Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
44431	2020-12-23 10:40	w.jpg.exe 02bc3167a931c04b510e431cca825cc8 VirusTotal Malware PDB Check memory unpack itself crashed					2.0	M	17	guest

44432	2020-12-23 09:31	vbc.exe db542dfd79175f5c8c0ab1f20a8fe1d1 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName crashed					10.8	M	27	guest

44433	2020-12-23 09:29	w.jpg.exe 02bc3167a931c04b510e431cca825cc8 VirusTotal Malware PDB Check memory unpack itself crashed					2.0	M	17	guest

44434	2020-12-23 09:18	LP39W4L.doc 9f6785612b0ce7efbc9558ba9f51c043 Vulnerability VirusTotal Malware Malicious Traffic ICMP traffic unpack itself malicious URLs Tofsee Windows DNS	1 Keyword trend analysis	7	4	1	7.6	M	32	guest

44435	2020-12-23 09:16	uwyoiynmmqopx.exe e7e96c9207162499c8a9ab553d8855e9 VirusTotal Malware					2.0	M	49	guest

44436	2020-12-23 09:07	datos.exe 5a67e5c4236e16b4ed8cf12576946eb0 Dridex TrickBot ENERGETIC BEAR VirusTotal Malware AutoRuns Malicious Traffic Check memory buffers extracted Creates shortcut Creates executable files unpack itself malicious URLs AntiVM_Disk sandbox evasion anti-virtualization IP Check VM Disk Size Check Tofsee Ransomware Kovter Windows Tor ComputerName Remote Code Execution DNS keylogger	7 Keyword trend analysis Info http://139.162.210.252/tor/server/fp/0ac4c4d8bca8da7bae6be3fea87442e724353cbf http://176.123.5.193/tor/server/fp/ccf38c8682e5936852f6f33a0a333aff30ca453f http://23.129.64.192/tor/server/fp/a29d2a78a8a954819e220cefbebce95d2fcfa54d http://91.250.242.12/tor/server/fp/951307ba74e44a9c9c208b2f134cda2409944075 http://91.234.19.55/tor/server/fp/204dfd2a2c6a0dc1fa0eacb495218e0b661704fd http://89.35.34.33/tor/server/fp/2aba1345fc9975152372f42d06a1a7dcc870c2f5 https://api.ipify.org/	14	18 Info ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 359 SURICATA HTTP Request abnormal Content-Encoding header ET POLICY TOR Consensus Data Requested SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 205 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 154 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET P2P Tor Get Server Request ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 824 ET POLICY TLS possible TOR SSL traffic ET TOR Known Tor Exit Node Traffic group 23 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 23 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 804 ET TOR Known Tor Exit Node Traffic group 150 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 150 ET TOR Known Tor Exit Node Traffic group 90 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 91 ET COMPROMISED Known Compromised or Hostile Host Traffic group 24		10.6	M	53	guest

44437	2020-12-23 09:06	19934.5.exe 63166f4636e5156006b25b214f8708ca VirusTotal Malware PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs Tofsee ComputerName DNS	1 Keyword trend analysis	3	1		7.0	M	60	guest

44438	2020-12-23 08:01	http://jomorder.co/wp-admin/l9... 46212534ccb9c29480ac03b9d9b61f45 Dridex VirusTotal Malware Code Injection exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	2	3		4.6			ZeroCERT

44439	2020-12-22 18:35	19932.0.exe a990743dc1d517be8fdbd9c16c32919e VirusTotal Malware PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs Tofsee ComputerName DNS	1 Keyword trend analysis	3	1		7.0	M	45	guest

44440	2020-12-22 18:35	45.exe c2c24dbead6a0c0e3028869440216664 VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself malicious URLs					3.2	M	50	guest

44441	2020-12-22 18:28	4.5.exe e00c93a8d92089c7c76fbe9494756767 VirusTotal Cryptocurrency Miner Malware Cryptocurrency PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Auto service Check virtual network interfaces malicious URLs Tofsee Windows ComputerName DNS	2 Keyword trend analysis	3	5 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET POLICY Cryptocurrency Miner Checkin		11.8	M	49	guest

44442	2020-12-22 18:25	4.5.jpg.exe 11acdd3bc366b04cbca2b5727d836ceb VirusTotal Cryptocurrency Miner Malware Cryptocurrency PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Auto service Check virtual network interfaces suspicious process malicious URLs Tofsee Windows ComputerName DNS	3 Keyword trend analysis	3	5 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET POLICY Cryptocurrency Miner Checkin		12.4	M	29	guest

44443	2020-12-22 16:40	reg.exe c62b1e8e806ff0d93d1579721f2b2052 VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself Windows utilities Checks Bios Detects VMWare suspicious process malicious URLs WriteConsoleW VMware anti-virtualization Windows Cryptographic key crashed					11.2	M	20	ZeroCERT

44444	2020-12-22 16:40	Paradox.exe 18db4025efcafb1584789e0fbdd3db2a VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself malicious URLs Windows DNS Cryptographic key					3.6	M	33	ZeroCERT

44445	2020-12-22 16:28	reg.exe c62b1e8e806ff0d93d1579721f2b2052 VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself Windows utilities Checks Bios Detects VMWare suspicious process malicious URLs WriteConsoleW VMware anti-virtualization Windows Cryptographic key crashed					11.2	M	20	ZeroCERT