Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
44596	2020-12-13 13:52	sdbot.exe 5b91f05c52f08142db54a16fbd5087b6 VirusTotal Malware Buffer PE AutoRuns Code Injection Checks debugger buffers extracted unpack itself malicious URLs Windows DNS					9.6	M	42	ZeroCERT

44597	2020-12-13 13:51	invoice_11.12.2020.doc cd99e85cf77d503852dbf1ce70e0f1df Malware download VirusTotal Malware exploit crash unpack itself malicious URLs Windows Exploit DNS crashed	4 Keyword trend analysis	5	4		4.8	M	20	ZeroCERT

44598	2020-12-13 13:49	sdbot.exe 5b91f05c52f08142db54a16fbd5087b6 VirusTotal Malware Buffer PE AutoRuns Code Injection Checks debugger buffers extracted unpack itself malicious URLs Windows					9.0	M	42	ZeroCERT

44599	2020-12-13 13:41	DarkHTTP.exe 9ba83cfe1902ffedb753073492045187 VirusTotal Malware PDB DNS					2.0	M	23	ZeroCERT

44600	2020-12-13 13:38	bigbot.exe 0b1df4612ea82c62c67d3cbaaa336c18 VirusTotal Malware PDB					1.8	M	43	ZeroCERT

44601	2020-12-13 13:36	svchost2.exe 4c7063ec0fb39986822bdb17dfb14ade VirusTotal Malware AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows DNS DDNS crashed	1 Keyword trend analysis	5	2		5.4	M	22	ZeroCERT

44602	2020-12-13 13:36	look.exe c26859c4a7dce369457b656a5922876e Browser Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege MachineGuid Check memory buffers extracted WMI Creates executable files ICMP traffic unpack itself malicious URLs AntiVM_Disk VM Disk Size Check human activity check installed browsers check Windows Browser Email ComputerName DNS crashed Downloader		3	1		11.6	M	32	ZeroCERT

44603	2020-12-12 18:36	svchost.exe 670d8ac68d823b18a7c41bbd2094c2d9 NetWireRC VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger buffers extracted unpack itself Checks Bios Detects VirtualBox suspicious process malicious URLs VMware anti-virtualization Windows ComputerName DNS Cryptographic key DDNS Software		2	1		15.0	M	24	ZeroCERT

44604	2020-12-12 18:34	oosnhsyysjmns.png.exe bd1f17c3f5f6d4b8b97bcb4d330daec4 VirusTotal Malware Check memory unpack itself crashed					2.4	M	21	ZeroCERT

44605	2020-12-12 16:12	un.exe c586c158732d51fa4b3d5e6f440e0f58 VirusTotal Malware Check memory RWX flags setting unpack itself malicious URLs anti-virtualization DNS					4.8	M	29	ZeroCERT

44606	2020-12-12 16:11	Update.exe bf97f1dcf3b0f3dcedb078aa16535e45 VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee ComputerName crashed	2 Keyword trend analysis	4	1		4.0	M	31	ZeroCERT

44607	2020-12-12 15:44	RJ48GY8lXm6fMXW.exe 290d7e0e76c015ae40d502a03b508cff Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser Email ComputerName DNS Software		1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response		18.4	M	21	ZeroCERT

44608	2020-12-12 15:44	soft.exe d4d4997b433348f7745b065f1fb2d578 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency MachineGuid Check memory buffers extracted Collect installed applications malicious URLs sandbox evasion anti-virtualization IP Check installed browsers check Ransomware Browser ComputerName DNS Software	1 Keyword trend analysis	3	1		10.0	M	56	ZeroCERT

44609	2020-12-12 15:27	fw4.exe a7ea20176e5493c4c6f7e936a9632271 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows DNS Cryptographic key					10.4	M	24	guest

44610	2020-12-12 15:27	1210_80556334.doc de9538b9867e559105756da43f5c2ad2 Vulnerability VirusTotal Malware Code Injection Checks debugger buffers extracted ICMP traffic unpack itself Check virtual network interfaces suspicious TLD IP Check ComputerName	1 Keyword trend analysis	6	1		11.4		35	guest