Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
44746	2020-12-05 21:27	vbc2.exe 2ddd5d153ac811ba0aced89b7355c46e VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName DNS Cryptographic key crashed					10.8	M	50	ZeroCERT

44747	2020-12-05 21:26	vbc.exe 5ab9f695129d6509186bcc05baab0f7e Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted ICMP traffic unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Software		1			13.8	M	46	ZeroCERT

44748	2020-12-05 21:11	Statement.doc 05b75bd6bc817a75afee29cd4aad22a4 Vulnerability VirusTotal Malware unpack itself malicious URLs DNS					4.4	M	25	ZeroCERT

44749	2020-12-05 21:11	sds.exe a96253a4b8d3dc0d9cece5aa9145813d VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName Cryptographic key	2 Keyword trend analysis	4			11.4		19	ZeroCERT

44750	2020-12-05 21:07	SPUpSvc.exe 7702048dd4f9a0c0633077053937101e VirusTotal Malware DNS					2.4	M	15	ZeroCERT

44751	2020-12-05 21:06	sds.exe a96253a4b8d3dc0d9cece5aa9145813d VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key					9.8		19	ZeroCERT

44752	2020-12-05 21:03	regasm.exe 836e51010d4dbb13353863bab000ea45 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName Trojan DNS Software	1 Keyword trend analysis	2	9 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2		15.2	M	48	ZeroCERT

44753	2020-12-05 21:02	Q2ANYkCXSvnnbyu.exe d640cba456dbd9d81ac8b9644bda9319 VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS		1			13.6	M	43	ZeroCERT

44754	2020-12-05 20:42	M4hG5vM7xsh6UtV.exe 9941320d5c52f506797d60adaea602e3 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Checks Bios Detects VirtualBox suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VMware anti-virtualization VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Software	1 Keyword trend analysis	1	5		20.6	M	47	ZeroCERT

44755	2020-12-05 20:41	hvnc.exe cc0a01705f36cfda180bdefd9f5e5546 VirusTotal Malware Check memory buffers extracted DNS		1			2.8	M	51	ZeroCERT

44756	2020-12-05 15:16	fmf.exe f54c36e34325f948dcd6149b97a54e16 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName DNS Cryptographic key crashed		1			10.8	M	41	ZeroCERT

44757	2020-12-05 15:09	explorer.exe 34f69bb999cdcd848a03ed5f818ece74 VirusTotal Cryptocurrency Miner Malware Cryptocurrency suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Auto service Check virtual network interfaces malicious URLs Windows ComputerName Cryptographic key		2	1		10.0	M	39	ZeroCERT

44758	2020-12-05 15:08	fmf.exe f54c36e34325f948dcd6149b97a54e16 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Ransomware Windows Tor ComputerName DNS Cryptographic key crashed					12.0	M	41	ZeroCERT

44759	2020-12-05 15:01	exec.vbs 263982dde8e02ce8000fa16c41bba4e1 VirusTotal Malware suspicious privilege Check memory WMI Windows utilities Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS					7.8	M	6	ZeroCERT

44760	2020-12-05 15:00	Document.doc 3eb3e5dc0602f16df7b56c73b0286c14 VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Exploit DNS crashed	1 Keyword trend analysis	2			5.2	M	29	ZeroCERT