Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
51046	2020-10-26 11:00	p.exe e879df3fc1421ae6fddb927b080a8544 VirusTotal Malware Buffer PE AutoRuns PDB buffers extracted Creates executable files Disables Windows Security suspicious process AppData folder malicious URLs Firewall state off IP Check Windows	163 Keyword trend analysis Info http://feuhdeuhduhuehdr.ws/2 http://worm.ws/2 http://efuheruhdehduhgu.ws/3 http://efuheruhdehduhgu.ws/2 http://efuheruhdehduhgu.ws/1 http://efeuafubeubaefur.ws/4 http://efeuafubeubaefur.ws/3 http://efeuafubeubaefur.ws/2 http://efeuafubeubaefur.ws/1 http://efuheruhdehduhgu.ws/4 http://efaeduvedvzfufuu.ws/1 http://wdkowdohwodhfhfu.ws/5 http://wdkowdohwodhfhfu.ws/4 http://wdkowdohwodhfhfu.ws/1 http://wdkowdohwodhfhfu.ws/3 http://wdkowdohwodhfhfu.ws/2 http://edhuaudhuedugufr.ws/1 http://edhuaudhuedugufr.ws/2 http://edhuaudhuedugufr.ws/3 http://edhuaudhuedugufr.ws/4 http://edhuaudhuedugufr.ws/5 http://eafuebdbedbedggr.ws/4 http://feuhdeuhduhuehdr.ws/4 http://worm.ws/tldr.php?inf=1 http://feuhdeuhduhuehdr.ws/5 http://deauduafzgezzfgu.ws/5 http://gaueudbuwdbuguur.ws/2 http://gaueudbuwdbuguur.ws/3 http://gaueudbuwdbuguur.ws/1 http://gaueudbuwdbuguur.ws/4 http://gaueudbuwdbuguur.ws/5 http://okdoekeoehghaoer.ws/5 http://okdoekeoehghaoer.ws/4 http://okdoekeoehghaoer.ws/3 http://okdoekeoehghaoer.ws/2 http://okdoekeoehghaoer.ws/1 http://deauduafzgezzfgu.ws/1 http://worm.ws/1 http://worm.ws/corp/118.txt http://worm.ws/sexesss/934.txt http://efaeduvedvzfufur.ws/1 http://efaeduvedvzfufur.ws/2 http://efaeduvedvzfufur.ws/3 http://efaeduvedvzfufur.ws/4 http://efaeduvedvzfufur.ws/5 http://eafueudzefverrgr.ws/1 http://eafueudzefverrgr.ws/3 http://eafueudzefverrgr.ws/2 http://eafueudzefverrgr.ws/5 http://efeuafubeubaefur.ws/5 http://eafuebdbedbedggu.ws/5 http://efuheruhdehduhgr.ws/2 http://efuheruhdehduhgr.ws/3 http://efuheruhdehduhgr.ws/1 http://efuheruhdehduhgu.ws/5 http://efuheruhdehduhgr.ws/4 http://efuheruhdehduhgr.ws/5 http://deauduafzgezzfgu.ws/4 http://wdkowdohwodhfhfr.ws/1 http://wdkowdohwodhfhfr.ws/2 http://wdkowdohwodhfhfr.ws/3 http://wdkowdohwodhfhfr.ws/4 http://wdkowdohwodhfhfr.ws/5 http://deauduafzgezzfgu.ws/2 http://deauduafzgezzfgu.ws/3 http://deauduafzgezzfgr.ws/1 http://deauduafzgezzfgr.ws/3 http://deauduafzgezzfgr.ws/2 http://deauduafzgezzfgr.ws/5 http://deauduafzgezzfgr.ws/4 http://seuufhehfueugher.ws/3 http://seuufhehfueugher.ws/2 http://seuufhehfueugher.ws/1 http://seuufhehfueugher.ws/5 http://seuufhehfueugher.ws/4 http://feauhueudughuuru.ws/1 http://feauhueudughuuru.ws/2 http://feauhueudughuuru.ws/3 http://feauhueudughuuru.ws/4 http://efeuafubeubaefuu.ws/4 http://worm.ws/5 http://feuhdeuhduhuehdr.ws/1 http://eafuebdbedbedggr.ws/5 http://feuhdeuhduhuehdr.ws/3 http://eafuebdbedbedggr.ws/3 http://eafuebdbedbedggr.ws/2 http://eafuebdbedbedggr.ws/1 http://efeuafubeubaefuu.ws/3 http://eafuebdbedbedggu.ws/4 http://wduufbaueeubffgu.ws/4 http://eafuebdbedbedggu.ws/2 http://eafuebdbedbedggu.ws/3 http://eafuebdbedbedggu.ws/1 http://worm.ws/sexesss/n.txt http://wduufbaueeubffgu.ws/3 http://wduufbaueeubffgu.ws/2 http://wduufbaueeubffgu.ws/1 http://efeuafubeubaefuu.ws/5 http://efeuafubeubaefuu.ws/2 