Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
49291	2021-01-19 19:52	a.bat b069d57216e8231d7afba2cf8d6cffca VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS Cryptographic key					6.0		2	ZeroCERT

49292	2021-01-19 19:51	xp.exe 9d90a61620ab938eff9b8cf385330d18 VirusTotal Malware AutoRuns Check memory Windows DNS		1			3.2	M	51	ZeroCERT

49293	2021-01-19 19:42	winlog2.exe d4982ab3c53ad21f2b1b96f7ae8042d4 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs DNS	2 Keyword trend analysis	6			10.0	M	20	ZeroCERT

49294	2021-01-19 19:42	winlog3.exe 04d511a27304f93e708f91308d483358 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs	2 Keyword trend analysis	4			8.2	M	19	ZeroCERT

49295	2021-01-19 18:04	win32.exe 1c68b56f273eab047eccce3cbad492a5 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs	16 Keyword trend analysis Info http://www.yamadaya-online.com/incn/?XrFPa4XH=tPtCc93X/sb9UbP+l4A76+cJlJHtHytkDIrsxQJaEiDHZvaIL76kC0R23INoY77N5mLjMrBy&Ezut_N=3fX0 http://www.roofers-anaheim.com/incn/ http://www.eot0luh5ia.men/incn/ http://www.beyond-bit.com/incn/ http://www.beyond-bit.com/incn/?XrFPa4XH=YrtWNBgmb2ekH5/VSSeCtKksfbKwFZQCaaVwoI4/63osree27xmVnVuRuJBQ3d45WgaAp3o7&Ezut_N=3fX0 http://www.thesalesforceradi.computer/incn/ http://www.eot0luh5ia.men/incn/?XrFPa4XH=m4ouVyUl+s1c6t7cszZ4V57VzBx9sXZE6H4CZFy3XB5LKVwpZiMCZcEYOl8HQzHkmwC71lWh&Ezut_N=3fX0 http://www.thetealworld.com/incn/?XrFPa4XH=dwvtlaotYkEyrLXKKUNICGoHUTiqAIVqRPA9lUT4Pm7DxJ7jY96duxNsxexTTlPBKInL+yPH&Ezut_N=3fX0 http://www.intelligentsystemsus.com/incn/ http://www.yamadaya-online.com/incn/ http://www.thesalesforceradi.computer/incn/?XrFPa4XH=g8zBe+Wa8Qd2A7rK8cCUF2Brh4XZZOnsa4HOniGhpjs2/eT6ajFnfTKGxgb7F533HNhicgtO&Ezut_N=3fX0 http://www.c2ornot.com/incn/?XrFPa4XH=NJdx5BFH2ciFg3yxHRPJJJPEQqcuzsVvmh3UEKgvJGOG0O5tJ9LkJEChKyJimPBpe4iUY/xD&Ezut_N=3fX0 http://www.thetealworld.com/incn/ http://www.c2ornot.com/incn/ http://www.intelligentsystemsus.com/incn/?XrFPa4XH=ktJfcA9BiEpmnMDigbLVmOfBkEQJoyy1/Xj7PlRrl/Pge5lD6F8CuIkUSNL0wu0J8v1gJUXD&Ezut_N=3fX0 http://www.roofers-anaheim.com/incn/?XrFPa4XH=Qbt4NfiTyPusL7LT90toHONuWmgRFYghRGt6Z/DxFkzDdX55oqsfrtFqD/aXkhe974+tUcDj&Ezut_N=3fX0	18 Info www.yamadaya-online.com(23.227.38.74) www.roofers-anaheim.com(50.62.160.230) www.c2ornot.com(156.252.101.208) www.pjy589.com(194.113.169.32) www.thetealworld.com(198.49.23.144) www.thesalesforceradi.computer(198.54.117.215) www.intelligentsystemsus.com(74.208.236.121) www.eot0luh5ia.men(104.21.47.209) www.beyond-bit.com(34.102.136.180) 50.62.160.230 198.54.117.212 - mailcious 156.252.101.208 194.113.169.32 198.49.23.145 - mailcious 34.102.136.180 - mailcious 104.21.47.209 74.208.236.121 - mailcious 23.227.38.74 - mailcious			9.8	M	25	ZeroCERT

