Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
48541	2020-07-17 14:22	http://jdtrusttrading.org/4656... 02bb1837b843f982b3a5c49aad515e10 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	2 Keyword trend analysis	2	2		16.2	M	33

48542	2020-07-17 14:22	vbc.exe 560888126b865a4bd341bb5c1fffbdc4 VirusTotal Malware suspicious privilege Code Injection buffers extracted unpack itself sandbox evasion crashed					6.4	M	40

48543	2020-07-17 14:21	http://39unitedfrkesokoriorimi... 560888126b865a4bd341bb5c1fffbdc4 VirusTotal Malware suspicious privilege Code Injection buffers extracted Creates executable files exploit crash unpack itself Windows utilities sandbox evasion Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	1	3		8.2	M

48544	2020-07-17 14:20	http://192.236.154.89/2.exe 838111ab2eddfdd565bf1bd43c7af7c3 Malware download VirusTotal Malware Code Injection Malicious Traffic Creates executable files exploit crash unpack itself Windows utilities AppData folder sandbox evasion Windows Exploit Trojan DNS crashed	1 Keyword trend analysis	1	4		7.0	M	43

48545	2020-07-17 12:35	winamp58_3660_beta_full_en-us.... 3017f921a6c42a267842cc8bae9384c1 Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk Firewall state off VM Disk Size Check installed browsers check Ransomware Interception Windows Browser ComputerName DNS	1 Keyword trend analysis	2	1		9.8

48546	2020-07-17 11:50	http://19workfineanotherrainbo... VirusTotal Malware Code Injection unpack itself Windows utilities malicious URLs Tofsee Windows DNS	1 Keyword trend analysis	1	2		3.8	M

48547	2020-07-17 11:44	http://111.90.148.23/100720.do... 7677a0501aa639d98781a5eb58a91324 VirusTotal Malware Code Injection Malicious Traffic unpack itself Windows utilities Tofsee Windows DNS	3 Keyword trend analysis Info http://111.90.148.23/100720.doc http://111.90.148.23/ http://111.90.148.23/ http://111.90.148.23/100720.doc http://111.90.148.23/ https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201	2	4		4.2	M	16

48548	2020-07-17 11:37	https://download.nullsoft.com/... 3017f921a6c42a267842cc8bae9384c1 VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Tofsee Windows Exploit DNS crashed	4 Keyword trend analysis Info http://cert.int-x3.letsencrypt.org/ https://download.nullsoft.com/winamp/client/winamp58_3660_beta_full_en-us.exe https://download.nullsoft.com/winamp/misc/winamp58_3660_beta_full_en-us.exe https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201	3	2		4.6

48549	2020-07-17 11:33	https://download.nullsoft.com/... 3017f921a6c42a267842cc8bae9384c1 VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder Tofsee Windows Exploit DNS crashed	4 Keyword trend analysis Info http://cert.int-x3.letsencrypt.org/ https://download.nullsoft.com/winamp/client/winamp58_3660_beta_full_en-us.exe https://download.nullsoft.com/winamp/misc/winamp58_3660_beta_full_en-us.exe https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201	3	2		4.6

48550	2020-07-17 11:24	http://certify.filejo.com/mmsv... 3244451cde59efe1cc5ba86245dddea4 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW installed browsers check Windows Exploit Browser ComputerName DNS crashed	2 Keyword trend analysis	4	3		13.0

48551	2020-07-17 10:54	https://download.nullsoft.com/... 3017f921a6c42a267842cc8bae9384c1 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted heapspray Creates shortcut Creates executable files ICMP traffic exploit crash unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk sandbox evasion Firewall state off VM Disk Size Check human activity check installed browsers check Tofsee Ransomware Interception Windows Exploit Browser ComputerName DNS crashed keylogger	8 Keyword trend analysis Info http://client.winamp.com/update?v=5.8&ID=485CF371832800439FE72BAD7E2C2E04&lang=en-US http://download.nullsoft.com/redist/dx/d3dx9_31_42_x86_embed.exe http://client.winamp.com/update?v=5.8&ID=485CF371832800439FE72BAD7E2C2E04&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml http://client.winamp.com/update/client_session.php?v=5.8&ID=485CF371832800439FE72BAD7E2C2E04&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US http://client.winamp.com/update/latest-version.php?v=5.8&ID=485CF371832800439FE72BAD7E2C2E04&lang=en-US https://download.nullsoft.com/winamp/client/winamp58_3660_beta_full_en-us.exe https://download.nullsoft.com/winamp/misc/winamp58_3660_beta_full_en-us.exe	4	3		15.0

48552	2020-07-17 10:44	https://download.nullsoft.com/... 3017f921a6c42a267842cc8bae9384c1 VirusTotal Malware Code Injection Check memory Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed	3 Keyword trend analysis	2	2		6.6

48553	2020-07-17 09:59	http://filehon.com/app/Filehon... b7ea646522c23ec09c73ad415107faa1 Dridex VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger WMI Creates executable files exploit crash unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Firewall state off installed browsers check Tofsee Windows Exploit Browser ComputerName DNS crashed	2 Keyword trend analysis	3	5		12.0

48554	2020-07-16 19:30	http://abass.ir/ugobuild/chuck... c469fab03c1ec27ab64b8b4fa35e3182 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory buffers extracted Creates executable files exploit crash unpack itself Windows utilities malicious URLs sandbox evasion installed browsers check Tofsee Windows Exploit Browser ComputerName DNS Software crashed	3 Keyword trend analysis Info http://abass.ir/ugobuild/chucksloki.exe http://195.69.140.147/.op/cr.php/GusoLuXSTqSR4 http://195.69.140.147/.op/cr.php/GusoLuXSTqSR4 https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201	3	11 Info ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		13.0	M	31

48555	2020-07-16 19:12	http://www.haeunkim.com/5626.e... f9329056c318c4b1be6931135dc76f9e Emotet Dridex VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security AppData folder malicious URLs Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed	9 Keyword trend analysis Info http://www.haeunkim.com/5626.exe http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml https://support.apple.com/ https://support.apple.com/etc/designs/support/publish/JS/pattern/head.js https://ldrmars.casa/ https://ldrmars.casa/background.png https://support.microsoft.com/ https://support.microsoft.com/socbundles/jsll https://australiansdefence.best/image/?id=017EE2D6508B61F01F0000000000FF40000006	9	14 Info ET POLICY PE EXE or DLL Windows file download HTTP ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		11.4