Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
45691	2021-04-28 12:14	mazx.exe 342d651660cf2b0587d25f343aff786f Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	2 Keyword trend analysis Info http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-4C040980FB238F42747D4200E39E5134.html - rule_id: 1176 http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E6414DF053ECE16DD340D40A0368921A.html - rule_id: 1176	2	1	2	13.2	M	19	guest

45692	2021-04-28 11:38	mazx.exe 342d651660cf2b0587d25f343aff786f Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	2 Keyword trend analysis Info http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-4C040980FB238F42747D4200E39E5134.html - rule_id: 1176 http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E6414DF053ECE16DD340D40A0368921A.html - rule_id: 1176	2	1	2	13.2	M	19	guest

45693	2021-04-28 11:34	mazx.exe 342d651660cf2b0587d25f343aff786f Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	2 Keyword trend analysis Info http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-4C040980FB238F42747D4200E39E5134.html - rule_id: 1176 http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E6414DF053ECE16DD340D40A0368921A.html - rule_id: 1176	2	1	2	13.2	M	19	guest

45694	2021-04-28 11:30	mazx.exe 342d651660cf2b0587d25f343aff786f Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	2 Keyword trend analysis Info http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-4C040980FB238F42747D4200E39E5134.html - rule_id: 1176 http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E6414DF053ECE16DD340D40A0368921A.html - rule_id: 1176	2	1	2	13.2	M	19	guest

45695	2021-04-28 11:18	mazx.exe 342d651660cf2b0587d25f343aff786f Cuckoo Rule KeyBase Keylogger AsyncRAT backdoor OSCheck File format packer Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	2 Keyword trend analysis Info http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-4C040980FB238F42747D4200E39E5134.html - rule_id: 1176 http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E6414DF053ECE16DD340D40A0368921A.html - rule_id: 1176	2	1	2	13.2	M	19	guest

45696	2021-04-28 11:11	FreeMaps.af75d672c26d4cc59fc74... 10e868b5ebf405fe2ca10e0552023d44 packer Gen2 OSCheck File format VirusTotal Malware Check memory Creates executable files unpack itself AppData folder sandbox evasion Tofsee DNS	3 Keyword trend analysis Info http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=Error&errorCode=-11&errorType=nsisError&errorDetails=File+Not+Found+%28404%29&platform=vicinio&anxv=2.7.1.3000&anxd=2018-10-23&coid=af75d672c26d4cc59fc74465083f473c&refPartner=^BXV^mni000^S29402&refSub=&anxl=en-US&anxr=2075128396&refCobrand=BXV&refCampaign=mni000&refTrack=S29402&refCountry= http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=Error&errorCode=-16&errorType=nsisError&errorDetails=af75d672c26d4cc59fc74465083f473c&platform=vicinio&anxv=2.7.1.3000&anxd=2018-10-23&coid=af75d672c26d4cc59fc74465083f473c&refPartner=^BXV^mni000^S29402&refSub=&anxl=en-US&anxr=2022722323&refCobrand=BXV&refCampaign=mni000&refTrack=S29402&refCountry= https://dp.tb.ask.com/installerParams.jhtml?coId=af75d672c26d4cc59fc74465083f473c	4	1		4.8		32	ZeroCERT

45697	2021-04-28 10:45	mazx.exe 342d651660cf2b0587d25f343aff786f packer Cuckoo Rule KeyBase Keylogger OSCheck File format AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	2 Keyword trend analysis Info http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-4C040980FB238F42747D4200E39E5134.html - rule_id: 1176 http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E6414DF053ECE16DD340D40A0368921A.html - rule_id: 1176	2	1	2	14.2	M	19	guest

45698	2021-04-28 10:39	mazx.exe 342d651660cf2b0587d25f343aff786f Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	2 Keyword trend analysis Info http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-4C040980FB238F42747D4200E39E5134.html - rule_id: 1176 http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E6414DF053ECE16DD340D40A0368921A.html - rule_id: 1176	2	1	2	13.2	M	19	guest

