Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
49966	2020-12-02 10:38	xpertorigin.exe 7fe00b8a8d95b0e3168a17834f4b355a Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs WriteConsoleW IP Check Tofsee Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed keylogger		6	1		16.2	M		ZeroCERT

49967	2020-12-02 10:37	winappruntime1.exe a1f8ce4fa5149e128a8edaa885b2c9bd Browser Info Stealer VirusTotal Malware Malicious Traffic Checks debugger unpack itself Checks Bios Detects VirtualBox Detects VMWare Check virtual network interfaces malicious URLs VMware anti-virtualization Tofsee Windows Browser ComputerName DNS crashed		3	1		10.8	M	28	ZeroCERT

49968	2020-12-02 10:23	web.exe bf613fe70f790d4b932601daa60a8797 VirusTotal Malware Buffer PE Check memory buffers extracted Creates executable files unpack itself AppData folder malicious URLs DNS					5.6	M	37	ZeroCERT

49969	2020-12-02 10:22	Vmvbtbdt2.exe 7203880efa4719257626e79f05b5c9e3 VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows		3			9.4	M	40	ZeroCERT

49970	2020-12-02 10:20	vbc.exe 4717a017f79ee99297bcd249b8a0b9f1 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Checks Bios Detects VirtualBox malicious URLs VMware anti-virtualization Windows ComputerName Software					8.2	M	47	ZeroCERT

49971	2020-12-02 10:20	Vmvbtbdt2.exe 7203880efa4719257626e79f05b5c9e3 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows DNS					9.2	M	40	ZeroCERT

49972	2020-12-02 10:16	Setup.exe 8eee25e77e3da8b32bd1577a7f8117c2 VirusTotal Malware suspicious privilege Checks debugger WMI unpack itself ComputerName crashed					4.0	M	52	ZeroCERT

49973	2020-12-02 10:16	-rtmd-aobhjl9zjaaaxdocaerffwam... e98484b682e94b45c30877ee9dd2164b VirusTotal Malware unpack itself malicious URLs					2.8	M	45	ZeroCERT

49974	2020-12-02 10:14	NAVALB.exe ad57b8025cdca551f45a0f9a59d1d48b Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed keylogger		4	1		11.8	M	48	ZeroCERT

49975	2020-12-02 10:13	-PLND-.exe e98484b682e94b45c30877ee9dd2164b VirusTotal Malware unpack itself malicious URLs DNS					3.4	M	45	ZeroCERT

49976	2020-12-02 09:04	http://canadiantourismroundtab... 107f4a58dc56c803088abb23d29b279c Dridex VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed		2	5		5.0	M	53	ZeroCERT

49977	2020-12-01 18:07	mrtye.exe efde3bc2f9662d8d9993fcfae911f243 Browser Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege MachineGuid Check memory buffers extracted WMI Creates executable files ICMP traffic unpack itself malicious URLs AntiVM_Disk VM Disk Size Check human activity check installed browsers check Windows Browser Email ComputerName RCE DNS DDNS crashed		4	2		12.2	M	57	ZeroCERT

49978	2020-12-01 14:07	MicrosoftStores.exe e4bec86181d4f9c07ded5fa2ef30b59c VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows Browser ComputerName DNS		1	5 Info ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile ET INFO Executable Download from dotted-quad Host ET INFO AutoIt User Agent Executable Request ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		13.4	M	45	ZeroCERT

49979	2020-12-01 14:02	mem.exe ffa010213169329c8df764ee0467ba6d VirusTotal Malware Buffer PE Check memory buffers extracted Creates executable files unpack itself AppData folder malicious URLs					4.8	M	20	ZeroCERT

49980	2020-12-01 13:56	jbrowserQ.exe e238e9ba96488420465f54b03439d59a VirusTotal Malware AutoRuns Code Injection Creates executable files unpack itself sandbox evasion Windows DNS crashed					8.0	M	54	ZeroCERT