Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
44581	2020-12-15 11:04	DELYG8nMFe9RxD9lR6.exe 69db731bb7943d8f8b20995d0dbf64e2 Report ICMP traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Browser Advertising ComputerName Remote Code Execution DNS Cryptographic key		7	5		7.2			r0d

44582	2020-12-15 10:13	AQW.exe fa2d232572f85b32aa2145cca35d13ff VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself suspicious process malicious URLs Windows ComputerName DNS Cryptographic key crashed keylogger		2			15.4	M	36	guest

44583	2020-12-15 10:10	5555555555.jpg.exe dea15b8a17ac4f78c996d37606d6d625 Check memory unpack itself crashed					1.4			guest

44584	2020-12-15 09:59	https://motlolidk.blogspot.com... 2db656fc18c4717337f9d581296601d2 Dridex VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	26 Keyword trend analysis Info https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png https://motlolidk.blogspot.com/favicon.ico https://www.google.com/css/maia.css https://fonts.googleapis.com/css?family=Open+Sans:300 https://www.blogger.com/dyn-css/authorization.css?targetBlogID=6181590366086872420&zx=b215f827-8398-4dd3-82f5-d0ee5f578811 https://www.google-analytics.com/analytics.js https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff https://www.blogger.com/static/v1/v-css/281434096-static_pages.css https://www.blogger.com/static/v1/widgets/3416767676-css_bundle_v2.css https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png https://www.blogger.com/static/v1/jsbin/376796862-ieretrofit.js https://www.gstatic.com/og/_/js/k=og.qtm.en_US.QgY6lxWvAPk.O/rt=j/m=q_d,qawd,qmd,qsd,qmutsd,qapid/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtb,qhtt/d=1/ed=1/rs=AA2YrTvod91nzEJFOvvfJUrn6_vLwwY0bw https://www.gstatic.com/og/_/ss/k=og.qtm.y0v8--8W2Xg.L.I9.O/m=qawd,qmd/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtb,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTtSLvQ9QxDR2uHIB3mSbhYF7uJInw https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg https://fonts.googleapis.com/css?lang=ko&family=Product+Sans\|Roboto:400,700 https://www.blogger.com/img/blogger-logotype-color-black-1x.png https://www.blogger.com/blogin.g?blogspotURL=https://motlolidk.blogspot.com/p/266.html https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://motlolidk.blogspot.com/p/266.html%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://motlolidk.blogspot.com/p/266.html%26bpli%3D1&passive=true&go=true https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js https://www.blogger.com/static/v1/widgets/2195516358-widgets.js https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fmotlolidk.blogspot.com%2Fp%2F266.html&bpli=1 https://ssl.gstatic.com/gb/images/p1_799229b0.png https://resources.blogblog.com/img/icon18_wrench_allbkg.png https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.GhYSaDTWhs4.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_CcmyUNBPTBtz4hsH0C6OHKqodVQ/cb=gapi.loaded_0	21 Info ssl.gstatic.com(172.217.25.195) resources.blogblog.com(172.217.26.41) www.google.com(172.217.161.36) www.gstatic.com(172.217.25.67) fonts.googleapis.com(172.217.175.10) motlolidk.blogspot.com(172.217.161.33) - mailcious accounts.google.com(172.217.175.77) www.google-analytics.com(172.217.24.142) apis.google.com(216.58.197.206) fonts.gstatic.com(172.217.161.67) www.blogger.com(172.217.26.41) 172.217.31.233 216.58.197.97 216.58.199.4 - suspicious 172.217.161.173 142.250.199.78 216.58.199.105 216.58.199.106 172.217.161.174 - mailcious 172.217.24.67 142.250.199.67	3		5.0	M		guest

44585	2020-12-15 09:57	5555555555.jpg.1.exe dea15b8a17ac4f78c996d37606d6d625 Check memory unpack itself crashed					1.4			guest

44586	2020-12-15 09:56	67c68b858942bef785b1a5fc9cdddb... 67c68b858942bef785b1a5fc9cdddb01 VirusTotal Malware Check memory RWX flags setting unpack itself Windows utilities AppData folder malicious URLs WriteConsoleW Windows DNS		1			4.8	M	46	guest

44587	2020-12-15 09:27	DOC_69061004.doc ce9a45e819d63dfea62902796a33a307 Vulnerability VirusTotal Malware Malicious Traffic ICMP traffic unpack itself malicious URLs Tofsee	2 Keyword trend analysis	15 Info datvietquan.com(103.97.125.60) - malware ypddf.org(172.96.189.174) - malware daisyboots.co.uk(31.220.16.209) - mailcious albasisgroup.com(205.144.171.109) - mailcious asmaraloka.com(139.162.2.200) www.asmaraloka.com(139.162.2.200) - mailcious subramanyatemple.org(103.212.121.63) - mailcious thanhthatbadinh.com(150.95.110.87) - malware 103.212.121.63 - mailcious 205.144.171.109 - mailcious 139.162.2.200 - mailcious 103.97.125.60 - malware 150.95.110.87 - malware 172.96.189.174 - malware 31.220.16.209 - mailcious	3		5.4	M	44	guest

44588	2020-12-14 13:00	invoice.exe 9da0947781f5d7848d9401ac3596dbcc VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Checks Bios Detects VirtualBox Check virtual network interfaces malicious URLs VMware anti-virtualization Windows ComputerName DNS Cryptographic key DDNS Software		2	1		13.8		15	ZeroCERT

44589	2020-12-14 12:59	https://karlagaray.com/wp-incl... ce9a45e819d63dfea62902796a33a307 Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		2	3		4.6			ZeroCERT

44590	2020-12-14 12:53	vbc.exe 0e1dbe1dfd3aad4027f0e3e857f7e701 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName Cryptographic key crashed					10.2	M	31	ZeroCERT

44591	2020-12-14 12:47	3.png.exe 1aac7d5a0dbab8d8f6412d55919e38a3 VirusTotal Malware DNS					1.4		1	ZeroCERT

44592	2020-12-14 12:47	Ayo.exe 2a7d72ec0e6ad3921e8d4dee4c6873de Malware download AsyncRAT Dridex NetWireRC TrickBot VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Checks Bios Detects VirtualBox malicious URLs VMware anti-virtualization Kovter Windows ComputerName DNS Cryptographic key Software		1	2		12.0	M	38	ZeroCERT

44593	2020-12-14 12:44	1.txt.exe adbfbe634aa8634da6967ffa53dfa438 VirusTotal Malware					0.8		2	ZeroCERT

44594	2020-12-14 12:44	2.txt.exe 10655296b3fc7155a27c6d7b132ea633 VirusTotal Malware					0.8		3	ZeroCERT

44595	2020-12-13 14:01	sdbot.exe 5b91f05c52f08142db54a16fbd5087b6 VirusTotal Malware Buffer PE AutoRuns Code Injection Checks debugger buffers extracted unpack itself malicious URLs Windows					9.0	M	42	ZeroCERT