Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
44521	2020-12-17 16:19	vbn.exe 74e570ba5f6106f6e93121660da4f462 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis	2			13.2	M	43	ZeroCERT

44522	2020-12-17 15:17	vbc.exe ae8d9001b6fc7686c84fb7cd58d95894 VirusTotal Malware Buffer PE Check memory Checks debugger buffers extracted unpack itself DNS					3.4	M	18	ZeroCERT

44523	2020-12-17 15:15	suf.hta 3bc3c371d30b1a8633a3dbb3069e86ad VirusTotal Malware suspicious privilege Check memory WMI unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName		2			5.0	M	4	guest

44524	2020-12-17 15:08	suf.hta 3bc3c371d30b1a8633a3dbb3069e86ad VirusTotal Malware crashed					1.0		4	guest

44525	2020-12-17 10:05	document.doc 01c8f989db53ea3a342cc16ede71e06f VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed Downloader		1	6 Info ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.2	M	27	ZeroCERT

44526	2020-12-17 10:04	http://www.hahae.co.kr/new3/IS... 06cfdaf0990fcd6ace527e1ae005e36f Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	2	3		4.6			ZeroCERT

44527	2020-12-17 09:50	winlog.exe 926682b2da9a8406bcb427da6a9e00ac Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Trojan DNS Software	1 Keyword trend analysis	2	8 Info ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET INFO DNS Query for Suspicious .ga Domain ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1		14.4	M	46	ZeroCERT

44528	2020-12-17 09:49	diego.png.exe d8a449d9a8aa11d58db91e3dc2387595 VirusTotal Malware unpack itself DNS					2.4	M	17	ZeroCERT

44529	2020-12-17 09:37	svchost.exe d543a59ba12985acaf4134c3ff427b86 NetWireRC VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Checks Bios Detects VirtualBox suspicious process malicious URLs VMware anti-virtualization Windows ComputerName DNS Cryptographic key DDNS Software		2	1		16.8	M	43	ZeroCERT

44530	2020-12-17 09:36	prosperx.scr 9c13e16c165b2a914fd342729e7e919c VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows DNS Cryptographic key		1			9.0	M	23	ZeroCERT

44531	2020-12-17 09:18	prosperx.scr 9c13e16c165b2a914fd342729e7e919c VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows DNS Cryptographic key		1			9.0	M	23	ZeroCERT

44532	2020-12-17 09:16	OSW.exe f0e54257937a0cce319faf635a3e1f98 VirusTotal Malware Check memory Checks debugger unpack itself malicious URLs ComputerName					2.4	M	15	ZeroCERT

44533	2020-12-17 09:01	Lab15-03-pr.exe cf30e80afa4570f94a066d0264c5a3da VirusTotal Malware malicious URLs sandbox evasion WriteConsoleW crashed	2 Keyword trend analysis	2			3.4	M	45	ZeroCERT

44534	2020-12-17 08:59	Lab16-01.exe 7faafc7e4a5c736ebfee6abbbc812d80 VirusTotal Malware Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows					4.6	M	40	ZeroCERT

44535	2020-12-16 18:23	Lab15-03.exe bfadb08f07304b6b293707e4f9c9f1a9 VirusTotal Malware Malicious Traffic buffers extracted malicious URLs sandbox evasion WriteConsoleW Tofsee Windows DNS crashed	6 Keyword trend analysis Info http://redirector.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe http://www.practicalmalwareanalysis.com/tt.html http://r7---sn-3u-bh2lz.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe?cms_redirect=yes&mh=Sd&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lz&ms=nvh&mt=1608110186&mv=m&mvi=7&pl=18&shardbypass=yes https://update.googleapis.com/service/update2 https://practicalmalwareanalysis.com/tt.html https://update.googleapis.com/service/update2?cup2key=10:177881428&cup2hreq=016457274a4079e7110e64f6d35cb10690bff0ad17ff457e6357bf2cfadfac2e	4	4		5.8	M	45	ZeroCERT