Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
50116	2020-11-23 10:11	Daemon.exe dd3de309df5791a357534b613270ca3a VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns Code Injection Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process malicious URLs sandbox evasion WriteConsoleW Windows Browser ComputerName DNS		1	5 Info ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile ET INFO Executable Download from dotted-quad Host ET INFO AutoIt User Agent Executable Request ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		11.8	M	40	ZeroCERT

50117	2020-11-23 10:10	333.vbs 98a361a32f05e5d35659b84c4a8a3d81 Malware download AsyncRAT Dridex NetWireRC TrickBot Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Kovter Windows ComputerName DNS Cryptographic key DDNS		4	3		16.0	M		ZeroCERT

50118	2020-11-22 15:46	winupdate64.log.exe d6c8dfb4e756dfca48068be9160da3ca AutoRuns suspicious privilege unpack itself malicious URLs Windows Advertising crashed					4.8			ZeroCERT

50119	2020-11-22 15:42	vHJ9aMdbRpFATd3.exe 526f579a895b5294709684a3f48a6704 VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS		1			13.4	M	38	ZeroCERT

50120	2020-11-22 15:42	Setup.exe 1d7b2ef640708b295388ad7f66efd41a					0.6			ZeroCERT

50121	2020-11-22 15:31	M0021.cab 4a6a30db71e78ff73d46d8d999f51098					0.4			ZeroCERT

50122	2020-11-22 15:03	vHJ9aMdbRpFATd3.exe 526f579a895b5294709684a3f48a6704 VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS		1			13.4	M	38	ZeroCERT

50123	2020-11-22 15:02	zxcv.EXE 82a0a0bd6084c5a28081310e75e7f608 VirusTotal Malware RWX flags setting unpack itself Windows DNS crashed					3.8	M	58	ZeroCERT

50124	2020-11-22 14:58	vHJ9aMdbRpFATd3.exe 526f579a895b5294709684a3f48a6704 VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS		1			13.4	M	38	ZeroCERT

50125	2020-11-22 14:58	vbc3.exe bf75ed61e1b1f7b310ec1d999077c4dd VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself malicious URLs	10 Keyword trend analysis Info http://www.qzrpxx.com/o56q/?AdpLIhj=P2eb/knzekVWtTLKqAP1FhOrr8Fv7hbpHOs/hGmiCsR6+dL7XpK3jSWWK4y62PvCwZCP1G7u&EZ442V=IdnTot2PhnQT http://www.kamisbet.com/o56q/?AdpLIhj=VKLKGhk3Pe2OjeCfLw6g1+470HcCMM4KU97S7s7eStMeb/8KEmVIsOCWQTjbYjSr+CVdjHnL&EZ442V=IdnTot2PhnQT http://www.natcandy.com/o56q/ http://www.natcandy.com/o56q/?AdpLIhj=txyYMtCLm6ubKNHi3qYYn+5SCVWoTymC4Fy9/8gvc5WTXTsch9hYV90QltEHWjVeSRlmmpSg&EZ442V=IdnTot2PhnQT http://www.qzrpxx.com/o56q/ http://www.teelinkz.com/o56q/?AdpLIhj=kNK7qyUppsx1QRLwDQjm/XfEOCgL/rCBvS1q+B2CMQED5QxzM1Z/xLEIYMidk8SKLw+i55Nq&EZ442V=IdnTot2PhnQT http://www.kamisbet.com/o56q/ http://www.620harbourdrive.com/o56q/ http://www.teelinkz.com/o56q/ http://www.620harbourdrive.com/o56q/?AdpLIhj=oBhdXTojpWNHoEp6WHKMn+PMMmogcfgwxJ2vT9od1Z59LPoNEbYBbxB/kh93ERTUpLr6YngX&EZ442V=IdnTot2PhnQT	12 Info www.sz360buy.com(160.122.148.234) www.teelinkz.com(34.102.136.180) www.620harbourdrive.com(184.168.131.241) www.natcandy.com(198.54.117.212) www.qzrpxx.com(47.91.170.148) www.kamisbet.com(104.31.91.19) 198.54.117.218 - suspicious 172.67.219.144 34.102.136.180 - suspicious 184.168.131.241 - suspicious 47.91.170.148 160.122.148.234			6.8	M	22	ZeroCERT

50126	2020-11-22 14:55	vbc2.exe 3d549885e44863c57f59eab47f2271cc VirusTotal Malware Code Injection buffers extracted unpack itself sandbox evasion DNS crashed					6.6	M	44	ZeroCERT

50127	2020-11-22 14:54	vbc.exe 0daef62b8a4b65f7ce2021e21941e32e Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed	2 Keyword trend analysis	4	1		12.4	M	49	ZeroCERT

50128	2020-11-22 14:52	vbc2.exe 3d549885e44863c57f59eab47f2271cc VirusTotal Malware Code Injection buffers extracted unpack itself sandbox evasion crashed					6.0	M	44	ZeroCERT

50129	2020-11-22 14:46	pp.exe bb30a5dd4130b071fb4ca5f005371c63 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities malicious URLs Windows	2 Keyword trend analysis	4			10.0	M	43	ZeroCERT

50130	2020-11-22 14:44	stub.exe 0e246d7813b9ea04cac28802062a3ddd Browser Info Stealer Malware download VirusTotal Malware Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs IP Check Stealer Browser	3 Keyword trend analysis	4	2	1	5.2	M	52	ZeroCERT