Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
50611	2020-11-17 09:34	peggs.exe 393e5a7fe1d4a719890fe46e7049301a Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware MachineGuid Malicious Traffic Check memory buffers extracted ICMP traffic unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW installed browsers check Tofsee Windows Browser Email ComputerName DNS Software Downloader	8 Keyword trend analysis	4	4 Info ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		13.8	M	43	ZeroCERT

50612	2020-11-17 09:28	LinK13112020.msi 9f566a164a5c6ae046c24d0e911dc577 VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself malicious URLs AntiVM_Disk VM Disk Size Check ComputerName	1 Keyword trend analysis	2			3.8	M	6	ZeroCERT

50613	2020-11-17 09:27	nass.exe d9e4ff69934ce995feaa9e54e0d5ad07 suspicious privilege Check memory Checks debugger unpack itself malicious URLs					2.4	M		ZeroCERT

50614	2020-11-17 09:19	document.doc a19eabf7fb153b7d9481cbd5a2957e5d VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Exploit DNS crashed Downloader	1 Keyword trend analysis	1	2		5.2	M	27	ZeroCERT

50615	2020-11-17 09:19	e3txkz.pdf.exe a19e9a48a5adb409f2eed82694231a7a VirusTotal Malware PDB unpack itself DNS crashed					2.4	M	12	ZeroCERT

50616	2020-11-17 09:09	document-1559797301.xlsb b716cc176fe7a6c664ee428bcda1704e unpack itself malicious URLs					2.0			ZeroCERT

50617	2020-11-17 09:08	161120.gif.exe 62796a07ec927fa798d39dbcaa16a967 unpack itself RCE					1.4	M		ZeroCERT

50618	2020-11-17 09:03	document-1559797301.xlsb b716cc176fe7a6c664ee428bcda1704e unpack itself malicious URLs					1.6			ZeroCERT

50619	2020-11-17 07:30	http://stoplyingme.com/pdf/nas... d9e4ff69934ce995feaa9e54e0d5ad07 VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities malicious URLs Windows Exploit DNS crashed	1 Keyword trend analysis	3	1		5.6			ZeroCERT

50620	2020-11-17 07:21	http://download.logins.online/... 9f566a164a5c6ae046c24d0e911dc577 Dridex VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	3		4.6		6	guest

50621	2020-11-16 23:53	arch64.exe 62993bb7deb866e9d52ac4221d266468 VirusTotal Malware RWX flags setting unpack itself Windows utilities suspicious process malicious URLs Windows ComputerName DNS	2 Keyword trend analysis	2			5.8		38	ZeroCERT

50622	2020-11-16 23:51	svchost.exe 9044b597dc455f00b922491411426ef6 VirusTotal Malware PDB Malicious Traffic RWX flags setting unpack itself malicious URLs ComputerName DNS	2 Keyword trend analysis	1			6.2	M	43	ZeroCERT

50623	2020-11-16 23:47	Setup.exe 142a8356420248e2ccbfa977b576279c VirusTotal Malware Check memory Checks debugger WMI unpack itself ComputerName					2.8		16	ZeroCERT

50624	2020-11-16 23:43	web ori2.exe 3b7b6e39851547b367a5f4e398cea7bd Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Disables Windows Security powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed keylogger		5	1		19.0	M	12	ZeroCERT

50625	2020-11-16 23:41	BOQ8600.txt.exe 5f3d7585543a71950085cb925730494e VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote AppData folder malicious URLs WriteConsoleW IP Check Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1		12.2	M	17	ZeroCERT