Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
45691	2020-11-03 16:24	test_zip_doc.eml 01f1f0ec6e5dc25b2c1e8215d75f51d9 Email Client Info Stealer Checks debugger unpack itself malicious URLs Ransomware Email		3			2.6			admin

45692	2020-11-03 16:17	test_zip_doc.eml 01f1f0ec6e5dc25b2c1e8215d75f51d9 Email Client Info Stealer Checks debugger unpack itself malicious URLs Ransomware Email					2.6			admin

45693	2020-11-03 16:15	test_zip_doc.eml 01f1f0ec6e5dc25b2c1e8215d75f51d9 Email Client Info Stealer Checks debugger unpack itself malicious URLs Ransomware Email		3			2.6			admin

45694	2020-11-03 16:05	test_zip_doc.eml 01f1f0ec6e5dc25b2c1e8215d75f51d9 Email Client Info Stealer Checks debugger unpack itself malicious URLs Ransomware Email		4			2.6			admin

45695	2020-11-03 16:04	test_zip_doc.eml 01f1f0ec6e5dc25b2c1e8215d75f51d9								admin

45696	2020-11-03 15:59	test_zip_doc.eml 01f1f0ec6e5dc25b2c1e8215d75f51d9 Email Client Info Stealer Checks debugger unpack itself malicious URLs Ransomware Email		3			2.6			admin

45697	2020-11-03 15:47	test_zip_doc.eml 01f1f0ec6e5dc25b2c1e8215d75f51d9 Email Client Info Stealer Checks debugger unpack itself malicious URLs Ransomware Email					2.6			admin

45698	2020-11-03 14:50	test.eml 5c8e2fed189e7b7f7f1d9e756fd072f8 Email Client Info Stealer Checks debugger unpack itself malicious URLs Ransomware Email		3			2.6			admin

45699	2020-11-03 14:49	test.eml 5c8e2fed189e7b7f7f1d9e756fd072f8 Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself malicious URLs installed browsers check Browser Email ComputerName					3.8			admin

45700	2020-11-03 14:46	test.eml 5c8e2fed189e7b7f7f1d9e756fd072f8 Email Client Info Stealer Checks debugger unpack itself malicious URLs Ransomware Email					2.6			admin

45701	2020-11-03 14:39	vbc.exe 7a66c7a386932ce26f9e2a4975800d41 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Trojan DNS Software	1 Keyword trend analysis	2	10 Info ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		14.8	M	28	admin

45702	2020-11-03 14:37	test.eml 5c8e2fed189e7b7f7f1d9e756fd072f8 Email Client Info Stealer Checks debugger RWX flags setting unpack itself malicious URLs Ransomware Email DNS		4			4.6			admin

45703	2020-11-03 14:23	takercry.exe bdb4967fc8da80d11cc90285815b7546 VirusTotal Malware Check memory RWX flags setting unpack itself anti-virtualization					2.4	M	29	admin

45704	2020-11-03 13:56	test.eml 5c8e2fed189e7b7f7f1d9e756fd072f8 Email Client Info Stealer Checks debugger unpack itself malicious URLs Ransomware Email DNS	2 Keyword trend analysis	17 Info p5-ozk5sado3pbmu-btobzjf363c3ehek-891628-i2-v6exp3.v4.metric.gstatic.com(172.217.174.114) translate.googleapis.com(172.217.175.106) www.google.com(172.217.26.36) sb-ssl.google.com(172.217.161.78) p5-ozk5sado3pbmu-btobzjf363c3ehek-891628-s1-v6exp3-v4.metric.gstatic.com(172.217.25.99) sb-ssl.l.google.com(172.217.161.78) p5-ozk5sado3pbmu-btobzjf363c3ehek-891628-i1-v6exp3.ds.metric.gstatic.com(172.217.175.114) _googlecast._tcp.local() clientservices.googleapis.com(216.58.197.227) 175.208.134.150 216.58.221.228 - suspicious 172.217.161.146 172.217.25.3 172.217.26.142 216.58.220.210 172.217.24.78 172.217.161.131			3.6			admin

45705	2020-11-03 13:45	test.eml 5c8e2fed189e7b7f7f1d9e756fd072f8 Email Client Info Stealer Checks debugger unpack itself malicious URLs Ransomware Email DNS	1 Keyword trend analysis	14 Info translate.googleapis.com(172.217.175.106) www.google.com(172.217.26.36) p5-z7rtggxvgfm4u-innojjmgqysspheu-320178-i2.stbcast2-stb.metric.gstatic.com(216.239.32.62) p5-z7rtggxvgfm4u-innojjmgqysspheu-320178-i1.anycast-stb.metric.gstatic.com(216.239.32.65) _googlecast._tcp.local() p5-z7rtggxvgfm4u-innojjmgqysspheu-320178-s1-v6exp3-v4.metric.gstatic.com(216.58.220.99) clientservices.googleapis.com(172.217.174.99) 216.239.32.62 175.208.134.150 172.217.31.227 172.217.174.196 216.239.32.65 216.58.220.202 172.217.161.131	2		3.2			admin