Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
45076	2020-11-21 17:34	ozchgftrq.exe d7a52acd99d213cdeb1f91ed193868d0 Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files ICMP traffic unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check installed browsers check OskiStealer Stealer Windows Browser Email ComputerName	8 Keyword trend analysis	2	4		18.8	M	50	ZeroCERT

45077	2020-11-21 17:34	POT.exe 51665d04b5fc3289e64ebb819e29e798 Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs DNS crashed					3.8	M		ZeroCERT

45078	2020-11-21 17:20	nnab.exe f87c759372219f7aea1b53289f8f4ad8 VirusTotal Malware Code Injection buffers extracted unpack itself sandbox evasion DNS crashed					6.2	M	28	ZeroCERT

45079	2020-11-21 17:20	ogo.exe 561e3075e7562f8e42a9f4e18e2c7635 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed keylogger	2 Keyword trend analysis	4	1		13.6	M	44	ZeroCERT

45080	2020-11-21 17:16	nnab.exe f87c759372219f7aea1b53289f8f4ad8 VirusTotal Malware Code Injection buffers extracted unpack itself sandbox evasion crashed					5.6	M	28	ZeroCERT

45081	2020-11-21 17:14	ds1.exe db0b8c1100f32aafe63cb885a30cc7e0 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself malicious URLs DNS crashed					8.6	M	17	ZeroCERT

45082	2020-11-21 17:14	fank.exe fe2b5814b851201115c8964989899a4e Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed	2 Keyword trend analysis	4	1		11.4	M	51	ZeroCERT

45083	2020-11-21 17:09	ds1.exe db0b8c1100f32aafe63cb885a30cc7e0 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself malicious URLs crashed					8.0	M	17	ZeroCERT

45084	2020-11-21 17:09	document.doc bdf4feb317e41d2c450e006e90836e88 VirusTotal Malware exploit crash unpack itself malicious URLs Windows Exploit DNS crashed		4	2		5.2	M	27	guest

45085	2020-11-21 17:06	BQoFEXaNOEtJ9dC.exe cbd9b726eb72d78bfba34ae1a7719ef2 VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW Ransomware Windows Tor ComputerName DNS crashed	1 Keyword trend analysis	2			11.4	M	44	guest

45086	2020-11-21 17:05	azchgftrq.exe b403152a9d1a6e02be9952ff3ea10214 VirusTotal Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder malicious URLs Windows ComputerName		2	5 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 38 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		13.6	M	26	guest

45087	2020-11-20 18:47	azchgftrq.exe b403152a9d1a6e02be9952ff3ea10214 Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files ICMP traffic unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization installed browsers check OskiStealer Stealer Windows Browser Email ComputerName DNS	10 Keyword trend analysis Info http://taenaiaa.ac.ug/msvcp140.dll http://taenaiaa.ac.ug/main.php http://taenaiaa.ac.ug/sqlite3.dll http://taenaiaa.ac.ug/mozglue.dll http://taenaiaa.ac.ug/softokn3.dll http://taenaiaa.ac.ug/ http://taenaiaa.ac.ug/nss3.dll http://taenaiaa.ac.ug/vcruntime140.dll http://taenaiaa.ac.ug/freebl3.dll http://morasergiox.ac.ug/index.php	3	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 38 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil		20.2	M	26	guest

45088	2020-11-20 18:46	ac.exe 49ba8ccea19e418fd166e89e46e2897f VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs		3			9.8	M	48	guest

45089	2020-11-20 14:13	ac.exe 49ba8ccea19e418fd166e89e46e2897f VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted ICMP traffic unpack itself malicious URLs		3			10.2	M	20	admin

45090	2020-11-20 14:10	ac.exe 49ba8ccea19e418fd166e89e46e2897f VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs		3			9.4	M	20	guest