http://worm.ws/3 http://wduufbaueeubffgu.ws/5 http://efeuafubeubaefuu.ws/1 http://eafueudzefverrgu.ws/4 http://eafueudzefverrgu.ws/5 http://icanhazip.com/ http://eafueudzefverrgu.ws/1 http://eafueudzefverrgu.ws/2 http://eafueudzefverrgu.ws/3 http://wduufbaueeubffgr.ws/2 http://wduufbaueeubffgr.ws/3 http://wduufbaueeubffgr.ws/1 http://wduufbaueeubffgr.ws/4 http://wduufbaueeubffgr.ws/5 http://fheuhdwdzwgzdggr.ws/4 http://fheuhdwdzwgzdggr.ws/5 http://fheuhdwdzwgzdggr.ws/1 http://fheuhdwdzwgzdggr.ws/2 http://fheuhdwdzwgzdggr.ws/3 http://faugzeazdezgzgfu.ws/4 http://faugzeazdezgzgfu.ws/5 http://faugzeazdezgzgfu.ws/1 http://faugzeazdezgzgfu.ws/2 http://faugzeazdezgzgfu.ws/3 http://feauhueudughuurr.ws/5 http://feauhueudughuurr.ws/4 http://feauhueudughuurr.ws/1 http://feauhueudughuurr.ws/3 http://feauhueudughuurr.ws/2 http://okdoekeoehghaoeu.ws/4 http://okdoekeoehghaoeu.ws/5 http://okdoekeoehghaoeu.ws/2 http://okdoekeoehghaoeu.ws/3 http://okdoekeoehghaoeu.ws/1 http://api.wipmania.com/ http://seuufhehfueugheu.ws/5 http://eafueudzefverrgr.ws/4 http://feuhdeuhduhuehdu.ws/5 http://feuhdeuhduhuehdu.ws/4 http://feuhdeuhduhuehdu.ws/1 http://feuhdeuhduhuehdu.ws/3 http://feuhdeuhduhuehdu.ws/2 http://faugzeazdezgzgfr.ws/1 http://faugzeazdezgzgfr.ws/3 http://faugzeazdezgzgfr.ws/2 http://faugzeazdezgzgfr.ws/5 http://faugzeazdezgzgfr.ws/4 http://worm.ws/corp/n.txt http://worm.ws/4 http://gaueudbuwdbuguuu.ws/3 http://gaueudbuwdbuguuu.ws/2 http://gaueudbuwdbuguuu.ws/1 http://gaueudbuwdbuguuu.ws/5 http://gaueudbuwdbuguuu.ws/4 http://seuufhehfueugheu.ws/2 http://seuufhehfueugheu.ws/3 http://seuufhehfueugheu.ws/1 http://seuufhehfueugheu.ws/4 http://feauhueudughuuru.ws/5 http://fheuhdwdzwgzdggu.ws/1 http://fheuhdwdzwgzdggu.ws/3 http://fheuhdwdzwgzdggu.ws/2 http://fheuhdwdzwgzdggu.ws/5 http://fheuhdwdzwgzdggu.ws/4	42 Info feuhdeuhduhuehdr.ws(64.70.19.203) gaueudbuwdbuguuu.ws(64.70.19.203) gaueudbuwdbuguur.ws(64.70.19.203) eafuebdbedbedggu.ws(64.70.19.203) fheuhdwdzwgzdggr.ws(64.70.19.203) edhuaudhuedugufr.ws(64.70.19.203) fheuhdwdzwgzdggu.ws(64.70.19.203) efuheruhdehduhgr.ws(64.70.19.203) icanhazip.com(136.144.56.255) eafuebdbedbedggr.ws(64.70.19.203) wduufbaueeubffgr.ws(64.70.19.203) wduufbaueeubffgu.ws(64.70.19.203) worm.ws(217.8.117.10) - malware feauhueudughuuru.ws(64.70.19.203) seuufhehfueugheu.ws(64.70.19.203) feuhdeuhduhuehdu.ws(64.70.19.203) efeuafubeubaefuu.ws(64.70.19.203) deauduafzgezzfgr.ws(64.70.19.203) seuufhehfueugher.ws(64.70.19.203) efuheruhdehduhgu.ws(64.70.19.203) faugzeazdezgzgfu.ws(64.70.19.203) efaeduvedvzfufur.ws(64.70.19.203) faugzeazdezgzgfr.ws(64.70.19.203) mta7.am0.yahoodns.net(67.195.228.110) eafueudzefverrgr.ws(64.70.19.203) feauhueudughuurr.ws(64.70.19.203) deauduafzgezzfgu.ws(64.70.19.203) yahoo.com(74.6.143.26) api.wipmania.com(212.83.168.196) wdkowdohwodhfhfu.ws(64.70.19.203) okdoekeoehghaoer.ws(64.70.19.203) efeuafubeubaefur.ws(64.70.19.203) eaffuebudbeudbbr.ws(64.70.19.203) okdoekeoehghaoeu.ws(64.70.19.203) wdkowdohwodhfhfr.ws(64.70.19.203) eafueudzefverrgu.ws(64.70.19.203) efaeduvedvzfufuu.ws(64.70.19.203) 136.144.56.255 64.70.19.203 - suspicious 212.83.168.196 217.8.117.10 - suspicious 67.195.228.111	3		12.8	M	60	admin

