Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
49126	2021-02-01 11:28	cpu64.exe a431c41c39712dfbc0c8a50fe6abc95f unpack itself malicious URLs DNS					2.6			ZeroCERT

49127	2021-02-01 11:28	wifi.exe 022abc021cc91efe3e1bc65b158654e4 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName					10.4	M	52	ZeroCERT

49128	2021-02-01 11:17	svch.exe d7c6ddd2feb3c305103f5c3cbb81ba01 VirusTotal Malware suspicious privilege Malicious Traffic unpack itself	7 Keyword trend analysis Info http://www.cbrealvitalize.com/bw82/ - rule_id: 171 http://www.cbrealvitalize.com/bw82/?Lh38w=QMz1n+xx2KiD30AmT9IbdZVffunkwaB1v+iSpZgJgwTVZu6PNQxJOIJjV5QBJp9Es7YbcplQ&UR-X=D8Opc - rule_id: 171 http://www.housebulb.com/bw82/?Lh38w=mLdVvjD1AdGiZCaQi9zNl/jZmYLrRWlh7y0PmaE2JOXYml8BP0ZPnpOO6IWo6uQ+XsyL7mYN&UR-X=D8Opc http://www.rizrvd.com/bw82/?Lh38w=AJ+QNFfrOFbXfaBH3oQHABBFVni950JEMBOKAlzmtW9JOrHkbqbPArp20lyvTn0sGIZMgptI&UR-X=D8Opc - rule_id: 170 http://www.rizrvd.com/bw82/?Lh38w=AJ+QNFfrOFbXfaBH3oQHABBFVni950JEMBOKAlzmtW9JOrHkbqbPArp20lyvTn0sGIZMgptI&UR-X=D8Opc http://www.rizrvd.com/bw82/ - rule_id: 170 http://www.housebulb.com/bw82/	22 Info www.learnplaychess.com(103.250.186.248) - mailcious www.kolamart.com(34.102.136.180) - mailcious www.chrisbubser.digital() - mailcious www.magnabeautystyle.com(184.168.131.241) - mailcious www.h2oturkiye.com(94.73.146.42) - mailcious www.yjpps.com(0.0.0.0) www.cbrealvitalize.com(34.102.136.180) - mailcious www.rizrvd.com(34.102.136.180) - mailcious www.housebulb.com(173.234.15.207) www.semenboostplus.com() www.riggsfarmfenceservices.com() www.dameadamea.com() www.fcoins.club() www.pandabutik.com(78.142.208.189) - mailcious www.medkomp.online(81.200.118.106) - mailcious 94.73.146.42 - mailcious 184.168.131.241 - mailcious 173.234.15.207 34.102.136.180 - mailcious 78.142.208.189 - mailcious 81.200.118.106 - mailcious 103.250.186.248 - mailcious		4	4.0	M	56	guest

49129	2021-02-01 11:17	vbc.exe 6eac032479caee22d70c96d763cc5e10 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	1	6 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2		14.4	M	46	guest

49130	2021-02-01 11:11	SQLSerase.exe af9652990abce48e2e848e097c7ee4ab AutoRuns suspicious privilege Creates executable files unpack itself malicious URLs Windows DNS		2	1		4.6	M		guest

49131	2021-02-01 11:03	ReportServser.exe a2eea769cf4aa2d2f21b9b2292332a43 Buffer PE AutoRuns suspicious privilege Code Injection Check memory buffers extracted Creates executable files unpack itself Windows utilities AppData folder sandbox evasion WriteConsoleW Windows RCE DNS		2	1		10.8	M		guest