45699	2021-04-28 10:32	mazx.exe 342d651660cf2b0587d25f343aff786f Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	2 Keyword trend analysis Info http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-4C040980FB238F42747D4200E39E5134.html - rule_id: 1176 http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E6414DF053ECE16DD340D40A0368921A.html - rule_id: 1176	2	1	2	13.2	M	19	guest

45700	2021-04-28 10:19	mazx.exe 342d651660cf2b0587d25f343aff786f packer Cuckoo Rule KeyBase Keylogger OSCheck File format AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	2 Keyword trend analysis Info http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-4C040980FB238F42747D4200E39E5134.html - rule_id: 1176 http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E6414DF053ECE16DD340D40A0368921A.html - rule_id: 1176	2	1	2	13.2	M	19	guest

45701	2021-04-28 10:12	mazx.exe 342d651660cf2b0587d25f343aff786f packer Cuckoo Rule KeyBase Keylogger OSCheck File format AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	2 Keyword trend analysis Info http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-4C040980FB238F42747D4200E39E5134.html - rule_id: 1176 http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E6414DF053ECE16DD340D40A0368921A.html - rule_id: 1176	2	1	2	13.2	M	19	guest

45702	2021-04-28 10:05	mazx.exe 342d651660cf2b0587d25f343aff786f packer Cuckoo Rule KeyBase Keylogger OSCheck File format AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	2 Keyword trend analysis Info http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-4C040980FB238F42747D4200E39E5134.html - rule_id: 1176 http://ldvamlwhdpetnyn.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E6414DF053ECE16DD340D40A0368921A.html - rule_id: 1176	2	1	2	13.2	M	19	guest

45703	2021-04-28 10:01	uDUxwumDrV.dll ee03a7aafeaa2e4b937066e5efe8016f VirusTotal Malware Checks debugger DNS crashed					2.6		31	ZeroCERT