49296	2021-01-19 18:03	winlog.exe b66575e9b08b09e31b3bc4089965474b Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Check memory unpack itself suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software		1			9.6	M	49	ZeroCERT

49297	2021-01-19 17:58	svchost.exe 3096a3c81ff6c435ded33765f5f10be1 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself suspicious process malicious URLs Windows ComputerName DNS Cryptographic key					8.4	M	14	ZeroCERT

49298	2021-01-19 17:57	vbc.exe c6091ddf2745b7edcfa535d727ea7b7a Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted ICMP traffic unpack itself malicious URLs installed browsers check Browser Email ComputerName Software		1			12.6	M	36	ZeroCERT

49299	2021-01-19 17:33	s.exe dbf1dde293475eccf03f89c27399e631 VirusTotal Malware AutoRuns Check memory buffers extracted Creates executable files ICMP traffic unpack itself Windows utilities suspicious process AppData folder malicious URLs sandbox evasion Tofsee Windows Gmail Advertising Google ComputerName RCE DNS DDNS crashed keylogger Downloader	14 Keyword trend analysis Info http://e87ue2.vaiwan.com/e/9085/esp.zip http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 http://xred.site50.net/syn/Synaptics.rar http://213.176.40.125:94/xp.exe https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download https://doc-00-3s-docs.googleusercontent.com/docs/securesc/6io358jaeodvuoa3bvgr9ro840kjc5b9/3vam5ftlr2lto2nrrav74oc025cptvh3/1611044925000/12988806548615432052/12709860803453301647Z/0BxsMXGfPIZfSTmlVYkxhSDg5TzQ?e=download https://www.000webhost.com/migrate?static=true https://s1-i47p.5588888.xyz/e/9085/esp.zip https://docs.google.com/nonceSigner?nonce=la098gnd5s1mu&continue=https://doc-00-3s-docs.googleusercontent.com/docs/securesc/6io358jaeodvuoa3bvgr9ro840kjc5b9/3vam5ftlr2lto2nrrav74oc025cptvh3/1611044925000/12988806548615432052/12709860803453301647Z/0BxsMXGfPIZfSTmlVYkxhSDg5TzQ?e%3Ddownload&hash=47ndji8u26porgjkv55a8lh0r6sks8ol https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download https://www.dropbox.com/s/dl/zhp1b06imehwylq/Synaptics.rar https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1 https://doc-00-3s-docs.googleusercontent.com/docs/securesc/6io358jaeodvuoa3bvgr9ro840kjc5b9/3vam5ftlr2lto2nrrav74oc025cptvh3/1611044925000/12988806548615432052/12709860803453301647Z/0BxsMXGfPIZfSTmlVYkxhSDg5TzQ?e=download&nonce=la098gnd5s1mu&user=12709860803453301647Z&hash=d8ic5re6m2v4igbusnkpb0pie42duqri https://doc-08-3s-docs.googleusercontent.com/docs/securesc/6io358jaeodvuoa3bvgr9ro840kjc5b9/4e745kpj1bo71vv0ioak2rt56ojmbjnb/1611045000000/12988806548615432052/12709860803453301647Z/0BxsMXGfPIZfSVlVsOGlEVGxuZVk?e=download	24 Info e87ue2.vaiwan.com(114.55.250.207) www.000webhost.com(104.18.107.8) doc-00-3s-docs.googleusercontent.com(172.217.175.33) - mailcious freedns.afraid.org(69.42.215.252) docs.google.com(172.217.26.14) - mailcious xred.site50.net(153.92.0.100) doc-08-3s-docs.googleusercontent.com(172.217.175.33) - malware www.dropbox.com(162.125.80.18) - mailcious smtp.gmail.com(108.177.97.108) s1-i47p.5588888.xyz(159.138.27.248) xred.mooo.com() 162.125.80.18 - mailcious 114.55.250.207 159.138.27.248 104.18.108.8 216.58.221.225 - malware 140.82.59.108 153.92.0.100 - mailcious 50.23.197.95 64.233.189.109 213.176.40.125 142.250.199.65 212.95.148.53 - malware 172.217.24.206 - mailcious	8 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO DYNAMIC_DNS Query to Abused Domain *.mooo.com ET POLICY Dropbox.com Offsite File Backup in Use ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET HUNTING Suspicious User-Agent Containing .exe ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		16.6	M	53	ZeroCERT

