Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
46051	2020-10-20 09:56	BubbleBrowserMaintenance.exe e07e6c29f3df2ab9dc02e9bf41facfa0 VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Detects VirtualBox AppData folder malicious URLs IP Check human activity check Tofsee Windows	6 Keyword trend analysis Info http://thecryptocenter.xyz/BubbleBrowser.exe http://thecryptocenter.xyz/BubbleBrowser.exe http://ipinfo.io/country http://ipinfo.io/ip https://ipinfo.io/country https://ipqualityscore.com/api/json/ip/gp65l99h87k3l1g0owh8fr8v99dme/175.208.134.150 https://script.google.com/macros/s/AKfycbyeDUociDSMjODhy_ZapM5zzyoJ3zrch9n5IUJeKIM3UQOEtZs/exec?ip=175.208.134.150&loc=KR&app=BubbleBrowserMaintenance&payoutcents=0.40&ver=5.2	9	5 Info ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup ipinfo.io ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016		7.8	M	44	admin

46052	2020-10-20 09:53	cimiK6upP4rLGAcxRW.exe 24498213b77db10d0a960eb3e41f6593 VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key	1 Keyword trend analysis	2			6.4		12	admin

46053	2020-10-20 09:45	24042E.scr.exe 43a82e52d08111ebf4b2a1a7bc2a1266 VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check Remote Code Execution crashed	2 Keyword trend analysis	5			12.4		37	admin

46054	2020-10-20 09:41	24042E.scr.exe 43a82e52d08111ebf4b2a1a7bc2a1266 VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check Browser Remote Code Execution crashed		1			12.0		37	guest

46055	2020-10-20 09:38	cimiK6upP4rLGAcxRW.exe 24498213b77db10d0a960eb3e41f6593 VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key	1 Keyword trend analysis	1			5.6		12	guest

46056	2020-10-20 09:38	3415201.png.exe d9b41eaf18125c5cbec11f9c85bb1860 unpack itself malicious URLs WriteConsoleW ComputerName		1			1.8			admin

46057	2020-10-20 09:37	OrcusRAT.exe ec5949944c365fa50c40831db3f54aff VirusTotal Malware AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates executable files ICMP traffic unpack itself suspicious process AppData folder malicious URLs anti-virtualization human activity check Windows ComputerName DNS Cryptographic key crashed keylogger		2			12.6		48	guest

46058	2020-10-20 09:37	R_17104511.doc 257b978c9d35f68343844343a104be30 Vulnerability VirusTotal Malware unpack itself		1			2.6	M	27	guest

46059	2020-10-20 09:34	19.gif.exe ed5dd05ba0bd0a4df788f50535cdf9a6 unpack itself malicious URLs WriteConsoleW ComputerName		1			2.6			guest

46060	2020-10-20 09:34	3415201.png.exe 776fcd00ba7f22c656384a89537c492a unpack itself malicious URLs WriteConsoleW ComputerName		1			1.8			guest

46061	2020-10-20 09:23	3415201.png.exe d9b41eaf18125c5cbec11f9c85bb1860 unpack itself malicious URLs WriteConsoleW ComputerName		1			1.8			admin

46062	2020-10-20 08:23	http://websiteoptimizationcana... 6e6faa71eca93e02991376ab23606f69 Vulnerability MachineGuid Code Injection Check memory Checks debugger RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Windows Exploit DNS crashed	2 Keyword trend analysis	4			7.2	M		guest

46063	2020-10-20 08:01	https://raumfuerneues.eu/error... 5c6a8a35ba48ae1fa55d367d622aaa34 Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	4	3		4.6			guest

46064	2020-10-20 07:56	http://websiteoptimizationcana... 3892c8008b86ae8b40b7d62741278cba MachineGuid Code Injection Check memory Checks debugger exploit crash unpack itself Windows utilities malicious URLs Windows Exploit DNS crashed	2 Keyword trend analysis	4			6.2			guest

46065	2020-10-19 17:55	https://docsecure.top/xls/0099... fd26ed0c60e78722e574799704209d23 Vulnerability VirusTotal Malware MachineGuid Code Injection Checks debugger exploit crash unpack itself Windows utilities malicious URLs suspicious TLD Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	4	2		7.8	M		guest