Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
49816	2020-12-17 09:01	Lab15-03-pr.exe cf30e80afa4570f94a066d0264c5a3da VirusTotal Malware malicious URLs sandbox evasion WriteConsoleW crashed	2 Keyword trend analysis	2			3.4	M	45	ZeroCERT

49817	2020-12-17 08:59	Lab16-01.exe 7faafc7e4a5c736ebfee6abbbc812d80 VirusTotal Malware Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows					4.6	M	40	ZeroCERT

49818	2020-12-16 18:23	Lab15-03.exe bfadb08f07304b6b293707e4f9c9f1a9 VirusTotal Malware Malicious Traffic buffers extracted malicious URLs sandbox evasion WriteConsoleW Tofsee Windows DNS crashed	6 Keyword trend analysis Info http://redirector.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe http://www.practicalmalwareanalysis.com/tt.html http://r7---sn-3u-bh2lz.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe?cms_redirect=yes&mh=Sd&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lz&ms=nvh&mt=1608110186&mv=m&mvi=7&pl=18&shardbypass=yes https://update.googleapis.com/service/update2 https://practicalmalwareanalysis.com/tt.html https://update.googleapis.com/service/update2?cup2key=10:177881428&cup2hreq=016457274a4079e7110e64f6d35cb10690bff0ad17ff457e6357bf2cfadfac2e	4	4		5.8	M	45	ZeroCERT

49819	2020-12-16 18:22	I2WExplorer.exe af710d76a71abcd42c396ffc0e12cda2 VirusTotal Malware PDB suspicious privilege Check memory Checks debugger unpack itself					2.4	M	36	ZeroCERT

49820	2020-12-16 18:16	https://zoomba619.blogspot.com... 56b8523d141dbaf1c146b923049c9cb5 Dridex VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	29 Keyword trend analysis Info https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png https://zoomba619.blogspot.com/favicon.ico https://www.google.com/css/maia.css https://fonts.googleapis.com/css?family=Open+Sans:300 https://www.google-analytics.com/analytics.js https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff https://www.blogger.com/img/share_buttons_20_3.png https://www.blogger.com/dyn-css/authorization.css?targetBlogID=2525772521150521786&zx=d19d8632-1056-4b48-b43e-bad47871dfbb https://www.blogger.com/static/v1/v-css/281434096-static_pages.css https://www.blogger.com/static/v1/widgets/3416767676-css_bundle_v2.css https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://zoomba619.blogspot.com/p/c3.html%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://zoomba619.blogspot.com/p/c3.html%26bpli%3D1&passive=true&go=true https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff https://zoomba619.blogspot.com/p/c3.html https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png https://www.blogger.com/static/v1/jsbin/376796862-ieretrofit.js https://www.gstatic.com/og/_/js/k=og.qtm.en_US.QgY6lxWvAPk.O/rt=j/m=q_d,qawd,qmd,qsd,qmutsd,qapid/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtb,qhtt/d=1/ed=1/rs=AA2YrTvod91nzEJFOvvfJUrn6_vLwwY0bw https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg https://fonts.googleapis.com/css?lang=ko&family=Product+Sans\|Roboto:400,700 https://www.blogger.com/img/blogger-logotype-color-black-1x.png https://www.blogger.com/static/v1/widgets/2195516358-widgets.js https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js https://www.gstatic.com/og/_/ss/k=og.qtm.y0v8--8W2Xg.L.I9.O/m=qawd,qmd/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtb,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTtSLvQ9QxDR2uHIB3mSbhYF7uJInw https://resources.blogblog.com/img/icon18_edit_allbkg.gif https://ssl.gstatic.com/gb/images/p1_799229b0.png https://resources.blogblog.com/img/icon18_wrench_allbkg.png https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.GhYSaDTWhs4.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_CcmyUNBPTBtz4hsH0C6OHKqodVQ/cb=gapi.loaded_0 https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fzoomba619.blogspot.com%2Fp%2Fc3.html&bpli=1 https://www.blogger.com/blogin.g?blogspotURL=https://zoomba619.blogspot.com/p/c3.html	21 Info zoomba619.blogspot.com(172.217.161.33) - mailcious resources.blogblog.com(172.217.26.41) www.google.com(216.58.220.132) www.gstatic.com(172.217.26.35) ssl.gstatic.com(172.217.25.195) accounts.google.com(172.217.175.77) www.google-analytics.com(216.58.197.142) apis.google.com(216.58.197.206) fonts.gstatic.com(172.217.161.67) fonts.googleapis.com(172.217.25.74) www.blogger.com(172.217.26.41) 216.58.199.4 - suspicious 216.58.199.10 172.217.26.141 172.217.163.238 216.58.199.105 172.217.174.201 172.217.161.129 142.250.199.67 172.217.31.238 - suspicious 172.217.161.131	3		5.0			guest

49821	2020-12-16 18:16	henryx.scr d4f8d10203aece68bcd02d1f0fb27def Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger					13.4	M	22	ZeroCERT

49822	2020-12-16 16:46	endyx.scr 6835b462ca256cacbda46400eb1bb7e0 Browser Info Stealer Malware download FTP Client Info Stealer Azorult VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder malicious URLs sandbox evasion anti-virtualization installed browsers check Ransomware Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	2	3		16.4	M	23	ZeroCERT

49823	2020-12-16 16:46	david.exe 384a7bebd1c1bae53b14e1f02e10fa94 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger					11.4	M		ZeroCERT

49824	2020-12-16 16:35	damianox.scr b41a91991dcb97e8e7d43c368cc58c57 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser Email ComputerName DNS Cryptographic key Software crashed					11.6	M	22	ZeroCERT

49825	2020-12-16 16:34	CKC.exe 7379d1bbf5b0a85cade31143413cf9e6 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs IP Check Windows ComputerName Cryptographic key crashed	1 Keyword trend analysis	2	1		9.4	M	15	ZeroCERT

49826	2020-12-16 16:27	CKC.exe 7379d1bbf5b0a85cade31143413cf9e6 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs IP Check Windows ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	2	1		10.0	M	15	ZeroCERT

49827	2020-12-16 16:27	csrs.exe 3a94c5b0350d50bf1485156e75a82ded VirusTotal Malware Buffer PE Check memory buffers extracted Creates executable files unpack itself AppData folder malicious URLs					5.2	M	47	ZeroCERT

49828	2020-12-16 16:23	chidu.exe 994caae4cc6731bdb8447a8b13314f68 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger					13.8	M	40	ZeroCERT

49829	2020-12-16 16:23	5555555555.jpg.exe 613062734b9244597bee0607b8432e9f					1.0			ZeroCERT

49830	2020-12-16 16:18	1312.gif.3.exe b2a9a4e1656bdb5749de4f228dc9f307 VirusTotal Malware DNS					2.4	M	41	ZeroCERT