Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
44986	2020-11-25 18:22	svchost.exe 3093fbc1285eae874e39161553540c6c VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs	1 Keyword trend analysis	2			8.2	M	18	ZeroCERT

44987	2020-11-25 18:19	svchost.exe 3093fbc1285eae874e39161553540c6c VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs					7.4	M	18	ZeroCERT

44988	2020-11-25 18:16	regasm.exe 2c779eb8a99417d4512c130b00b0dbf0 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	9 Info ET INFO DNS Query for Suspicious .ml Domain ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ml Domain ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2		14.8	M	20	ZeroCERT

44989	2020-11-25 18:13	https://zoomba619.blogspot.com... c89486438fea2dd19f18900689a2ea43 Dridex VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	30 Keyword trend analysis Info https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png https://zoomba619.blogspot.com/favicon.ico https://www.google.com/css/maia.css https://fonts.googleapis.com/css?family=Open+Sans:300 https://www.blogger.com/blogin.g?blogspotURL=https://zoomba619.blogspot.com/p/14n.html https://www.google-analytics.com/analytics.js https://zoomba619.blogspot.com/p/14n.html https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff https://www.blogger.com/img/share_buttons_20_3.png https://www.gstatic.com/og/_/ss/k=og.qtm.LxFU5raKC7I.L.I9.O/m=qawd,qmd/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtb,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTuxx9r82IG9VtDswwd52iKnvFvhvw https://www.blogger.com/static/v1/v-css/281434096-static_pages.css https://www.blogger.com/static/v1/widgets/3416767676-css_bundle_v2.css https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://zoomba619.blogspot.com/p/14n.html%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://zoomba619.blogspot.com/p/14n.html%26bpli%3D1&passive=true&go=true https://www.gstatic.com/og/_/js/k=og.qtm.en_US.eDa9r_TVF5I.O/rt=j/m=q_d,qawd,qmd,qsd,qmutsd,qapid/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtb,qhtt/d=1/ed=1/rs=AA2YrTvt_FChtzGjr4wKVQY3jzJEAyfceg https://www.blogger.com/static/v1/widgets/1791449097-widgets.js https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png https://www.google.com/gen_204?atyp=i&zx=1606295324725&sei=JR--X8L4I9fj-gSfx774Dw&ogf=.40.40.40.76.40.40.40.&ogrp=&ogv=343804731.0&ogd=&ogc=KOR&ogl=ko&oggv=quantum%3AgapiBuildLabel&jexpid=&srcpg=prop%3D30&jsr=10&emsg=ReferenceError%3A'console'%EC%9D%B4(%EA%B0%80)%20%EC%A0%95%EC%9D%98%EB%90%98%EC%A7%80%20%EC%95%8A%EC%95%98%EC%8A%B5%EB%8B%88%EB%8B%A4. https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg https://fonts.googleapis.com/css?lang=ko&family=Product+Sans\|Roboto:400,700 https://www.blogger.com/img/blogger-logotype-color-black-1x.png https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.uhBKOtz6fOw.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8GZHNTtpcfighnqAH0uUZTALLzrw/cb=gapi.loaded_0 https://www.blogger.com/dyn-css/authorization.css?targetBlogID=2525772521150521786&zx=f1a9dab4-d740-4e63-b13e-5c2747a95cd6 https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fzoomba619.blogspot.com%2Fp%2F14n.html&bpli=1 https://www.blogger.com/static/v1/jsbin/4244862144-ieretrofit.js https://resources.blogblog.com/img/icon18_edit_allbkg.gif https://ssl.gstatic.com/gb/images/p1_799229b0.png https://resources.blogblog.com/img/icon18_wrench_allbkg.png https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js	21 Info zoomba619.blogspot.com(172.217.25.193) resources.blogblog.com(216.58.197.137) www.google.com(172.217.175.36) www.gstatic.com(172.217.24.131) ssl.gstatic.com(172.217.24.131) accounts.google.com(172.217.174.109) www.google-analytics.com(172.217.174.110) apis.google.com(172.217.161.78) fonts.gstatic.com(172.217.161.67) fonts.googleapis.com(216.58.197.202) www.blogger.com(216.58.197.137) 216.58.199.4 - suspicious 216.58.199.9 172.217.31.234 172.217.163.227 172.217.26.142 172.217.26.129 172.217.161.163 172.217.24.201 216.58.200.13 172.217.31.227	3		4.6			ZeroCERT

44990	2020-11-25 18:11	guy1.exe 9721f911ecb8a06c0f244f7ff35dbde2 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Tofsee Ransomware Windows Tor ComputerName DNS crashed		2	3		13.4	M	26	ZeroCERT

44991	2020-11-25 18:04	Fud.exe d9d14a4d757661ddc2c9505aa355b738 VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder malicious URLs WriteConsoleW DNS DDNS		1	1		5.2	M	64	ZeroCERT

44992	2020-11-25 18:03	frc.exe 8ecaaebd5421a1ecb8875768d596d63a Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed					7.8	M	57	ZeroCERT

44993	2020-11-25 17:52	crypt64.exe 844af995530659841ac2d31bf4f54367 Malware download njRAT NetWireRC VirusTotal Malware Checks debugger Creates executable files unpack itself malicious URLs WriteConsoleW DNS		1	1		4.2	M	65	ZeroCERT

44994	2020-11-25 17:49	Bc.exe ab5be19947a194e51f29f19188f314a6 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself ComputerName					3.0	M	46	ZeroCERT

44995	2020-11-25 11:16	sooft.exe bdbb8e4de8ffaa96552df10d184b3195 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware MachineGuid Malicious Traffic Check memory buffers extracted unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW installed browsers check Tofsee Windows Browser Email ComputerName Software	5 Keyword trend analysis	7	1		10.8	M	58	ZeroCERT

44996	2020-11-25 11:05	kc.exe a1d7b3b8eba5e173f0fc1bd4815c9b09 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed					8.4	M	55	ZeroCERT

44997	2020-11-25 11:03	fw1.exe 5bd6a17341164eb9be5c4149e619aa6a VirusTotal Malware unpack itself malicious URLs Remote Code Execution DNS		1			3.8	M	47	ZeroCERT

44998	2020-11-25 09:59	frc.exe 8ecaaebd5421a1ecb8875768d596d63a Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed					8.4	M	57	ZeroCERT

44999	2020-11-25 09:59	cssrs.bat.exe 82051be04dc64ddade7daadb40ef7aa0 VirusTotal Malware Check memory RWX flags setting Detects VMWare malicious URLs sandbox evasion VMware Browser Remote Code Execution DNS crashed		1			6.2	M	22	ZeroCERT

45000	2020-11-25 09:54	ago.exe 0b1e53072e91e0d71e3db6b2720d2ee8 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed					7.8	M	57	ZeroCERT