Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
44536	2020-12-16 18:22	I2WExplorer.exe af710d76a71abcd42c396ffc0e12cda2 VirusTotal Malware PDB suspicious privilege Check memory Checks debugger unpack itself					2.4	M	36	ZeroCERT

44537	2020-12-16 18:16	https://zoomba619.blogspot.com... 56b8523d141dbaf1c146b923049c9cb5 Dridex VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	29 Keyword trend analysis Info https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png https://zoomba619.blogspot.com/favicon.ico https://www.google.com/css/maia.css https://fonts.googleapis.com/css?family=Open+Sans:300 https://www.google-analytics.com/analytics.js https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff https://www.blogger.com/img/share_buttons_20_3.png https://www.blogger.com/dyn-css/authorization.css?targetBlogID=2525772521150521786&zx=d19d8632-1056-4b48-b43e-bad47871dfbb https://www.blogger.com/static/v1/v-css/281434096-static_pages.css https://www.blogger.com/static/v1/widgets/3416767676-css_bundle_v2.css https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://zoomba619.blogspot.com/p/c3.html%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://zoomba619.blogspot.com/p/c3.html%26bpli%3D1&passive=true&go=true https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff https://zoomba619.blogspot.com/p/c3.html https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png https://www.blogger.com/static/v1/jsbin/376796862-ieretrofit.js https://www.gstatic.com/og/_/js/k=og.qtm.en_US.QgY6lxWvAPk.O/rt=j/m=q_d,qawd,qmd,qsd,qmutsd,qapid/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtb,qhtt/d=1/ed=1/rs=AA2YrTvod91nzEJFOvvfJUrn6_vLwwY0bw https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg https://fonts.googleapis.com/css?lang=ko&family=Product+Sans\|Roboto:400,700 https://www.blogger.com/img/blogger-logotype-color-black-1x.png https://www.blogger.com/static/v1/widgets/2195516358-widgets.js https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js https://www.gstatic.com/og/_/ss/k=og.qtm.y0v8--8W2Xg.L.I9.O/m=qawd,qmd/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtb,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTtSLvQ9QxDR2uHIB3mSbhYF7uJInw https://resources.blogblog.com/img/icon18_edit_allbkg.gif https://ssl.gstatic.com/gb/images/p1_799229b0.png https://resources.blogblog.com/img/icon18_wrench_allbkg.png https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.GhYSaDTWhs4.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_CcmyUNBPTBtz4hsH0C6OHKqodVQ/cb=gapi.loaded_0 https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fzoomba619.blogspot.com%2Fp%2Fc3.html&bpli=1 https://www.blogger.com/blogin.g?blogspotURL=https://zoomba619.blogspot.com/p/c3.html	21 Info zoomba619.blogspot.com(172.217.161.33) - mailcious resources.blogblog.com(172.217.26.41) www.google.com(216.58.220.132) www.gstatic.com(172.217.26.35) ssl.gstatic.com(172.217.25.195) accounts.google.com(172.217.175.77) www.google-analytics.com(216.58.197.142) apis.google.com(216.58.197.206) fonts.gstatic.com(172.217.161.67) fonts.googleapis.com(172.217.25.74) www.blogger.com(172.217.26.41) 216.58.199.4 - suspicious 216.58.199.10 172.217.26.141 172.217.163.238 216.58.199.105 172.217.174.201 172.217.161.129 142.250.199.67 172.217.31.238 - suspicious 172.217.161.131	3		5.0			guest

44538	2020-12-16 18:16	henryx.scr d4f8d10203aece68bcd02d1f0fb27def Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger					13.4	M	22	ZeroCERT

44539	2020-12-16 16:46	endyx.scr 6835b462ca256cacbda46400eb1bb7e0 Browser Info Stealer Malware download FTP Client Info Stealer Azorult VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder malicious URLs sandbox evasion anti-virtualization installed browsers check Ransomware Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	2	3		16.4	M	23	ZeroCERT

44540	2020-12-16 16:46	david.exe 384a7bebd1c1bae53b14e1f02e10fa94 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger					11.4	M		ZeroCERT

44541	2020-12-16 16:35	damianox.scr b41a91991dcb97e8e7d43c368cc58c57 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser Email ComputerName DNS Cryptographic key Software crashed					11.6	M	22	ZeroCERT

44542	2020-12-16 16:34	CKC.exe 7379d1bbf5b0a85cade31143413cf9e6 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs IP Check Windows ComputerName Cryptographic key crashed	1 Keyword trend analysis	2	1		9.4	M	15	ZeroCERT

44543	2020-12-16 16:27	CKC.exe 7379d1bbf5b0a85cade31143413cf9e6 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs IP Check Windows ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	2	1		10.0	M	15	ZeroCERT

44544	2020-12-16 16:27	csrs.exe 3a94c5b0350d50bf1485156e75a82ded VirusTotal Malware Buffer PE Check memory buffers extracted Creates executable files unpack itself AppData folder malicious URLs					5.2	M	47	ZeroCERT

44545	2020-12-16 16:23	chidu.exe 994caae4cc6731bdb8447a8b13314f68 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger					13.8	M	40	ZeroCERT

44546	2020-12-16 16:23	5555555555.jpg.exe 613062734b9244597bee0607b8432e9f					1.0			ZeroCERT

44547	2020-12-16 16:18	1312.gif.3.exe b2a9a4e1656bdb5749de4f228dc9f307 VirusTotal Malware DNS					2.4	M	41	ZeroCERT

44548	2020-12-16 16:17	1312.gif.2.exe d41d8cd98f00b204e9800998ecf8427e					0.4			ZeroCERT

44549	2020-12-16 12:50	http://54.169.255.180/.cache/A... ff1f1a2332f563aebf955780642344f1 Dridex VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	6 Info ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex		5.0		13	ZeroCERT

44550	2020-12-16 12:23	1SystemWindows.exe d100a087bc378ea7fb3afc39bc164984 VirusTotal Malware PDB Malicious Traffic Check memory Checks debugger unpack itself Tofsee Windows DNS	4 Keyword trend analysis Info http://r7---sn-3u-bh2lz.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe?cms_redirect=yes&mh=Sd&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lz&ms=nvh&mt=1608088546&mv=u&mvi=7&pcm2cms=yes&pl=18&shardbypass=yes http://redirector.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe https://update.googleapis.com/service/update2?cup2key=10:785814653&cup2hreq=d24eedb90b0e27ebe0b6054a63c6cfca8e31297d6eb8148ac15b766c4c760631 https://update.googleapis.com/service/update2	2	4		3.8	M	39	ZeroCERT