Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
44461	2020-12-22 11:12	Ableton Activator v.3.4.exe c59985a2a4b0a33ce346df4c605f61c4 Browser Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces suspicious process AppData folder malicious URLs VMware anti-virtualization installed browsers check Tofsee Ransomware Windows Browser ComputerName Firmware DNS Cryptographic key crashed	2 Keyword trend analysis	7	1		13.4		26	ZeroCERT

44462	2020-12-22 11:02	winlog.exe 6afe65a67db47fb50ae3506d8e6e0e4d Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Trojan DNS Software	1 Keyword trend analysis	2	8 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Fake 404 Response	1	13.2	M	35	ZeroCERT

44463	2020-12-22 11:01	1.exe 09874cbb134851ff3b971960916ce5bb VirusTotal Malware unpack itself Remote Code Execution					2.6	M	61	ZeroCERT

44464	2020-12-22 10:42	vbc.exe fcd369792aaf258ffbd27408e3d32f1f VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName DNS crashed					10.8	M	23	ZeroCERT

44465	2020-12-22 10:42	uninsxsd1218.exe a0e151a2b74b2816155c47f209761415 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory WMI Creates executable files Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName		2			11.0	M	41	ZeroCERT

44466	2020-12-22 09:32	svchost.exe 3ee960d7d595c82b47ce28164afed056 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Trojan DNS Software	1 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	14.8	M	47	ZeroCERT

44467	2020-12-22 09:31	uninsxsd1218.exe a0e151a2b74b2816155c47f209761415 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory WMI Creates executable files Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS					10.6	M	41	ZeroCERT

44468	2020-12-22 09:25	ox.exe 346e98b8a995d5f3150c502c055de9ef Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key crashed keylogger	2 Keyword trend analysis	4	1		11.0	M	54	ZeroCERT

44469	2020-12-22 09:24	regasm.exe c07a3923461ebf2e5b1a88472c21ae32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Trojan DNS Software	1 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	14.4	M	45	ZeroCERT

44470	2020-12-22 09:20	New.jpg.exe 8cce9e2aeeb8c84fda8f79c2619b3456 VirusTotal Malware PDB unpack itself					1.6	M	14	ZeroCERT

44471	2020-12-22 09:19	m.dll.exe c596155ad2a6b40478d30da8b8fab520 VirusTotal Malware Check memory unpack itself crashed					2.4		9	ZeroCERT

44472	2020-12-22 09:09	document.doc b95e04c849d81d07c653371b50426f5f VirusTotal Malware ICMP traffic exploit crash unpack itself malicious URLs Exploit DNS crashed		2			6.4	M	30	ZeroCERT

44473	2020-12-22 09:08	fa.exe 5188c198e093757a394d4bcb495f325d VirusTotal Malware AutoRuns Check memory RWX flags setting unpack itself malicious URLs AntiVM_Disk anti-virtualization VM Disk Size Check Windows					4.0	M	19	ZeroCERT

44474	2020-12-21 23:50	ara.exe e6bcda31530ea4dea50cff346ad39184 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs DNS					7.2		10	ZeroCERT

44475	2020-12-21 23:49	bee0053.exe 116ce4f2a56e0847ce02691cf4038fea VirusTotal Malware RWX flags setting unpack itself anti-virtualization					2.2	M	21	ZeroCERT