Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
44671	2020-12-09 18:18	9872345987345764.exe 0b550abc587600c9a9d1dd5e23a089f9 VirusTotal Malware suspicious privilege Check memory buffers extracted Creates executable files unpack itself AppData folder malicious URLs IP Check Ransomware Windows Advertising Google DNS keylogger	1 Keyword trend analysis	6	1		9.8	M	18	ZeroCERT

44672	2020-12-09 18:17	Check.vbs 64da134f75d0e8d2165107afbc8a1ee2 Browser Info Stealer Email Client Info Stealer Malware powershell Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI heapspray ICMP traffic unpack itself Check virtual network interfaces suspicious process malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check installed browsers check Windows Java Browser Email ComputerName DNS Cryptographic key DDNS keylogger		6	3		19.6	M		ZeroCERT

44673	2020-12-09 18:16	온라인+학술대회+한시적+지원+관련+Q&A.hwp... 257a81471a001af1fa0d82069c92993c VirusTotal Malware Checks debugger Creates shortcut Creates executable files unpack itself malicious URLs					3.0	M	28	r0d

44674	2020-12-09 18:12	온라인+학술대회+한시적+지원+관련+Q&A.hwp... 257a81471a001af1fa0d82069c92993c VirusTotal Malware Checks debugger Creates shortcut Creates executable files unpack itself malicious URLs					3.0	M	28	r0d

44675	2020-12-09 18:09	warCS.gif.exe e5b54ad94c5af53fe63de33113e8ebc3 Emotet VirusTotal Malware Buffer PE Code Injection buffers extracted unpack itself malicious URLs DNS crashed					9.4	M	65	ZeroCERT

44676	2020-12-09 18:09	warEXT.gif.exe 3e86685246c1fdcc9eef8b95986ba4e4 VirusTotal Malware Code Injection buffers extracted unpack itself crashed					6.6	M	66	ZeroCERT

44677	2020-12-09 18:06	온라인+학술대회+한시적+지원+관련+Q&A.hwp... 257a81471a001af1fa0d82069c92993c VirusTotal Malware Checks debugger Creates shortcut Creates executable files unpack itself malicious URLs DNS					3.6	M	28	r0d

44678	2020-12-09 18:05	warCS.gif.exe e5b54ad94c5af53fe63de33113e8ebc3 Emotet VirusTotal Malware Buffer PE Code Injection buffers extracted unpack itself malicious URLs crashed					8.8	M	65	ZeroCERT

44679	2020-12-09 18:04	warEXT.gif.exe 3e86685246c1fdcc9eef8b95986ba4e4 VirusTotal Malware Code Injection buffers extracted unpack itself crashed					6.6	M	66	ZeroCERT

44680	2020-12-09 15:54	온라인+학술대회+한시적+지원+관련+Q&A.hwp... 257a81471a001af1fa0d82069c92993c VirusTotal Malware Checks debugger Creates shortcut Creates executable files unpack itself malicious URLs					3.0	M	28	r0d

44681	2020-12-09 13:31	vbc.exe 3b0789ad71be68843bf97f5885b03326 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName DNS Cryptographic key crashed					10.8	M	43	ZeroCERT

44682	2020-12-09 13:30	scriptxls_799079b3-8d0f-45bc-9... 85070f4325ad66976ac4a728fb393783 powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName Cryptographic key		2	1		7.6	M		ZeroCERT

44683	2020-12-09 11:41	remeus.exe 9bf1c67dbbc2b863c6254ef7415bb434 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces malicious URLs IP Check installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key Software crashed	3 Keyword trend analysis	9	2		17.2		42	r0d

44684	2020-12-09 07:56	http://107.155.162.25/win/dati... ded38d3faf45c6798e0a430d060cd68c Dridex VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	6 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex		6.0			ZeroCERT

44685	2020-12-09 00:22	remeus.exe 9bf1c67dbbc2b863c6254ef7415bb434 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Collect installed applications Check virtual network interfaces suspicious process malicious URLs WriteConsoleW IP Check installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key Software crashed	4 Keyword trend analysis	10	6 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SURICATA HTTP unable to match response to request		18.8		26	ZeroCERT