51047	2020-10-26 10:47	officeorning.exe 656c7d3ebfbda0f059b3d4d87fe1eb01 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder malicious URLs Windows Cryptographic key					10.4	M	27	admin

51048	2020-10-26 10:47	64.exe fcbb520e5c66b1f024440e4eea650686 VirusTotal Malware Buffer PE AutoRuns PDB buffers extracted Creates executable files unpack itself Disables Windows Security suspicious process AppData folder malicious URLs Firewall state off IP Check Windows	71 Keyword trend analysis Info http://okdoekeoehghaoer.ws/4 http://faugzeazdezgzgfr.ws/1 http://api.wipmania.com/ http://feuhdeuhduhuehdr.ws/1 http://feuhdeuhduhuehdr.ws/2 http://feuhdeuhduhuehdr.ws/3 http://feuhdeuhduhuehdr.ws/4 http://feuhdeuhduhuehdr.ws/5 http://seuufhehfueugher.ws/4 http://eafueudzefverrgr.ws/1 http://seuufhehfueugher.ws/1 http://eafueudzefverrgr.ws/3 http://efeuafubeubaefur.ws/4 http://efeuafubeubaefur.ws/3 http://efeuafubeubaefur.ws/2 http://efeuafubeubaefur.ws/1 http://worm.ws/corp/20.txt http://seuufhehfueugher.ws/3 http://eafueudzefverrgr.ws/2 http://worm.ws/sexesss/n.txt http://eafueudzefverrgr.ws/5 http://worm.ws/4 http://worm.ws/5 http://worm.ws/2 http://worm.ws/3 http://worm.ws/1 http://efuheruhdehduhgr.ws/2 http://efuheruhdehduhgr.ws/3 http://icanhazip.com/ http://efuheruhdehduhgr.ws/1 http://efuheruhdehduhgr.ws/4 http://efuheruhdehduhgr.ws/5 http://feauhueudughuurr.ws/4 http://wduufbaueeubffgr.ws/2 http://wduufbaueeubffgr.ws/3 http://wduufbaueeubffgr.ws/1 http://feauhueudughuurr.ws/3 http://wduufbaueeubffgr.ws/4 http://wduufbaueeubffgr.ws/5 http://fheuhdwdzwgzdggr.ws/4 http://fheuhdwdzwgzdggr.ws/5 http://faugzeazdezgzgfr.ws/3 http://faugzeazdezgzgfr.ws/2 http://faugzeazdezgzgfr.ws/5 http://faugzeazdezgzgfr.ws/4 http://worm.ws/corp/n.txt http://fheuhdwdzwgzdggr.ws/1 http://eafueudzefverrgr.ws/4 http://fheuhdwdzwgzdggr.ws/2 http://gaueudbuwdbuguur.ws/2 http://gaueudbuwdbuguur.ws/3 http://gaueudbuwdbuguur.ws/1 http://gaueudbuwdbuguur.ws/4 http://gaueudbuwdbuguur.ws/5 http://deauduafzgezzfgr.ws/1 http://deauduafzgezzfgr.ws/3 http://deauduafzgezzfgr.ws/2 http://deauduafzgezzfgr.ws/5 http://deauduafzgezzfgr.ws/4 http://fheuhdwdzwgzdggr.ws/3 http://okdoekeoehghaoer.ws/5 http://worm.ws/sexesss/129.txt http://okdoekeoehghaoer.ws/3 http://okdoekeoehghaoer.ws/2 http://okdoekeoehghaoer.ws/1 http://feauhueudughuurr.ws/5 http://seuufhehfueugher.ws/2 http://efeuafubeubaefur.ws/5 http://feauhueudughuurr.ws/1 http://seuufhehfueugher.ws/5 http://feauhueudughuurr.ws/2	23 Info yahoo.com(74.6.231.21) seuufhehfueugher.ws(64.70.19.203) wduufbaueeubffgr.ws(64.70.19.203) feuhdeuhduhuehdr.ws(64.70.19.203) api.wipmania.com(212.83.168.196) gaueudbuwdbuguur.ws(64.70.19.203) fheuhdwdzwgzdggr.ws(64.70.19.203) worm.ws(217.8.117.10) - malware efeuafubeubaefur.ws(64.70.19.203) faugzeazdezgzgfr.ws(64.70.19.203) efuheruhdehduhgr.ws(64.70.19.203) deauduafzgezzfgr.ws(64.70.19.203) okdoekeoehghaoer.ws(64.70.19.203) icanhazip.com(147.75.47.199) mta5.am0.yahoodns.net(67.195.204.79) feauhueudughuurr.ws(64.70.19.203) eafuebdbedbedggr.ws(64.70.19.203) eafueudzefverrgr.ws(64.70.19.203) 136.144.56.255 64.70.19.203 - suspicious 212.83.168.196 217.8.117.10 - suspicious 67.195.228.106	3		12.8	M	54	admin

