxSWwUPni16-IkrSwHG3hgwZWHO2mTvDJlQcQcmYOShYqxs3B2XEwBF4hsI2birqkFGyBgyFcFKvBgkDBto6X3WIQEOH4RwdL16EkUPnzZw1ady4gJNmzJwXP8iUseO8zBc6eeCU6QFlCJc6tmXYmCNnTI8lT7KSyRNaBx05dcooJPOmjcPFjWk8jsw84pgw5kDDBTfKMCinMPjaYoYYuojNvINgcME2uCKCUAcJKVRIDM4wdCEGGWrISbYv4LhQQs_ksKMy2EQoYwzZyFKojjrScIgMGmIgwyUycsDBDNvEiIyGMny0LQcfXzSjNBlmymqOMnjarQwzahADBzJsaiEMGsSIgaQyahhjyzLCMKOFMcy4oa2SyhDyp6zSmEsEkGpwITIcPvTpw9eyqiMMh5p4Q4802GAjjBfshAEEFMawD44E0xCDjTJ2AKGJKZIoAoQcJrT0CuXqu2MOEJygAgQbPvxUubssxaNVEKiQg6sy3KAj0QlTyGoMonZbQoqs3pDjC14d-jUrOc5wj7SfFGKjVxHSW4-6L5giS0QRprPjCznKYIOsGGywC4YcbLCNPjneOAhbMtL9wo4y5FjXNrxEOO4gtMoba7d06UhQ2BbqcCMNOlqQIc87ApRhPWjrmOOLhOdYeKL7EDK3rpBuAInihS1e6YaMQZoBBxj6UCAg&s=bc1df301830813ddfb317752c80507d2278888fa733f901a3824dd5dceb2b1f01608770717 https://popcash.net/world/go/243171/541957 https://artoskin.pics/?device_type=PC&src=KO	8	3		4.6	M		ZeroCERT

44391	2020-12-24 09:21	https://ucf7440f11e64fe794a0c8... dafe01ff19d72fb69ae0592c98440748 Dridex Malware Code Injection exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		2	3		4.2	M	28	ZeroCERT

44392	2020-12-24 09:16	winlog.exe c61f9f9c9e4cda47016cfd944778af19 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Trojan DNS Software	1 Keyword trend analysis	2	8 Info ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET INFO DNS Query for Suspicious .ga Domain ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1	1	12.8	M	38	ZeroCERT

44393	2020-12-24 09:03	win32.exe 2f0c8a1bb15284bdbbbe38c24a2aa491 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Trojan DNS Software	1 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	14.0	M	40	ZeroCERT

44394	2020-12-24 09:03	svchost.exe 08ef8917e644417f578ed3be5033a77e Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Trojan DNS Software	1 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.2	M	34	ZeroCERT

44395	2020-12-23 18:34	R5VVFQEN7P2YCUP.doc cab5254b1b78ca7a2c96c4f9d4ba3b40 Vulnerability VirusTotal Malware unpack itself DNS					3.0	M	14	ZeroCERT

44396	2020-12-23 18:33	regasm.exe 1d9086709ae0ee4dd4055b9fef5fca4c Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Trojan DNS Software	1 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	12.6	M	20	ZeroCERT

44397	2020-12-23 18:30	R5VVFQEN7P2YCUP.doc cab5254b1b78ca7a2c96c4f9d4ba3b40 Vulnerability VirusTotal Malware unpack itself malicious URLs					3.2	M	14	ZeroCERT

44398	2020-12-23 18:27	bine.exe 643d71110f8f60590bd795e97317bd86 VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs DNS	17 Keyword trend analysis Info http://www.woodlandpizzahartford.com/bw82/?mL08q=EgjYCCjbkfVj9ehGxTuHAhcpQboFBLSXtFcJRUu6FmW11AJT4F0+EqeE2EWzm0j+z/EHekc6&JBZ4ix=OVjTZr - rule_id: 169 http://www.curateherstories.com/bw82/ http://www.medkomp.online/bw82/?mL08q=XXvds6kwhVjrEh3bbLk7tXX7tGMBUmL1J7R6G33gDvMEBKB80x6mpl7sj8ceVwuu+Sawoxbm&JBZ4ix=OVjTZr http://www.medkomp.online/bw82/ http://www.h2oturkiye.com/bw82/ http://www.magiclabs.media/bw82/?mL08q=P2+pz5IrkU8P5mOmr1TQmwqfNtgh4ua+i28lAlYonz3NKvuB08r74ddbhMNfRAfc3W+32ZUt&JBZ4ix=OVjTZr http://www.dealsonwheeeles.com/bw82/?mL08q=YNoZp1cTd9PqP9uDymFogp2JCj7FMVLhyOh44kprRzKNcwLKy4v5xqVwVWSgg8W/6SpbGSjN&JBZ4ix=OVjTZr http://www.nikolaichan.com/bw82/?mL08q=nYWM/rwQuQgzzYTiZtrUCAZuUhwRv7E+HND77r6KFUMhbDslxCvF9el30pcIChwmKYIjSfOm&JBZ4ix=OVjTZr http://www.h2oturkiye.com/bw82/?mL08q=CMr/hCS6mwvsPbXaRlwKDrCPfcrQCABATO63SlwWoNIQfxte8yY+flRvYqW9xmZKpkswsok7&JBZ4ix=OVjTZr http://www.rizrvd.com/bw82/?mL08q=AJ+QNFfrOFbXfaBH3oQHABBFVni950JEMBOKAlzmtW9JOrHkbqbPArp20lyvTn0sGIZMgptI&JBZ4ix=OVjTZr - rule_id: 170 http://www.rizrvd.com/bw82/?mL08q=AJ+QNFfrOFbXfaBH3oQHABBFVni950JEMBOKAlzmtW9JOrHkbqbPArp20lyvTn0sGIZMgptI&JBZ4ix=OVjTZr http://www.woodlandpizzahartford.com/bw82/ - rule_id: 169 http://www.dealsonwheeeles.com/bw82/ http://www.curateherstories.com/bw82/?mL08q=2vyuGwHiQ7EvXBHfLyrkWp+hlAiWIN0rCXJnc3deUzDL3Fz4XyzD01gktZirWyXaZbBAW+QZ&JBZ4ix=OVjTZr http://www.rizrvd.com/bw82/ - rule_id: 170 http://www.magiclabs.media/bw82/ http://www.nikolaichan.com/bw82/	15 Info www.nikolaichan.com(216.58.220.147) www.medkomp.online(81.200.118.106) www.h2oturkiye.com(94.73.146.42) www.curateherstories.com(34.102.136.180) www.rizrvd.com(34.102.136.180) - mailcious www.dealsonwheeeles.com(182.50.132.242) www.woodlandpizzahartford.com(104.31.80.238) - mailcious www.magiclabs.media(198.49.23.144) 216.58.200.19 104.31.81.238 - mailcious 198.49.23.145 - mailcious 34.102.136.180 - mailcious 94.73.146.42 - mailcious 81.200.118.106 182.50.132.242 - mailcious		4	10.2	M	28	ZeroCERT

44399	2020-12-23 18:27	io5O6T4F0h7ZH76.dll 5981b313d6b1882ed0161e200d12232e VirusTotal Malware Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key	1 Keyword trend analysis	1		1	6.6	M	14	ZeroCERT

44400	2020-12-23 18:24	1ABG7OS11fImC.dll 858bad49be45f10f8110a16e4f327f46 VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key	1 Keyword trend analysis	1		1	6.2	M	15	ZeroCERT