49132	2021-01-31 16:38	regasm.exe d7c6ddd2feb3c305103f5c3cbb81ba01 VirusTotal Malware suspicious privilege Malicious Traffic unpack itself	13 Keyword trend analysis Info http://www.rizrvd.com/bw82/ - rule_id: 170 http://www.ctfocbdwholesale.com/bw82/ http://www.thebabyfriendly.com/bw82/?9rn0nZSH=r3fdhBxd74oEgZicGttpxejAYTJXJLNaeaQcIVjlA69R3Zm0PRCvEsUIL1HUx1pPfbJ8Suyi&w2=jFQp3Rm0k http://www.rizrvd.com/bw82/?9rn0nZSH=AJ+QNFfrOFbXfaBH3oQHABBFVni950JEMBOKAlzmtW9JOrHkbqbPArp20lyvTn0sGIZMgptI&w2=jFQp3Rm0k - rule_id: 170 http://www.rizrvd.com/bw82/?9rn0nZSH=AJ+QNFfrOFbXfaBH3oQHABBFVni950JEMBOKAlzmtW9JOrHkbqbPArp20lyvTn0sGIZMgptI&w2=jFQp3Rm0k http://www.thedancehalo.com/bw82/?9rn0nZSH=TJmBUVi76XvdedvdT4XTiNg0xow+eIDVhd+PvrNB1pQf64xZGmJKzxet+DQnJGM605l+3b5o&w2=jFQp3Rm0k - rule_id: 174 http://www.thebabyfriendly.com/bw82/ http://www.ctfocbdwholesale.com/bw82/?9rn0nZSH=Rxta6xhvu0A+EUy44SYKtO8XUaMinJcredwrnbAyLO8KeYZYbVzWAt3TsErgmguQWvKNX28r&w2=jFQp3Rm0k http://www.thedancehalo.com/bw82/ - rule_id: 174 http://www.wellnesssensation.com/bw82/?9rn0nZSH=455EGVYNkgtY7DWQNruX/4AMFbR5eugGoF6uNR+Emdxr+jw+VvqHfprsjaey9bT2FO76WXiQ&w2=jFQp3Rm0k http://www.wellnesssensation.com/bw82/ http://www.gdsjgf.com/bw82/?9rn0nZSH=7KG5rMnLNS/F00cUwyvwq06b8xrmRTVdiDQe9ch18oMrwrVTJ7b27kzNH/2ON0tx/WWBZXRB&w2=jFQp3Rm0k - rule_id: 173 http://www.gdsjgf.com/bw82/ - rule_id: 173	23 Info www.gdsjgf.com(34.102.136.180) - mailcious www.kolamart.com(34.102.136.180) - mailcious www.thedancehalo.com(34.102.136.180) - mailcious www.medkomp.online(81.200.118.106) - mailcious www.rumblingrambles.com() - mailcious www.curateherstories.com(34.102.136.180) - mailcious www.rizrvd.com(34.102.136.180) - mailcious www.mybestaide.com(52.216.8.26) - mailcious www.gallerybrows.com(34.102.136.180) - mailcious www.wellnesssensation.com(52.128.23.153) www.thebabyfriendly.com(154.80.226.18) www.magnabeautystyle.com(184.168.131.241) - mailcious www.leadeligey.com(192.0.78.24) - mailcious www.ctfocbdwholesale.com(34.102.136.180) www.acdfr.com(199.34.228.73) - mailcious 52.128.23.153 199.34.228.73 - mailcious 52.216.95.162 184.168.131.241 - mailcious 34.102.136.180 - mailcious 81.200.118.106 - mailcious 154.80.226.18 192.0.78.25 - mailcious		6	4.0	M	56	guest

49133	2021-01-31 16:37	nvidia.exe a624a6472a4bb22c1e44526c804b5034 Check memory malicious URLs DNS					3.0			guest

49134	2021-01-31 16:33	newcontrol.jpg.exe 4b20a886d3d419d051ca73917c4136bd					0.4	M		guest

49135	2021-01-31 16:31	map.jar 7f2806f2d337879f4f7cf6e28cddd192 VirusTotal Malware Check memory heapspray unpack itself Java DNS					3.0	M	13	guest

49136	2021-01-31 16:30	mapdata.exe b57ce0d894eab00c88302eda3cc38d22 VirusTotal Malware Check memory Checks debugger unpack itself ComputerName					3.2	M	42	guest

49137	2021-01-31 13:54	kali.jpg.exe 81efb00f23b3842eaf30892002881d00 VirusTotal Malware suspicious privilege Malicious Traffic unpack itself DNS	4 Keyword trend analysis Info http://www.pero.financial/zuwc/?XVJPeDJ8=KSzAckj6vZRzbHSgvOuoQcFRCDGtGsaGXQ0rJ7ukk4z5XwJdgYKOrN38Us0xB4GT3N9YpGSa&EBZ=ZTItdVbp4tXxc http://www.tuoku8.site/zuwc/?XVJPeDJ8=cD2HLICwWD82TuTM7Y2bqNWV4EMYPvVGYnjgOjabJ2m8ZNOMmCD3BDcKqP3kBdPOk8QKALhW&EBZ=ZTItdVbp4tXxc http://www.thediscussionnetwork.com/zuwc/?XVJPeDJ8=4UiOAvAF1xuoFDuIZ2DKtSwkIUNYfOEhj2+1uyzg4GiaNgt8tr6SZ44N4eEVnUbCvsxCi7+Q&EBZ=ZTItdVbp4tXxc http://www.quickpaymentbank.com/zuwc/?XVJPeDJ8=ymPs2kS3sVaJY3gjejH+qC1Te4KqkK57wMIePSq8KVrJSRtX7MRVAmKhf3mAkTI3YaoAoaEX&EBZ=ZTItdVbp4tXxc	9			4.2	M	48	guest

49138	2021-01-31 13:54	KYC DOCS.exe 7c7fefeba48f240024a5392ca73a1c99 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key		4			10.0	M	41	guest

49139	2021-01-31 13:50	IMG_05299.pdf.exe 2f5f5167931bd03205678c1ab20cd636 VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces malicious URLs AntiVM_Disk VM Disk Size Check Tofsee Windows Cryptographic key	1 Keyword trend analysis	3	1		12.8	M	25	guest

49140	2021-01-31 13:49	gfers.exe 322ecf88ef73979abfdcea838ccdd94f VirusTotal Malware unpack itself DNS					3.0	M	43	guest