Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2023-12-01 10:43	hv.exe b4e0409a6822da1a960bf71ce05fba6f Admin Tool (Sysinternals etc ...) .NET framework(MSIL) Malicious Library UPX PWS AntiDebug AntiVM PE32 PE File MSOffice File .NET EXE DLL OS Processor Check VirusTotal Malware Buffer PE PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder Tofsee Windows DNS Cryptographic key crashed	1 Keyword trend analysis	3	1		12.4		24	ZeroCERT

2	2023-11-28 14:17	hv.exe 096406c4d94995f150e36fbb4f8fa05b Admin Tool (Sysinternals etc ...) .NET framework(MSIL) Malicious Library UPX PWS AntiDebug AntiVM PE32 PE File .NET EXE PNG Format DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces AppData folder installed browsers check SectopRAT Windows Browser Backdoor ComputerName DNS Cryptographic key Software crashed		1	1		14.8		4	ZeroCERT

3	2023-11-27 09:38	amd.exe f4ba796f39305262e65d0ebd9d0ee33e Amadey Themida Packer Malicious Library UPX Admin Tool (Sysinternals etc ...) .NET framework(MSIL) PWS Anti_VM AntiDebug AntiVM PE32 PE File DLL OS Processor Check .NET EXE Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare Check virtual network interfaces suspicious process AppData folder WriteConsoleW VMware anti-virtualization installed browsers check SectopRAT Windows Browser Backdoor ComputerName RCE Firmware DNS Cryptographic key Software crashed Downloader	2 Keyword trend analysis	5	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Arechclient2 Backdoor CnC Init ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	23.8	M	60	ZeroCERT

4	2023-11-22 13:36	hv.exe e6c5f81f9361ada44fedd6b460e29b62 Admin Tool (Sysinternals etc ...) .NET framework(MSIL) UPX Malicious Library PWS AntiDebug AntiVM PE32 PE File .NET EXE OS Processor Check DLL Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder installed browsers check SectopRAT Windows Browser Backdoor ComputerName DNS Cryptographic key Software crashed		1	1		13.2	M	23	ZeroCERT

5	2023-11-14 17:25	software.exe 2b0ca4edd1b9b7c6c627798503e9805f UPX Malicious Library PWS Anti_VM AntiDebug AntiVM PE32 PE File .NET EXE OS Processor Check PNG Format DLL Browser Info Stealer Malware download FTP Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces AppData folder installed browsers check SectopRAT Windows Browser Backdoor ComputerName RCE DNS Cryptographic key Software crashed		1	1		15.0	M		ZeroCERT

First
1
Last
Total : 5cnts