Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
45166	2020-11-19 09:45	winlog.exe aa92c8736080f32042a34e5fddfff6e8 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Software		2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response		18.6	M	22	ZeroCERT

45167	2020-11-19 09:43	whe.exe f8b1cce7df34ebcd1cd3161b30211314 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed					7.8	M	55	ZeroCERT

45168	2020-11-19 09:39	iykex.exe 3be1e88b82706b6f653619e9619fe218 VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote AppData folder malicious URLs Windows ComputerName DNS Cryptographic key					12.0	M	39	ZeroCERT

45169	2020-11-19 09:38	vbc.exe 3ba59e99db204d0e5e0c784765f0791f VirusTotal Malware Check memory Checks debugger unpack itself					2.6	M	32	ZeroCERT

45170	2020-11-19 09:30	iykex.exe 3be1e88b82706b6f653619e9619fe218 VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote AppData folder malicious URLs Windows ComputerName DNS Cryptographic key					12.0	M	39	ZeroCERT

45171	2020-11-19 09:28	milo.exe 1e485155dcf9e761424a80697bd2b04c Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed	2 Keyword trend analysis	4	1		11.8	M	41	ZeroCERT

45172	2020-11-19 09:24	iykex.exe 3be1e88b82706b6f653619e9619fe218 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs Windows					6.2	M	39	ZeroCERT

45173	2020-11-19 09:24	ftp.exe 810757f42d1e8cc25a2f4e35c695c937 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs AntiVM_Disk VM Disk Size Check Windows DNS Cryptographic key DDNS crashed		2	1		11.8	M	20	ZeroCERT

45174	2020-11-19 09:18	ewa.exe a90c751af10335be48aa30d221628e1a VirusTotal Malware AutoRuns suspicious privilege Check memory Checks debugger unpack itself Windows utilities suspicious process malicious URLs Ransomware Windows Tor ComputerName DNS crashed					10.8	M	23	ZeroCERT

45175	2020-11-19 09:17	bnt.exe e5a348d2e2ccaa58af7199a374c6085d Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed					7.8	M	50	ZeroCERT

45176	2020-11-19 07:42	http://ghost00710.ddns.net/1/f... bc1b1f3d1f8ffb3494f9d5b74c0294fd Dridex VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Tofsee Windows Exploit DNS DDNS crashed	1 Keyword trend analysis	2	7 Info ET POLICY DNS Query to DynDNS Domain *.ddns .net SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET INFO EXE CheckRemoteDebuggerPresent (Used in Malware Anti-Debugging)		5.0		30	ZeroCERT

45177	2020-11-18 18:23	VKA.exe e1abf8fde90a87a92f12ee46f00b7e52 Browser Info Stealer Malware download FTP Client Info Stealer Azorult VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder malicious URLs sandbox evasion anti-virtualization installed browsers check Ransomware Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	2	1	1	18.4	M	14	ZeroCERT

45178	2020-11-18 18:22	yb.exe d41d8cd98f00b204e9800998ecf8427e					0.4			ZeroCERT

45179	2020-11-18 18:20	POP.exe 2ab285ba8f3215a095fc99c969a375c0 Malware download Nanocore VirusTotal Malware c&c Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key DDNS		3	2		14.4	M	16	ZeroCERT

45180	2020-11-18 18:19	OSW.exe db4fc561ac6d5394b38a7700964cd82c VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs IP Check Windows Cryptographic key	1 Keyword trend analysis	2	1		10.2	M	20	ZeroCERT