Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
44686	2020-12-08 21:39	pg.exe 3f0522e4c0cff4215079b36695cdd78f VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key crashed					12.2	M	44	ZeroCERT

44687	2020-12-08 21:37	regasm.exe e55da166e7ba466275234e9ee6b2a568 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Software		1	1		13.6		23	ZeroCERT

44688	2020-12-08 21:36	pg.exe 3f0522e4c0cff4215079b36695cdd78f VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Ransomware Windows Tor ComputerName Cryptographic key crashed					13.4	M	44	ZeroCERT

44689	2020-12-08 21:33	n.exe 4d24c2a76368d1aae55284ccf73a6743 VirusTotal Malware crashed					2.0	M	35	ZeroCERT

44690	2020-12-08 21:30	oxchjjhrwe.exe 036adb8395038b566c990ef4006f2cf5 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted ICMP traffic unpack itself malicious URLs Windows		2			12.0	M	45	ZeroCERT

44691	2020-12-08 21:29	AutoUpdate.exe b22aa7e622f8883df8cdcf5b573e043c VirusTotal Malware Checks debugger unpack itself malicious URLs					4.2	M	26	ZeroCERT

44692	2020-12-08 17:54	nass.exe 5a99e9b25f0423fcedab39af22741b46 VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process malicious URLs WriteConsoleW human activity check Tofsee Windows DNS Cryptographic key DDNS crashed	8 Keyword trend analysis Info https://hastebin.com/raw/ozakocuver https://hastebin.com/raw/afukimumiw https://hastebin.com/raw/qirinoloqe https://hastebin.com/raw/xohesulowe https://hastebin.com/raw/locupetepa https://hastebin.com/raw/iwukefezul https://hastebin.com/raw/mirihuqaju https://hastebin.com/raw/waciluzaqa	4	2		16.0	M	23	ZeroCERT

44693	2020-12-08 17:53	Host.exe ea930dacbcdccf4d29416392cdab6a36 NetWireRC VirusTotal Malware AutoRuns Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder malicious URLs Windows DNS DDNS		2			8.6	M	54	ZeroCERT

44694	2020-12-08 17:46	document.doc 2fcf1e23188eeb3d447e0e5b679d4f81 VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit DNS crashed Downloader		1	6 Info ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.2	M	29	ZeroCERT

44695	2020-12-08 17:46	Cerberus.exe 16e586d7d93daec3cae5cd79dddb627a VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger Creates executable files unpack itself AppData folder malicious URLs crashed	1 Keyword trend analysis	2			5.8	M	47	ZeroCERT

44696	2020-12-08 17:36	590906.jpg.exe 5ca4df20d2ec92c297a010650a777d4f					0.6			ZeroCERT

44697	2020-12-08 17:35	app.exe e49071c84232e085109f1bb63d2d334d VirusTotal Malware unpack itself malicious URLs					2.4	M	22	ZeroCERT

44698	2020-12-08 12:26	vbc.exe 9971aba6d9eca7e79d711b0b59e1edef Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.8	M	23	ZeroCERT

44699	2020-12-08 11:03	vbc2.exe 411c1d448a08bc32258d2f8c301037f1 Malware download Azorult Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS	1 Keyword trend analysis	2	1		12.0			ZeroCERT

44700	2020-12-08 11:03	vbc.exe 9971aba6d9eca7e79d711b0b59e1edef Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Software		2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		13.8	M	23	ZeroCERT