Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
5446	2021-02-25 15:09	svch.exe c2b9721f7f6892761514f55bc7a7fecb Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	2 Keyword trend analysis	4	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	15.0	M	30	ZeroCERT

5447	2021-02-25 15:51	System32.exe 93c15cbf5aa7c60824404ffb63db9998 AutoRuns MachineGuid Check memory Checks debugger unpack itself Windows Cryptographic key crashed					2.6	M		ZeroCERT

5448	2021-02-25 15:51	vbc.exe 074c396a4b75da68d3c038f3c2105829 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Buffer PE suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3		2	17.4	M	28	ZeroCERT

5449	2021-02-25 17:20	vbc2.exe 507f7ce0a2a3ecd308d735d9a4b98d2c Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software		1			13.8	M	42	ZeroCERT

5450	2021-02-25 17:27	vbc3.exe 507f7ce0a2a3ecd308d735d9a4b98d2c Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software		1			14.8	M	42	ZeroCERT

5451	2021-02-25 17:28	1111START.exe 12b02f4f89aa1a5e632dfe82d8e242ca VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Checks Bios Detects VMWare Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW VMware anti-virtualization Tofsee Windows ComputerName Firmware DNS crashed	7 Keyword trend analysis	11 Info pool.minexmr.com(178.32.120.127) - mailcious iplogger.org(88.99.66.31) pastebin.com(104.23.99.190) - mailcious blog.agencia10x.com(172.67.213.210) - malware 88.99.66.31 - mailcious 104.21.67.51 - malware 195.2.84.91 - malware 104.23.98.190 - mailcious 51.68.21.188 - mailcious 178.32.120.127 - mailcious 94.130.165.85	3		15.4	M	47	ZeroCERT

5452	2021-02-25 18:04	mex.exe 70dca411445d3b4394d9c467bf3ff994 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VirtualBox Detects VMWare Check virtual network interfaces malicious URLs VMware anti-virtualization installed browsers check Tofsee Ransomware Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed	1 Keyword trend analysis	7	1		13.0	M	53	ZeroCERT

5453	2021-02-25 18:09	New_mix_.exe ba0a5f07334577cb52cc9df482e056b7 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces malicious URLs installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key Software crashed	3 Keyword trend analysis	10	2		15.6	M	30	ZeroCERT

5454	2021-02-25 18:15	regasm.exe 42570d1bbe61dcc04cccf86c985e4961 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files unpack itself AppData folder malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response	1	10.2	M	24	ZeroCERT

5455	2021-02-25 18:17	tnf.exe 60ba69b7155f5e11a3edfe47f5841fe3 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Cryptocurrency Miner Malware Cryptocurrency wallets Cryptocurrency Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare Check virtual network interfaces suspicious process AppData folder malicious URLs suspicious TLD WriteConsoleW VMware anti-virtualization installed browsers check Tofsee Ransomware Windows Browser Email ComputerName Firmware DNS Cryptographic key Software crashed	9 Keyword trend analysis Info http://178.20.44.153/crypt_loader_mix.exe https://iplogger.org/1r2et7 https://iplogger.org/1tsef7 https://fckcloudf.top//l/f/vB122HcBuI_ccNKoq57k/4825e3ce43c9c8037090f05b40ca43a21bc0e5b0 https://fckcloudf.top/ https://api.ip.sb/geoip https://tttttt.me/jrrand0mer https://fckcloudf.top//l/f/vB122HcBuI_ccNKoq57k/393ab60e0d09ad4206b5fb6641450b7dbf1fc07c https://iplogger.org/1nsMw7	26 Info pool.minexmr.com(94.130.164.163) - mailcious www.google.com(172.217.26.4) WHOIS.APNIC.NET(172.104.77.201) blog.agencia10x.com(172.67.213.210) - malware api.ip.sb(104.26.12.31) tttttt.me(95.216.186.40) - mailcious fckcloudf.top(172.67.194.108) iplogger.org(88.99.66.31) whois.iana.org(192.0.32.59) pastebin.com(104.23.98.190) - mailcious 172.67.213.210 - malware 192.0.32.59 104.21.41.220 178.20.44.153 88.99.66.31 - mailcious 13.107.21.200 104.23.99.190 - mailcious 195.2.84.91 - malware 87.251.71.75 - mailcious 172.104.79.63 88.99.193.240 51.254.84.37 - mailcious 95.216.186.40 - mailcious 216.58.220.196 94.130.165.87 104.26.13.31	8 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query to a *.top domain - Likely Hostile ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host ZIP Request ET POLICY DNS request for Monero mining pool		27.8	M	41	ZeroCERT

5456	2021-02-25 18:24	vbc2.exe f7df06763242e98b83d0367202379ad1 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key					7.8	M	21	ZeroCERT

5457	2021-02-25 18:24	vbc.exe 00f5f529af85bb9acf04ae57da30e1f5 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS Cryptographic key					10.4	M	20	ZeroCERT

5458	2021-02-25 18:29	winlog.exe 360437b30bd9db4fa30bb9399d712948 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software	1 Keyword trend analysis	2	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	12.6	M	27	ZeroCERT

5459	2021-02-26 09:31	Multas,Lugar y Hora.vbs 4f8a13f5cc132e50e3cfa031f571745f Malware VBScript powershell Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key DDNS Dropper	4 Keyword trend analysis	6	2	3	10.0	M		ZeroCERT

5460	2021-02-26 09:46	1.exe a864386e5111b893dde1fc1188e9b529 VirusTotal Cryptocurrency Miner Malware Cryptocurrency PDB Code Injection Check memory Creates executable files unpack itself Windows utilities Auto service Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName Firmware		2	1		8.2	M	47	ZeroCERT

First
Previous
361
362
363
364
365
366
367
368
369
370
Next
Last
Total : 48,352cnts