45704	2021-04-28 10:00	c.dot 8c953304a94209a33f4b63d71605d816 FormBook Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed Downloader	24 Keyword trend analysis Info http://www.forrealmodels.com/qjnt/ - rule_id: 872 http://www.warriornotesgolbalprayer.com/qjnt/?5j=NZEjDeTbQWI4t+jLVj6ckcPfHkTvqBwW1gJjjcociDWZiHYNHkrr42q5Qu5MGWq/DbzHTKzP&vTdDF=LJBx - rule_id: 787 http://www.buckhead-meat.com/qjnt/ - rule_id: 871 http://www.forrealmodels.com/qjnt/?5j=/8UA4kKoPYWid4Wy4SiZil89tJjdT7ic7hTrtZ5fAe41kMJ49sOOTLg7IOgO80aghp25g4RJ&vTdDF=LJBx - rule_id: 872 http://www.rivcodevelopment.com/qjnt/?5j=8NBAzZEp5T2EoF9wMDQ69YhjG3fhuSs/Y3qkwEtmFVQU29n+5biQRN67qVAa42W8gpsiaP+Q&vTdDF=LJBx - rule_id: 798 http://www.xn--jpr220deud640b.com/qjnt/ http://www.frotaconceitos.com/qjnt/?5j=SklQbBNIGDp60jmvc81YaO0+TakJjqFF7kfS9N7pp+kjm4De+jDioVGollGezL8QEhW81teu&vTdDF=LJBx - rule_id: 878 http://www.graniteinaminute.com/qjnt/ - rule_id: 875 http://www.relaxxation.com/qjnt/ - rule_id: 880 http://www.startrekepisode.com/qjnt/ - rule_id: 786 http://www.buckhead-meat.com/qjnt/?5j=/eERDYDYg8Pjpk/w148+Jv3JxRRGqAllXY9DrwYjMBHW71fIc6WywKuPNHthuS6BfUUI+/zo&vTdDF=LJBx - rule_id: 871 http://www.thebluefishhotel.net/qjnt/ http://www.relaxxation.com/qjnt/?5j=mxaFhsYpdbWAcRjreClqDIL9OHFKPqnw/WaD4R8v0Y7MiHTOLhCg3x68N9MAlpNWynvCyQkZ&vTdDF=LJBx - rule_id: 880 http://www.gailrichardson.com/qjnt/?5j=cQpYuVHVGObCoOy3oJObHgw0bCNAclVj5U/7sRdD/qRSo/tXEB2YKGAusTd/rcUBeGIQZ61D&vTdDF=LJBx - rule_id: 797 http://www.akerii.com/qjnt/?5j=kSZZl6jWs3Sc3KX4sFYto2o1JEu4hGi+VMhwGPIJktQ5K/I5FgrvGI5WQKi2EBcGxzW2rAmT&vTdDF=LJBx http://www.rivcodevelopment.com/qjnt/ - rule_id: 798 http://www.warriornotesgolbalprayer.com/qjnt/ - rule_id: 787 http://www.thebluefishhotel.net/qjnt/?5j=QMUGPevhnI2Yp74JHEVzH6HtR6H2zoEQzpkVeMV2m2AjEhovI/wxUE2mGeKCbnOUy7J9Z//U&vTdDF=LJBx http://www.akerii.com/qjnt/ http://www.frotaconceitos.com/qjnt/ - rule_id: 878 http://www.gailrichardson.com/qjnt/ - rule_id: 797 http://www.startrekepisode.com/qjnt/?5j=5+BnPckFTRrJGxaMVUv0BF1FKPa8eJDIfTmAxOSqxwEOI5f2tl64h5cJxkg2lQOsq3TBX7Br&vTdDF=LJBx - rule_id: 786 http://www.xn--jpr220deud640b.com/qjnt/?5j=jCTS+G1v0GO0ffaNHB4bN1x+uxcHkkGvZyQiwKE+/XJ/MeCy3/lhGRbiqne2xOkH/Blgq97x&vTdDF=LJBx http://www.graniteinaminute.com/qjnt/?5j=Kc40ChrvGMsz5sDUgJdI1Tm80ndRwqOobrZe5CnH/KVtq0OHhWuXcnL+C6x+hGBLT8rXGqGg&vTdDF=LJBx - rule_id: 875	24 Info www.forrealmodels.com(188.93.150.60) www.frotaconceitos.com(23.227.38.74) www.pds-navi.com() www.bhcsva.com() - mailcious www.akerii.com(72.251.224.90) www.startrekepisode.com(34.102.136.180) www.thebluefishhotel.net(198.185.159.145) www.xn--jpr220deud640b.com(129.226.160.219) www.buckhead-meat.com(34.102.136.180) www.relaxxation.com(52.58.78.16) www.halostreams.net() - mailcious www.rivcodevelopment.com(182.50.132.242) www.graniteinaminute.com(182.50.132.242) www.gailrichardson.com(52.58.78.16) www.warriornotesgolbalprayer.com(34.102.136.180) 23.95.122.25 - mailcious 188.93.150.60 - mailcious 72.251.224.90 129.226.160.219 52.58.78.16 - mailcious 34.102.136.180 - mailcious 182.50.132.242 - mailcious 23.227.38.74 - mailcious 198.185.159.145 - mailcious	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE FormBook CnC Checkin (GET)	18 Info http://www.forrealmodels.com/qjnt/ http://www.warriornotesgolbalprayer.com/qjnt/ http://www.buckhead-meat.com/qjnt/ http://www.forrealmodels.com/qjnt/ http://www.rivcodevelopment.com/qjnt/ http://www.frotaconceitos.com/qjnt/ http://www.graniteinaminute.com/qjnt/ http://www.relaxxation.com/qjnt/ http://www.startrekepisode.com/qjnt/ http://www.buckhead-meat.com/qjnt/ http://www.relaxxation.com/qjnt/ http://www.gailrichardson.com/qjnt/ http://www.rivcodevelopment.com/qjnt/ http://www.warriornotesgolbalprayer.com/qjnt/ http://www.frotaconceitos.com/qjnt/ http://www.gailrichardson.com/qjnt/ http://www.startrekepisode.com/qjnt/ http://www.graniteinaminute.com/qjnt/	4.4	M	27	ZeroCERT

45705	2021-04-28 09:57	vbc.exe cd4a716b2886b9d6609b4e00c97964f0 VirusTotal Malware PDB unpack itself Windows RCE DNS crashed					4.4	M	48	ZeroCERT