Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
46906	2020-08-01 09:26	asdf.EXE 6ebc441b966301fb0df9e020409349b4 Browser Info Stealer Emotet FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization VM Disk Size Check human activity check installed browsers check Ransomware Interception Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed keylogger	25 Keyword trend analysis Info http://mantis.co.ug/ac.exe http://34.65.10.107/gate/sqlite3.dll http://michaeldiamantis.ug/index.php http://34.65.10.107/file_handler4/file.php?hash=aebca7faf3399522bae28c98901a84a5d645b45e&js=51f7deca348647d37da3ea17920a931d4b4f397a&callback=http://34.65.10.107/gate http://34.65.10.107/gate/libs.zip http://mantis.ug/main.php http://mantis.ug/msvcp140.dll http://34.65.10.107/gate/libs.zip http://michaeldiamantis.ug/ac.exe http://mantis.ug/nss3.dll http://mantis.ug/sqlite3.dll http://mantis.ug/ http://michaeldiamantis.ug/rc.exe http://34.65.10.107/gate/log.php http://34.65.10.107/gate/libs.zip http://mantis.ug/freebl3.dll http://michaeldiamantis.ug/index.php http://michaeldiamantis.ug/ds2.exe http://mantis.ug/vcruntime140.dll http://mantis.co.ug/rc.exe http://mantis.ug/mozglue.dll http://mantis.co.ug/ds1.exe http://34.65.10.107/gate/libs.zip http://mantis.ug/softokn3.dll http://mantis.co.ug/ds2.exe http://34.65.10.107/gate/libs.zip http://michaeldiamantis.ug/ds1.exe https://telete.in/jrikitiki https://drive.google.com/u/0/uc?id=1dE70rW5jDgDYU53gAevw1w94sRg8Vonn&export=download https://doc-04-3c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/0ui59o2rrr0abmvee2ec01cqmjcbjdmp/1596241200000/10624141338274607538/*/1dE70rW5jDgDYU53gAevw1w94sRg8Vonn?e=download	7			32.4	M	44

46907	2020-08-01 09:21	dZ.exe 79bb776ffd56712e981eeaa0224ac0f6 unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key	1 Keyword trend analysis	1			4.2	M

46908	2020-08-01 08:53	a77IOgQPqa.exe 68f5c88b79ffcf7baa3d78274d0d49df unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key	1 Keyword trend analysis	1			3.6

46909	2020-08-01 08:53	2i5s94855.exe ea3e257cf963759c2e7696515cc72e78 VirusTotal Malware Malicious Traffic unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName Remote Code Execution DNS Cryptographic key	1 Keyword trend analysis	2			7.0		11

46910	2020-08-01 08:44	64248813.doc 8a07f84450c39b2a25c346b8c15e047f Vulnerability VirusTotal Malware unpack itself					2.6		29

46911	2020-07-31 18:07	DOC99281270.exe 361528c897da241e893c868878a98dea VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs					7.4		17

46912	2020-07-31 17:28	.mongorc.js d41d8cd98f00b204e9800998ecf8427e malicious URLs					0.8

46913	2020-07-31 17:25	.ICEauthority 6b2b5093099a571f41b44ba1cc2beaa4 Email Client Info Stealer suspicious privilege Check memory Checks debugger Creates shortcut unpack itself malicious URLs AntiVM_Disk VM Disk Size Check human activity check installed browsers check Browser Email ComputerName DNS	2 Keyword trend analysis	2			5.8

46914	2020-07-31 17:23	.ICEauthority 6b2b5093099a571f41b44ba1cc2beaa4 Email Client Info Stealer suspicious privilege Check memory Checks debugger Creates shortcut unpack itself malicious URLs AntiVM_Disk VM Disk Size Check human activity check installed browsers check Browser Email ComputerName DNS	2 Keyword trend analysis	1			5.8

46915	2020-07-31 17:21	http://www.nalara1220.o-r.kr c032bb944d6fba21799bd5a4df5b6122 Code Injection Creates executable files unpack itself Windows utilities malicious URLs Windows DNS	6 Keyword trend analysis	2			3.6

46916	2020-07-31 17:18	http://www.nalara1220.o-r.kr c032bb944d6fba21799bd5a4df5b6122 Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Windows Exploit crashed	7 Keyword trend analysis Info http://www.nalara1220.o-r.kr/CSS/js/lightslider.js http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://www.nalara1220.o-r.kr/ http://www.nalara1220.o-r.kr/CSS/mainC.css http://www.nalara1220.o-r.kr/main.jsp http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://www.nalara1220.o-r.kr/CSS/css/lightslider.css	7			4.0

46917	2020-07-31 17:05	.wget-hsts b502618545ce9e7223b499c0c322bd95 Email Client Info Stealer suspicious privilege Check memory Checks debugger Creates shortcut unpack itself malicious URLs AntiVM_Disk VM Disk Size Check human activity check installed browsers check Browser Email ComputerName DNS	2 Keyword trend analysis	1			5.8

46918	2020-07-31 16:57	0001.jpg e921de1cce7dbb1252285e2b4f18f74a malicious URLs					0.8

46919	2020-07-31 16:53	0001.jpg e921de1cce7dbb1252285e2b4f18f74a malicious URLs					0.8

46920	2020-07-31 16:52	build-black-18dp.svg cbcc2c67b20a62d35280155863b60829 Browser Info Stealer MachineGuid Code Injection Checks debugger buffers extracted WMI unpack itself malicious URLs sandbox evasion installed browsers check Browser DNS		3			9.0