Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
48961	2021-02-06 09:48	723728IMG_06052.pdf.exe 745961d7f1fa9e0aa290734386cb3701 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs VMware IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	3 Keyword trend analysis	7	4		17.2	M	41	ZeroCERT

48962	2021-02-06 09:45	0502.gif.exe 900024080a53ea49f9f7cc6ef6a07d35 VirusTotal Malware					0.8	M	24	ZeroCERT

48963	2021-02-05 16:25	416212.jpg.exe c060ac2f2bd19dc69047ff5ee59e26ab					0.2			ZeroCERT

48964	2021-02-05 16:24	416212_2.jpg.exe c060ac2f2bd19dc69047ff5ee59e26ab					0.2			ZeroCERT

48965	2021-02-05 16:24	416212.jpg.exe c060ac2f2bd19dc69047ff5ee59e26ab					0.2			ZeroCERT

48966	2021-02-05 16:21	CompensationClaim-693156957-02... ff400ee36939874c5276ed1f45a9d9ef VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows utilities suspicious process sandbox evasion WriteConsoleW Windows ComputerName		10 Info bestivf.org(192.185.16.81) - malware loonytoys.com.ar(138.36.237.100) - malware www.balkanstar.com(213.222.37.34) - malware omnicomm.es(149.5.209.93) - malware gpccc.org(192.254.233.217) - malware 213.222.37.34 - malware 138.36.237.100 - malware 149.5.209.93 - malware 192.254.233.217 - malware 192.185.16.81 - malware	3		10.0	M	12	ZeroCERT

48967	2021-02-05 16:15	cred.dll 6582e6aa3d7e01ff5e2f481ee2e054fe FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Malicious Traffic Check memory Checks debugger unpack itself Email DNS Software	1 Keyword trend analysis	1			6.0	M	32	ZeroCERT

48968	2021-02-05 16:09	winlog6.exe 6b0c5e3a2bbb09961f5a85dcd1633129 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		12.4	M	17	ZeroCERT

48969	2021-02-05 16:00	winlog5.exe 57e47d9cc7e182ce53425dcf9f1c9dcc Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.6	M	14	ZeroCERT

48970	2021-02-05 16:00	winlog4.exe a4f8d3f0b19d856de27e5d7cbb0f88be Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware MachineGuid Malicious Traffic Check memory Creates executable files unpack itself AppData folder malicious URLs sandbox evasion installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	4		9.2	M	50	ZeroCERT

48971	2021-02-05 15:55	winlog2.exe 2a936923728f5fd2ec1b5f939de46120 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities AppData folder malicious URLs Windows DNS	4 Keyword trend analysis Info http://www.goldcrownusa.com/oean/?XPJPe42X=pUmEbu3IKOUGFvtrCIZjRWk6436aDPw+KW4dbjKSuorCDyyleci3FvmZCsvIM8MXNt2ja29m&EBZ=ZTFtdrihOFcT9 http://www.goldcrownusa.com/oean/ http://www.dailyxe.online/oean/?XPJPe42X=trxqf63QiRAOPTEgREOz9HmxielufoAcOjZkGPSPCrptGu31/LHI21c1IG1NZs2vRRa4kyQi&EBZ=ZTFtdrihOFcT9 http://www.dailyxe.online/oean/	9 Info www.whitehatiq.com(74.208.236.196) - mailcious www.dailyxe.online(172.67.169.183) www.goldcrownusa.com(182.50.132.242) www.freshmarketfood.com(154.216.110.171) - mailcious www.fuyigranuletion.com() 74.208.236.196 - mailcious 104.21.39.63 182.50.132.242 - mailcious 154.216.110.171 - mailcious			12.0	M	43	ZeroCERT

48972	2021-02-05 15:54	winlog3.exe 509bf8a3232810d4d16e9b5fdd68e05c VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself AppData folder malicious URLs sandbox evasion	3 Keyword trend analysis Info http://www.externalboard.com/aky/?9rz8F4dH=kIGiJmNRWTfH9Gx6F/Kd+nRJBhN+z1MQ2CVxDNmwZRBVSLGwVeMbQhpvGFXUSfhQF+QLYYXK&t8bL=Bdg8Qhi8e83 http://www.bazarsurtidorico.com/aky/?9rz8F4dH=mGydh0cglsz7mG41Yqsb5NuiTFQT3ml/KDoBUKHKSrBmGHw8txZC2ZZZstne0AEnrVDkTunz&t8bL=Bdg8Qhi8e83 http://www.louisbmartinez100th.com/aky/?9rz8F4dH=Xdfa45Y3kxD49xcIJ/ryTe1bA70q77Ad/xwR/hBmlvipsdqw7FJxvpVc+U9ZYpEe7QeDLxdT&t8bL=Bdg8Qhi8e83	8			6.4	M	20	ZeroCERT

48973	2021-02-05 15:48	winlog.exe 7cb46f0e5fcd0ec84487f094af9e2036 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities AppData folder malicious URLs Windows DNS	1 Keyword trend analysis	3			11.2	M	26	ZeroCERT

48974	2021-02-05 15:47	veHKklzK74heP6u.exe 11350fa4a6c8b5dccd88e3c94c930ea9 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key crashed					11.6	M	19	ZeroCERT

48975	2021-02-05 15:38	vbc3.exe d931e8e3243b8a32c2b4b141231cdb02 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	2	4		13.0	M	20	ZeroCERT