Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
5941	2021-03-14 12:17	gZozYQsZNAIR9bV.exe 2ba1022a54bbea2f9f692bca6db317b7 AsyncRAT backdoor FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS	10 Keyword trend analysis Info http://www.12grids.com/amis/?uZi0=psrw+R6Q9Jjde+E3CcaLJDP0XdBln8JLHvq3u3Pgl5rTrpe13P6N0QtZNFTT+LzRljSMbO1p&Vnt48=GTd0sn7PSV8h7fY http://www.bastroppumpkinpatch.com/amis/ http://www.actu-positives.com/amis/?uZi0=YzdasE/8BZtD+pBVZFDVL42OR+puwIFqNbrJQtY8fKpFyhW17l2eSpfRlPlWcFlVBa/JtS8h&Vnt48=GTd0sn7PSV8h7fY http://www.manufacturademexico.com/amis/ http://www.manufacturademexico.com/amis/?uZi0=sPdhRSzn5V3HtrT4YMduOlaljhy3aEu0KnwFtxuLUZsWoGYhKpJFzPTxi2g56+/rwHwdINSs&Vnt48=GTd0sn7PSV8h7fY http://www.12grids.com/amis/ http://www.bastroppumpkinpatch.com/amis/?uZi0=Zztpo3Qg6eQvKRHyXCtHHCkqSp5t5TCMPeCDMzGI5iClRJ18pLJ4+tNlnvg2Sp1RBSWHCjAo&Vnt48=GTd0sn7PSV8h7fY http://www.actu-positives.com/amis/ http://www.bristolfestivals.network/amis/?uZi0=usZm+hsbL/FsEOjR3VWL7jHfDQnA3qjkeu6s4A35LkS4Fs/X4CFjwFQKANIX3W+bg6ZPhFtv&Vnt48=GTd0sn7PSV8h7fY http://www.bristolfestivals.network/amis/	14 Info www.orthorghet.com() www.communityredport.com() www.manufacturademexico.com(37.59.172.100) www.caishen366.com() www.actu-positives.com(164.132.235.17) www.12grids.com(34.102.136.180) www.bastroppumpkinpatch.com(184.168.131.241) www.bristolfestivals.network(198.49.23.144) 37.59.172.100 184.168.131.241 - mailcious 20.43.94.199 164.132.235.17 - phishing 34.102.136.180 - mailcious 198.185.159.145 - mailcious	1		12.2	M	23	ZeroCERT

5942	2021-03-15 09:47	ini.exe b05be8386525dadcc8188a1c97763ce8 ftp Client info stealer email stealer Win Trojan agentTesla browser Google Chrome User Data Download management AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Ransomware Windows Tor ComputerName Cryptographic key crashed					12.0		50	ZeroCERT

5943	2021-03-15 09:49	lilal1.exe 331064627d4361c3f3e3ba15d4d75afc Malicious Library VirusTotal Malware Buffer PE Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows DNS Cryptographic key	1 Keyword trend analysis	3			13.0		41	ZeroCERT

5944	2021-03-15 10:15	winlog.exe 9bdc8f00b437a66c1f1f0b6b45849d04 Generic Malware VirusTotal Malware suspicious privilege Check memory Creates executable files unpack itself AppData folder malicious URLs sandbox evasion					5.0		46	r0d

5945	2021-03-15 10:15	winlog.exe 9bdc8f00b437a66c1f1f0b6b45849d04 Generic Malware VirusTotal Malware suspicious privilege Check memory Creates executable files unpack itself AppData folder malicious URLs sandbox evasion					5.0		46	r0d

5946	2021-03-15 10:22	winlog.exe 9bdc8f00b437a66c1f1f0b6b45849d04 Generic Malware VirusTotal Malware suspicious privilege Check memory Creates executable files unpack itself AppData folder malicious URLs sandbox evasion					5.0		46	r0d

5947	2021-03-15 12:22	office.exe aaf2bc562f565342a8a779d3b5d796ed AsyncRAT backdoor VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs Windows ComputerName Cryptographic key	2 Keyword trend analysis Info http://liverpoolofcfanclub.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-A929CF382FC028449177F40C28FFD739.html - rule_id: 361 http://liverpoolofcfanclub.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-A929CF382FC028449177F40C28FFD739.html	2		1	3.4		17	ZeroCERT

5948	2021-03-15 12:29	office.exe aaf2bc562f565342a8a779d3b5d796ed AsyncRAT backdoor VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs Windows ComputerName Cryptographic key	2 Keyword trend analysis Info http://liverpoolofcfanclub.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-A929CF382FC028449177F40C28FFD739.html - rule_id: 361 http://liverpoolofcfanclub.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-A929CF382FC028449177F40C28FFD739.html	2		1	3.4		17	guest

5949	2021-03-15 12:29	PkgV01.00.00.exe ebfe3cc196712a6c4b09fcc2c9790fd0 Emotet AsyncRAT backdoor VMProtect Antivirus Gen VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities AppData folder malicious URLs sandbox evasion WriteConsoleW GameoverP2P Zeus Windows Browser ComputerName Trojan Banking DNS					12.8		44	ZeroCERT

5950	2021-03-15 13:29	PkgV01.00.00.exe ebfe3cc196712a6c4b09fcc2c9790fd0 Emotet AsyncRAT backdoor VMProtect Antivirus Gen VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check GameoverP2P Zeus Windows Browser ComputerName Trojan Banking					12.0		44	ZeroCERT

5951	2021-03-15 15:14	svchost.exe c3477d94caf7b8dc32f26afa5fc908fc Azorult .NET framework AsyncRAT backdoor Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself suspicious process malicious URLs installed browsers check Windows Browser Email ComputerName Cryptographic key Software	1 Keyword trend analysis	2	2		12.0		45	guest

5952	2021-03-15 15:27	Cuckoo_AI.txt 1dc6a2a22b299d80df8826ce6051260e Check memory unpack itself					1.0			guest

5953	2021-03-15 15:37	Cuckoo_AI.txt 1dc6a2a22b299d80df8826ce6051260e Check memory unpack itself					1.0			guest

5954	2021-03-15 16:16	Cuckoo_AI.txt 1dc6a2a22b299d80df8826ce6051260e Check memory unpack itself					1.0			guest

5955	2021-03-15 16:26	login.vbs 49f685bf27de38094374336be540b200 Antivirus Malware VBScript powershell Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key DDNS Dropper	3 Keyword trend analysis	5	2		10.0			r0d

First
Previous
391
392
393
394
395
396
397
398
399
400
Next
Last
Total : 48,320cnts