49300	2021-01-19 11:32	regasm2.exe 7741e4266e8d98231cb6b0b89b1f4e9a Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		14.0	M	15	ZeroCERT

49301	2021-01-19 11:31	regasm.exe 786180a5141bf4ea48e26910d2bf9061 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs					5.8	M	23	ZeroCERT

49302	2021-01-19 11:28	KUT.exe 40c5609d0196211eae06a33b3bae5ec8 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious process malicious URLs WriteConsoleW Windows Cryptographic key keylogger		2			15.0	M	43	ZeroCERT

49303	2021-01-19 11:28	IMG_26017.pdf.exe 3638367090aa7b5f444c76c0d1af9582 Browser Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs VMware IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS crashed	2 Keyword trend analysis	4	4		16.2	M	27	ZeroCERT

49304	2021-01-19 11:17	IMG_6007.pdf.exe 27970a1a59a9e4f39aed843e55e31ae0 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs VMware IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	4	4		16.0	M	14	ZeroCERT

49305	2021-01-19 11:11	win32.exe 1c68b56f273eab047eccce3cbad492a5 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs	14 Keyword trend analysis Info http://www.findthatsmartphone.com/incn/ http://www.buythinsecret.com/incn/?p0D=TJfvpzXLRscs0171CsTGivtbaFX6GTyf1uhBfm5vWCJ41UqseTeeUjrgqtEi5S71fygcpeaX&pPX=EFNT_PMpVX6TR http://www.topangacanyonvintage.com/incn/ http://www.findthatsmartphone.com/incn/?p0D=/AA5bjKN/dLP3hH5Cdt7lqNbxAyyPpv3elN1Q2qa85uzrIc+2XlJsUoLO6NUv42Ewe3fxcwM&pPX=EFNT_PMpVX6TR http://www.potlucks.net/incn/?p0D=kvp3z8ICHI0gDG3xRpikO+jkoKZQ/joOhV8XML97Ma2Qs/8Rc4gDhwAkp3jsPqn4daYIYXzw&pPX=EFNT_PMpVX6TR http://www.buythinsecret.com/incn/ http://www.xn--lmsealamientos-tnb.com/incn/?p0D=wf+rV5DMFrR2oNkq9XLDiATljpns8YCBV8i53FQryTSwEb4CXYsviS7lmZ8tREV0ljzk8Ign&pPX=EFNT_PMpVX6TR http://www.xn--lmsealamientos-tnb.com/incn/ http://www.electrofranco.com/incn/ http://www.electrofranco.com/incn/?p0D=OguEZ0elFE29yCQeojz2YXgjXZ9DlqPHU7PP8c3dlPU4hQp//72S8qePjb7l3onc4EXQ/i9e&pPX=EFNT_PMpVX6TR http://www.twelvesband.com/incn/ http://www.potlucks.net/incn/ http://www.twelvesband.com/incn/?p0D=vk2f7hDZVKYHABL6QRo836rY1P3xgSe9UrmVQB+CgkwhpOrPgyRvldZb0oindajpdlcngnf+&pPX=EFNT_PMpVX6TR http://www.topangacanyonvintage.com/incn/?p0D=p+Pw0s23kSa7Q3oPL56ORcNuF522C0ouL7nbgsepRMDvVfX9BsZtW1va2z40nZdcut9DlDwr&pPX=EFNT_PMpVX6TR	17 Info www.sk375.com() www.buythinsecret.com(204.11.56.48) www.findthatsmartphone.com(34.102.136.180) www.milano1980.com(81.169.145.68) www.electrofranco.com(94.23.113.102) www.xn--lmsealamientos-tnb.com(184.168.131.241) www.topangacanyonvintage.com(182.50.132.242) www.potlucks.net(91.195.241.137) www.twelvesband.com(168.206.177.183) 168.206.177.183 94.23.113.102 81.169.145.68 - mailcious 184.168.131.241 - mailcious 91.195.241.137 34.102.136.180 - mailcious 182.50.132.242 - mailcious 204.11.56.48 - phishing	1		9.8	M	25	ZeroCERT