Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
50236	2020-11-19 10:05	content.exe 9120704bbeb7458efc6491283ff5c528 VirusTotal Malware powershell AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName DNS Cryptographic key		2			11.6	M	54	ZeroCERT

50237	2020-11-19 10:01	bitbit.exe 4383cfdf8af01edd3110a25c33763c2d ENERGETIC BEAR VirusTotal Malware suspicious privilege unpack itself malicious URLs Windows Tor DNS keylogger		3	2		7.6	M	49	ZeroCERT

50238	2020-11-19 10:01	ayox.exe 21a0b271edce3702889bd4fe4205f90d Browser Info Stealer VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Ransomware Windows Browser Tor ComputerName DNS Cryptographic key crashed	2 Keyword trend analysis	9	7 Info ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 231 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 579 ET TOR Known Tor Exit Node Traffic group 152 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 152 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 294 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 586 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		15.4	M	44	ZeroCERT

50239	2020-11-19 09:56	31.exe 0a975ab225438aa388a42fefa03555ff ENERGETIC BEAR suspicious privilege Check memory buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder malicious URLs anti-virtualization Ransomware Windows Tor ComputerName DNS crashed keylogger		6	6 Info ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 444 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 247 ET TOR Known Tor Exit Node Traffic group 75 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 75 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 232 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 652		11.8	M		ZeroCERT

50240	2020-11-19 09:56	1.exe 1c2e14b349ff275af406259a671e78b6 VirusTotal Malware suspicious privilege Check memory buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder malicious URLs anti-virtualization Ransomware Windows Tor ComputerName DNS crashed keylogger		6	7 Info ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 579 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 586 ET TOR Known Tor Exit Node Traffic group 152 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 684 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 152 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 294 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 231		11.6	M	57	ZeroCERT

50241	2020-11-19 09:50	MULTAMIT8069218371.msi 77c587e712fb0e78d8f07301aaee21e6 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs AntiVM_Disk VM Disk Size Check ComputerName DNS		1			4.0		23	ZeroCERT

50242	2020-11-19 09:49	MIT-MULTA9662778901.msi 4cd4cf6d8d40df274769f490bd85d6f8 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs AntiVM_Disk VM Disk Size Check ComputerName		1			3.0		8	ZeroCERT

50243	2020-11-19 09:45	winlog.exe aa92c8736080f32042a34e5fddfff6e8 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Software		2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response		18.6	M	22	ZeroCERT

50244	2020-11-19 09:43	whe.exe f8b1cce7df34ebcd1cd3161b30211314 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed					7.8	M	55	ZeroCERT

50245	2020-11-19 09:39	iykex.exe 3be1e88b82706b6f653619e9619fe218 VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote AppData folder malicious URLs Windows ComputerName DNS Cryptographic key					12.0	M	39	ZeroCERT

50246	2020-11-19 09:38	vbc.exe 3ba59e99db204d0e5e0c784765f0791f VirusTotal Malware Check memory Checks debugger unpack itself					2.6	M	32	ZeroCERT

50247	2020-11-19 09:30	iykex.exe 3be1e88b82706b6f653619e9619fe218 VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote AppData folder malicious URLs Windows ComputerName DNS Cryptographic key					12.0	M	39	ZeroCERT

50248	2020-11-19 09:28	milo.exe 1e485155dcf9e761424a80697bd2b04c Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed	2 Keyword trend analysis	4	1		11.8	M	41	ZeroCERT

50249	2020-11-19 09:24	iykex.exe 3be1e88b82706b6f653619e9619fe218 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs Windows					6.2	M	39	ZeroCERT

50250	2020-11-19 09:24	ftp.exe 810757f42d1e8cc25a2f4e35c695c937 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs AntiVM_Disk VM Disk Size Check Windows DNS Cryptographic key DDNS crashed		2	1		11.8	M	20	ZeroCERT