Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
50686	2020-11-14 11:15	invoice_141146.doc 450faad9143044796ab28d4d23e9d9ca LokiBot Malware download VirusTotal Malware c&c Malicious Traffic exploit crash unpack itself malicious URLs Windows Exploit Trojan DNS crashed Downloader		5	12 Info ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET INFO DNS Query for Suspicious .ga Domain ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET POLICY PE EXE or DLL Windows file download HTTP		5.6	M	28	guest

50687	2020-11-14 11:14	document.doc 4f56d3858a54bf7bb94e1c7ddc741a42 VirusTotal Malware exploit crash unpack itself malicious URLs Windows Exploit crashed Downloader	1 Keyword trend analysis	2	2		4.2	M	24	guest

50688	2020-11-14 11:10	crss.exe c686f0172cdc0e9e4a5f8ef3eae39f08 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	3			12.2	M	24	guest

50689	2020-11-14 11:09	1NN.exe 04965d71773df3b1283ddd3f5489774a Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger WMI RWX flags setting unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Software crashed keylogger	1 Keyword trend analysis	4	2		10.0	M	55	guest

50690	2020-11-14 09:52	http://45.138.72.84/10.11nov32... VirusTotal Malware					0.6			guest

50691	2020-11-13 18:30	ABW.exe 40a49fab093a5bb338f33fa9813dcfb3 Malware download Nanocore VirusTotal Malware c&c Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW human activity check Windows ComputerName DNS crashed		3	1		13.2		21	guest

50692	2020-11-13 18:30	document.doc 55e5539473b761d067a4e3a1baa1433f VirusTotal Malware exploit crash unpack itself malicious URLs IP Check Tofsee Windows Exploit crashed Downloader	3 Keyword trend analysis	6	3		4.6		25	guest

50693	2020-11-13 18:27	zz1ecco.jpg.exe eb63431f06ac3ef3eeb7f50f35889a57 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs Ransomware Windows Tor ComputerName DNS Cryptographic key crashed		1			13.8	M	36	guest

50694	2020-11-13 18:26	axcypr.exe 944d8991324c722fc1495d8f3dda1313 VirusTotal Malware PDB unpack itself malicious URLs ComputerName					3.0	M	39	guest

50695	2020-11-13 18:06	vbchost.exe 61734203be58b15addcb1a03bd70ce3e VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	3			12.0	M	17	guest

50696	2020-11-13 18:04	top.exe c529850a974f9d96565c23ba21fb4d38 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed					10.4	M	26	guest

50697	2020-11-13 18:01	schhost.exe da9a36b6309b598ebccf383b6263bb65 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key					10.0	M	21	guest

50698	2020-11-13 17:09	5.exe f139bcd08ad8da406f7dd25411d1c9b3 VirusTotal Malware unpack itself malicious URLs					2.8	M	60	admin

50699	2020-11-13 17:06	5.exe f139bcd08ad8da406f7dd25411d1c9b3 VirusTotal Malware unpack itself malicious URLs					2.8	M	60	admin

50700	2020-11-13 17:05	5.exe f139bcd08ad8da406f7dd25411d1c9b3 VirusTotal Malware unpack itself malicious URLs					2.8	M	60	admin