Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
46291	2020-09-29 15:57	4M8IjEFuRZSF7G.exe 1ad2abba8638baaf09dfd552e78fec6d VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs Windows Advertising ComputerName DNS Cryptographic key	1 Keyword trend analysis	1			5.6		10	admin

46292	2020-09-29 14:23	견적서_L-Ar_191014-pdf.exe 49cdf06ad4023203ebcf2a279f078aae VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key					6.8		31	admin

46293	2020-09-29 13:40	견적서_L-Ar_191014-pdf.exe 49cdf06ad4023203ebcf2a279f078aae VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key					6.8		31	admin

46294	2020-09-29 13:25	견적서_L-Ar_191014-pdf.exe 49cdf06ad4023203ebcf2a279f078aae VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key					6.8		31	admin

46295	2020-09-29 13:23	견적서_L-Ar_191014-pdf.exe 49cdf06ad4023203ebcf2a279f078aae VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key					6.8		31	admin

46296	2020-09-29 11:21	zxcv.EXE 92821d6dd83105f5f2d08c43f28fa309 Browser Info Stealer Emotet Malware download FTP Client Info Stealer Vidar Azorult VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Collect installed applications powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization VM Disk Size Check human activity check installed browsers check Tofsee Ransomware Interception Zeus OskiStealer Stealer Windows Browser Email ComputerName DNS Cryptographic key Software crashed Downloader	24 Keyword trend analysis Info http://ferreira.ac.ug/index.php http://nadia.ac.ug/ http://nadia.ac.ug/freebl3.dll http://cnmotoparts.online/gate/libs.zip http://cnmotoparts.online/gate/libs.zip http://nadia.ac.ug/mozglue.dll http://nadia.ac.ug/msvcp140.dll http://cnmotoparts.online/gate/libs.zip http://nadia.ac.ug/nss3.dll http://ferreira.ac.ug/ac.exe http://ferreiranadii.ac.ug/ds1.exe http://ferreira.ac.ug/rc.exe http://ferreira.ac.ug/ds1.exe http://cnmotoparts.online/gate/libs.zip http://ferreiranadii.ac.ug/ac.exe http://ferreiranadii.ac.ug/rc.exe http://ferreira.ac.ug/index.php http://nadia.ac.ug/sqlite3.dll http://cnmotoparts.online/file_handler4/file.php?hash=6cdfdf419af0bd0a62dd40155eca58436ab12ba0&js=6695ee24e4a8273aee2ea33a2bde08662448549b&callback=http://cnmotoparts.online/gate http://ferreira.ac.ug/ds2.exe http://nadia.ac.ug/vcruntime140.dll http://cnmotoparts.online/gate/sqlite3.dll http://nadia.ac.ug/softokn3.dll http://nadia.ac.ug/main.php http://cnmotoparts.online/gate/log.php http://ferreiranadii.ac.ug/ds2.exe http://cnmotoparts.online/gate/libs.zip https://telete.in/brikitiki https://cdn.discordapp.com/attachments/752128569169281083/760175342396112916/Acdk123	6	10 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE AZORult v3.3 Server Response M2 ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Generic - POST To .php w/Extended ASCII Characters (Likely Zeus Derivative) ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2 ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET CURRENT_EVENTS Likely Evil EXE download from MSXMLHTTP non-exe extension M2		28.6	M	26	admin

46297	2020-09-29 10:39	견적서_L-Ar_191014-pdf.exe 49cdf06ad4023203ebcf2a279f078aae Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed					13.6		31	admin

46298	2020-09-29 10:38	Tax Challan.exe f66f4ff235e4119b8231ae6bd22a7aac VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS keylogger		1			12.6		50	guest

46299	2020-09-29 10:35	pIJpOlcz.exe fa62345d40283d2935893a10f9456497 VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key	1 Keyword trend analysis	1			6.0		15	guest

46300	2020-09-29 10:34	raw.exe 2d46889b6d794ac1fcf58bf340c4666a VirusTotal Malware Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs WriteConsoleW Tofsee ComputerName DNS	1 Keyword trend analysis	1	1		4.6		29	guest

46301	2020-09-29 10:32	Rep_2020_09_29.doc ed6428b8d3e8082dbd602561ad399213 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS	2 Keyword trend analysis	2	4		5.2		20	guest

46302	2020-09-29 10:28	moon.exe 89cafef93dbf558c2894364ba4ead754 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Ransomware Windows Tor ComputerName crashed					11.4		44	guest

46303	2020-09-29 10:23	견적서_L-Ar_191014-pdf.exe 49cdf06ad4023203ebcf2a279f078aae VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key					6.8		31	admin

46304	2020-09-29 10:18	fr.exe cbb05276c2da12af44039e256c755219 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName Software crashed					7.4	M	49	guest

46305	2020-09-29 10:18	whe.exe 5c66720dc80a18f0fc5b525d48efd118 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName Software crashed					7.4	M	49	guest