51049	2020-10-26 10:19	avv.exe 5790ee7642277ac3ab4df17ba016754d VirusTotal Malware AutoRuns PDB Creates executable files Disables Windows Security malicious URLs Firewall state off Windows	1 Keyword trend analysis	2	1		6.4	M	39	admin

51050	2020-10-26 10:08	ds1.exe ce56f130c12f75c8b26151d1c3a6de37 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself malicious URLs crashed					9.0	M	43	admin

51051	2020-10-26 10:04	ds1.exe ce56f130c12f75c8b26151d1c3a6de37 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself malicious URLs crashed					10.0	M	43	admin

51052	2020-10-26 10:00	ac.exe 91573753a7b75dde5ca1420bf85a60a2 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows		3			10.4	M	46	admin

51053	2020-10-26 09:58	jCEfNBgNKuQdfM.exe 42f8fed7b14d4181d8486e4c4448830c VirusTotal Malware Report RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName RCE DNS Cryptographic key	1 Keyword trend analysis	1	2		5.8	M	55	admin

51054	2020-10-24 21:41	vr1qunng5d.exe 88e7ebf0175b0aa6827e063c46203e58 Malware Malicious Traffic ICMP traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName RCE DNS Cryptographic key	1 Keyword trend analysis	2			7.6	M		admin

51055	2020-10-24 21:41	6.exe 4096b3e3291c36b97303873dd6c34b0f VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW IP Check Windows ComputerName	1 Keyword trend analysis	2	1		12.8	M	14	admin

51056	2020-10-24 21:27	vbc.exe c1c3d7e9e852772094e696187d458a8b Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger unpack itself malicious URLs Windows Browser Email ComputerName Cryptographic key Software crashed					9.4	M	36	admin

51057	2020-10-24 21:23	svch.exe fbd5505ecef3f543390d46b8131dc8b6 Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName Cryptographic key crashed					8.6	M	24	admin

51058	2020-10-24 21:18	Invoice 0015683.doc 3f0d1297b898cc4b868d373bd3b1f38d Vulnerability VirusTotal Malware Malicious Traffic ICMP traffic unpack itself malicious URLs Tofsee Windows DNS	5 Keyword trend analysis Info http://stopinfo.vhostgo.com/info3.html?data=jiafunongye.com%2Fapplication%2FNJ3Ta¬e=%E7%97%85%E6%AF%92%E9%93%BE%E6%8E%A5%E6%9C%AA%E5%88%A0%E9%99%A4&type=1 http://amarteargentina.com.ar/wp-admin/GOAvrV/ - mailcious http://188.226.165.170:8080/ujQT3Imbl2G/pDHVVAaZp7lORlJ3Ixy/k51ux/GaQ4KvtL/Q8r6Aadb/sJEcvi/ - mailcious http://jiafunongye.com/application/NJ3Ta/ - mailcious https://acheterdrogues.com/wp-admin/m/ - mailcious	12 Info acheterdrogues.com(104.18.49.158) - mailcious jiafunongye.com(211.149.252.72) - mailcious hcareconcepts.com(51.81.109.122) - malware stopinfo.vhostgo.com(211.149.246.250) amarteargentina.com.ar(66.97.40.114) - mailcious 78.90.78.210 - suspicious 211.149.246.250 66.97.40.114 - suspicious 188.226.165.170 - suspicious 104.18.48.158 - suspicious 211.149.252.72 - suspicious 51.81.109.122 - suspicious	4		7.4	M	41	admin

51059	2020-10-24 21:16	aa.exe 34bbaf88d62ba189eb03bd77d951bd6d suspicious privilege Check memory Checks debugger unpack itself ComputerName					1.4			admin

51060	2020-10-24 21:12	3415201.png.exe 8ae42eb5c0a95502f49a77dada2c28c6 AutoRuns Code Injection Check memory buffers extracted unpack itself Windows utilities Detects VMWare suspicious process malicious URLs sandbox evasion WriteConsoleW VMware Windows Browser ComputerName crashed					8.6			admin