Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
50596	2020-11-18 09:28	CKC.exe d54d01d0a3a073d1d2a3b70e0d9852cc VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs Windows DNS Cryptographic key					7.0	M	14	ZeroCERT

50597	2020-11-18 08:00	http://151.80.8.30/document1.d... f9a6dc3c7aa957c70e4f539d72e54c4f Dridex VirusTotal Malware Code Injection Malicious Traffic exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	1	5		4.6		25	ZeroCERT

50598	2020-11-17 18:50	SK-0177.exe d737b3e50711d626e50f55db83908747 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	6	5		16.8	M	24	ZeroCERT

50599	2020-11-17 18:46	SDJ-0488.exe 89a84e0e14ffe871c73cd121ab13b6d5 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software		1			17.2	M	21	ZeroCERT

50600	2020-11-17 18:44	F58PlfINzp49aXd.exe b0916454a9fa65dcffa2552149850fd8 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed	2 Keyword trend analysis	6	5		13.2		25	ZeroCERT

50601	2020-11-17 18:42	411.exe 2398469593c9dec9561a556b30f6d63a VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs Windows ComputerName Cryptographic key crashed					13.2	M	29	ZeroCERT

50602	2020-11-17 18:31	ago.exe 0b1e53072e91e0d71e3db6b2720d2ee8 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed					8.4	M	43	ZeroCERT

50603	2020-11-17 18:31	411.exe 2398469593c9dec9561a556b30f6d63a VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs Ransomware Windows Tor ComputerName Cryptographic key crashed					14.4	M	29	ZeroCERT

50604	2020-11-17 17:51	바이든 시대 북한 비핵화 협상의 또 하나암초 - 북한 ... c0c9b52ce51df46422e4fa14178beeec VirusTotal Malware Check memory RWX flags setting unpack itself suspicious process malicious URLs Interception Browser ComputerName		2			7.4	M	30	guest

50605	2020-11-17 17:14	바이든 시대 북한 비핵화 협상의 또 하나암초 - 북한 ... 164839a72dba24d189c1d990e61a53e2 unpack itself malicious URLs					2.0			guest

50606	2020-11-17 17:10	http://naver.midsecurity.org/a... c731e705a5baf082bf3ffc72b6b77699 Dridex VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	10 Keyword trend analysis Info http://naver.midsecurity.org/attache/20201112/ http://naver.midsecurity.org/favicon.ico https://www.google.com/gen_204?atyp=i&zx=1605600471859&ogsr=1&ei=4oSzX9ZJgvbAA5Tjigg&ct=7&cad=i&id=19020306&loc=&prid=1&ogd=co.kr&ogprm=up&vis=1 https://www.google.com/images/branding/googlelogo/1x/googlelogo_white_background_color_272x92dp.png https://ssl.gstatic.com/gb/images/i1_1967ca6a.png https://www.google.com/ https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.uhBKOtz6fOw.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8GZHNTtpcfighnqAH0uUZTALLzrw/cb=gapi.loaded_0 https://id.google.com/verify/AHGvNoxAZHHcFbjELX9aUcdWqB0kYI-3vZN668EoXbUU7C138LYfKzXkhXZ5A8CQ0r8m4W4JBbzFmZHjJy0p4BTnOt48MJIgb3PTICcGYufmC-9Bw7inQg https://www.google.com/images/hpp/Chrome_Owned_96x96.png https://www.gstatic.com/og/_/js/k=og.og2.en_US.0fxHrwx9DwM.O/rt=j/m=def/exm=in,fot/d=1/ed=1/rs=AA2YrTuwNYp9HnNdyLuIQrO0aAHr-sQcBQ	12 Info www.google.com(172.217.174.100) www.gstatic.com(172.217.174.99) naver.midsecurity.org(211.104.160.79) ssl.gstatic.com(172.217.25.99) id.google.com(172.217.24.131) apis.google.com(216.58.197.174) 216.58.220.131 172.217.24.131 211.104.160.79 - suspicious 172.217.175.227 172.217.174.100 216.58.197.174 - suspicious	3		5.0		2	guest

50607	2020-11-17 09:51	pegoos.exe e8b534f89b0f23446b410e47ded4a76f Malware download VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check human activity check installed browsers check Tofsee Windows Browser ComputerName WordPress Downloader	8 Keyword trend analysis	6	5 Info ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download		9.4	M	20	ZeroCERT

50608	2020-11-17 09:50	uinm.exe 9a14f154a2bd1be68a91bab0118cdd6b Malware Malicious Traffic Check memory Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows	2 Keyword trend analysis	2			4.2	M		ZeroCERT

50609	2020-11-17 09:49	pegs.exe 42e13e9fb45e01c567b6d3c34caab781 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware MachineGuid Malicious Traffic Check memory buffers extracted Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs WriteConsoleW installed browsers check Tofsee Windows Browser Email ComputerName RCE DNS Software Downloader	7 Keyword trend analysis	4	4 Info ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download		13.0	M	27	ZeroCERT

50610	2020-11-17 09:35	pegasun.exe e73e257a21c192c734e5fda707f526c4 VirusTotal Malware malicious URLs		1			2.8	M	51	ZeroCERT