Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
45046	2020-11-23 10:16	Daemon2.exe f3cc3e81c695a218ecfd71978d007ec0 VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns Code Injection Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process malicious URLs sandbox evasion WriteConsoleW Windows Browser ComputerName DNS		1	5 Info ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile ET INFO Executable Download from dotted-quad Host ET INFO AutoIt User Agent Executable Request ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		11.8	M	39	ZeroCERT

45047	2020-11-23 10:15	nCoreManage41r.exe 49479db345e2c3694c34f1326035a692 VirusTotal Malware Checks debugger unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows DNS					4.6	M	48	ZeroCERT

45048	2020-11-23 10:11	Daemon.exe dd3de309df5791a357534b613270ca3a VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns Code Injection Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process malicious URLs sandbox evasion WriteConsoleW Windows Browser ComputerName DNS		1	5 Info ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile ET INFO Executable Download from dotted-quad Host ET INFO AutoIt User Agent Executable Request ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		11.8	M	40	ZeroCERT

45049	2020-11-23 10:10	333.vbs 98a361a32f05e5d35659b84c4a8a3d81 Malware download AsyncRAT Dridex NetWireRC TrickBot Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Kovter Windows ComputerName DNS Cryptographic key DDNS		4	3		16.0	M		ZeroCERT

45050	2020-11-22 15:46	winupdate64.log.exe d6c8dfb4e756dfca48068be9160da3ca AutoRuns suspicious privilege unpack itself malicious URLs Windows Advertising crashed					4.8			ZeroCERT

45051	2020-11-22 15:42	vHJ9aMdbRpFATd3.exe 526f579a895b5294709684a3f48a6704 VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS		1			13.4	M	38	ZeroCERT

45052	2020-11-22 15:42	Setup.exe 1d7b2ef640708b295388ad7f66efd41a					0.6			ZeroCERT

45053	2020-11-22 15:31	M0021.cab 4a6a30db71e78ff73d46d8d999f51098					0.4			ZeroCERT

45054	2020-11-22 15:03	vHJ9aMdbRpFATd3.exe 526f579a895b5294709684a3f48a6704 VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS		1			13.4	M	38	ZeroCERT

45055	2020-11-22 15:02	zxcv.EXE 82a0a0bd6084c5a28081310e75e7f608 VirusTotal Malware RWX flags setting unpack itself Windows DNS crashed					3.8	M	58	ZeroCERT

45056	2020-11-22 14:58	vHJ9aMdbRpFATd3.exe 526f579a895b5294709684a3f48a6704 VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS		1			13.4	M	38	ZeroCERT

45057	2020-11-22 14:58	vbc3.exe bf75ed61e1b1f7b310ec1d999077c4dd VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself malicious URLs	10 Keyword trend analysis Info http://www.qzrpxx.com/o56q/?AdpLIhj=P2eb/knzekVWtTLKqAP1FhOrr8Fv7hbpHOs/hGmiCsR6+dL7XpK3jSWWK4y62PvCwZCP1G7u&EZ442V=IdnTot2PhnQT http://www.kamisbet.com/o56q/?AdpLIhj=VKLKGhk3Pe2OjeCfLw6g1+470HcCMM4KU97S7s7eStMeb/8KEmVIsOCWQTjbYjSr+CVdjHnL&EZ442V=IdnTot2PhnQT http://www.natcandy.com/o56q/ http://www.natcandy.com/o56q/?AdpLIhj=txyYMtCLm6ubKNHi3qYYn+5SCVWoTymC4Fy9/8gvc5WTXTsch9hYV90QltEHWjVeSRlmmpSg&EZ442V=IdnTot2PhnQT http://www.qzrpxx.com/o56q/ http://www.teelinkz.com/o56q/?AdpLIhj=kNK7qyUppsx1QRLwDQjm/XfEOCgL/rCBvS1q+B2CMQED5QxzM1Z/xLEIYMidk8SKLw+i55Nq&EZ442V=IdnTot2PhnQT http://www.kamisbet.com/o56q/ http://www.620harbourdrive.com/o56q/ http://www.teelinkz.com/o56q/ http://www.620harbourdrive.com/o56q/?AdpLIhj=oBhdXTojpWNHoEp6WHKMn+PMMmogcfgwxJ2vT9od1Z59LPoNEbYBbxB/kh93ERTUpLr6YngX&EZ442V=IdnTot2PhnQT	12 Info www.sz360buy.com(160.122.148.234) www.teelinkz.com(34.102.136.180) www.620harbourdrive.com(184.168.131.241) www.natcandy.com(198.54.117.212) www.qzrpxx.com(47.91.170.148) www.kamisbet.com(104.31.91.19) 198.54.117.218 - suspicious 172.67.219.144 34.102.136.180 - suspicious 184.168.131.241 - suspicious 47.91.170.148 160.122.148.234			6.8	M	22	ZeroCERT

45058	2020-11-22 14:55	vbc2.exe 3d549885e44863c57f59eab47f2271cc VirusTotal Malware Code Injection buffers extracted unpack itself sandbox evasion DNS crashed					6.6	M	44	ZeroCERT

45059	2020-11-22 14:54	vbc.exe 0daef62b8a4b65f7ce2021e21941e32e Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed	2 Keyword trend analysis	4	1		12.4	M	49	ZeroCERT

45060	2020-11-22 14:52	vbc2.exe 3d549885e44863c57f59eab47f2271cc VirusTotal Malware Code Injection buffers extracted unpack itself sandbox evasion crashed					6.0	M	44	ZeroCERT