Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
50401	2020-11-20 18:47	azchgftrq.exe b403152a9d1a6e02be9952ff3ea10214 Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files ICMP traffic unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization installed browsers check OskiStealer Stealer Windows Browser Email ComputerName DNS	10 Keyword trend analysis Info http://taenaiaa.ac.ug/msvcp140.dll http://taenaiaa.ac.ug/main.php http://taenaiaa.ac.ug/sqlite3.dll http://taenaiaa.ac.ug/mozglue.dll http://taenaiaa.ac.ug/softokn3.dll http://taenaiaa.ac.ug/ http://taenaiaa.ac.ug/nss3.dll http://taenaiaa.ac.ug/vcruntime140.dll http://taenaiaa.ac.ug/freebl3.dll http://morasergiox.ac.ug/index.php	3	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 38 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil		20.2	M	26	guest

50402	2020-11-20 18:46	ac.exe 49ba8ccea19e418fd166e89e46e2897f VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs		3			9.8	M	48	guest

50403	2020-11-20 14:13	ac.exe 49ba8ccea19e418fd166e89e46e2897f VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted ICMP traffic unpack itself malicious URLs		3			10.2	M	20	admin

50404	2020-11-20 14:10	ac.exe 49ba8ccea19e418fd166e89e46e2897f VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs		3			9.4	M	20	guest

50405	2020-11-20 13:59	ac.exe 49ba8ccea19e418fd166e89e46e2897f VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted ICMP traffic unpack itself malicious URLs DNS		3			11.2	M	20	guest

50406	2020-11-20 13:57	uwgi에러.txt 099d5cbb5f4db4f3a73b3fa6ca869273 Check memory unpack itself					1.0			admin

50407	2020-11-20 13:57	411.exe 2398469593c9dec9561a556b30f6d63a VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs Ransomware Windows Tor ComputerName Cryptographic key crashed					14.8	M	54	guest

50408	2020-11-20 13:56	8YAOuE8zfTpo1M9.exe 7e305229b6f13f866e2cae249318c9e3 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Ransomware Windows Tor ComputerName DNS crashed					14.2	M	21	guest

50409	2020-11-20 13:56	8YAOuE8zfTpo1M9.exe 7e305229b6f13f866e2cae249318c9e3 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Ransomware Windows Tor ComputerName crashed					13.6	M	21	guest

50410	2020-11-20 13:51	uwgi에러.txt 099d5cbb5f4db4f3a73b3fa6ca869273 Check memory unpack itself					1.0			admin

50411	2020-11-20 13:50	uwgi에러.txt 099d5cbb5f4db4f3a73b3fa6ca869273 Check memory unpack itself					1.0			admin

50412	2020-11-20 13:47	uwgi에러.txt 099d5cbb5f4db4f3a73b3fa6ca869273 Check memory unpack itself					1.0			admin

50413	2020-11-20 13:46	uwgi에러.txt 099d5cbb5f4db4f3a73b3fa6ca869273 Check memory unpack itself DNS					1.6			admin

50414	2020-11-20 13:46	uwgi에러.txt 099d5cbb5f4db4f3a73b3fa6ca869273 Check memory unpack itself					1.0			admin

50415	2020-11-20 13:36	uwgi에러.txt 099d5cbb5f4db4f3a73b3fa6ca869273 Check memory unpack itself					1.0			admin