Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
45196	2020-11-18 08:00	http://151.80.8.30/document1.d... f9a6dc3c7aa957c70e4f539d72e54c4f Dridex VirusTotal Malware Code Injection Malicious Traffic exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	5		4.6		25	ZeroCERT

45197	2020-11-17 18:50	SK-0177.exe d737b3e50711d626e50f55db83908747 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	6	5		16.8	M	24	ZeroCERT

45198	2020-11-17 18:46	SDJ-0488.exe 89a84e0e14ffe871c73cd121ab13b6d5 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software		1			17.2	M	21	ZeroCERT

45199	2020-11-17 18:44	F58PlfINzp49aXd.exe b0916454a9fa65dcffa2552149850fd8 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	6	5		13.2		25	ZeroCERT

45200	2020-11-17 18:42	411.exe 2398469593c9dec9561a556b30f6d63a VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs Windows ComputerName Cryptographic key crashed					13.2	M	29	ZeroCERT

45201	2020-11-17 18:31	ago.exe 0b1e53072e91e0d71e3db6b2720d2ee8 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed					8.4	M	43	ZeroCERT

45202	2020-11-17 18:31	411.exe 2398469593c9dec9561a556b30f6d63a VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs Ransomware Windows Tor ComputerName Cryptographic key crashed					14.4	M	29	ZeroCERT

45203	2020-11-17 17:51	바이든 시대 북한 비핵화 협상의 또 하나암초 - 북한 ... c0c9b52ce51df46422e4fa14178beeec VirusTotal Malware Check memory RWX flags setting unpack itself suspicious process malicious URLs Interception Browser ComputerName		2			7.4	M	30	guest

45204	2020-11-17 17:14	바이든 시대 북한 비핵화 협상의 또 하나암초 - 북한 ... 164839a72dba24d189c1d990e61a53e2 unpack itself malicious URLs					2.0			guest

45205	2020-11-17 17:10	http://naver.midsecurity.org/a... c731e705a5baf082bf3ffc72b6b77699 Dridex VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	10 Keyword trend analysis Info http://naver.midsecurity.org/attache/20201112/ http://naver.midsecurity.org/favicon.ico https://www.google.com/gen_204?atyp=i&zx=1605600471859&ogsr=1&ei=4oSzX9ZJgvbAA5Tjigg&ct=7&cad=i&id=19020306&loc=&prid=1&ogd=co.kr&ogprm=up&vis=1 https://www.google.com/images/branding/googlelogo/1x/googlelogo_white_background_color_272x92dp.png https://ssl.gstatic.com/gb/images/i1_1967ca6a.png https://www.google.com/ https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.uhBKOtz6fOw.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8GZHNTtpcfighnqAH0uUZTALLzrw/cb=gapi.loaded_0 https://id.google.com/verify/AHGvNoxAZHHcFbjELX9aUcdWqB0kYI-3vZN668EoXbUU7C138LYfKzXkhXZ5A8CQ0r8m4W4JBbzFmZHjJy0p4BTnOt48MJIgb3PTICcGYufmC-9Bw7inQg https://www.google.com/images/hpp/Chrome_Owned_96x96.png https://www.gstatic.com/og/_/js/k=og.og2.en_US.0fxHrwx9DwM.O/rt=j/m=def/exm=in,fot/d=1/ed=1/rs=AA2YrTuwNYp9HnNdyLuIQrO0aAHr-sQcBQ	12 Info www.google.com(172.217.174.100) www.gstatic.com(172.217.174.99) naver.midsecurity.org(211.104.160.79) ssl.gstatic.com(172.217.25.99) id.google.com(172.217.24.131) apis.google.com(216.58.197.174) 216.58.220.131 172.217.24.131 211.104.160.79 - suspicious 172.217.175.227 172.217.174.100 216.58.197.174 - suspicious	3		5.0		2	guest

45206	2020-11-17 09:51	pegoos.exe e8b534f89b0f23446b410e47ded4a76f Malware download VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check human activity check installed browsers check Tofsee Windows Browser ComputerName WordPress Downloader	8 Keyword trend analysis	6	5 Info ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download		9.4	M	20	ZeroCERT

45207	2020-11-17 09:50	uinm.exe 9a14f154a2bd1be68a91bab0118cdd6b Malware Malicious Traffic Check memory Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows	2 Keyword trend analysis	2			4.2	M		ZeroCERT

45208	2020-11-17 09:49	pegs.exe 42e13e9fb45e01c567b6d3c34caab781 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware MachineGuid Malicious Traffic Check memory buffers extracted Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs WriteConsoleW installed browsers check Tofsee Windows Browser Email ComputerName Remote Code Execution DNS Software Downloader	7 Keyword trend analysis	4	4 Info ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download		13.0	M	27	ZeroCERT

45209	2020-11-17 09:35	pegasun.exe e73e257a21c192c734e5fda707f526c4 VirusTotal Malware malicious URLs		1			2.8	M	51	ZeroCERT

45210	2020-11-17 09:34	peggs.exe 393e5a7fe1d4a719890fe46e7049301a Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware MachineGuid Malicious Traffic Check memory buffers extracted ICMP traffic unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW installed browsers check Tofsee Windows Browser Email ComputerName DNS Software Downloader	8 Keyword trend analysis	4	4 Info ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		13.8	M	43	ZeroCERT