Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2025-04-22 11:58	pOqYWAZ.exe 8c2df7e94aecf922bac33303693edc40 RedLine stealer XMRig Miner RedlineStealer Generic Malware Downloader Malicious Library UPX Antivirus Malicious Packer .NET framework(MSIL) Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code i Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Cryptocurrency Miner Malware powershell Microsoft AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Auto service Check virtual network interfaces suspicious process AppData folder WriteConsoleW installed browsers check Stealer Windows Browser ComputerName RCE Firmware DNS Cryptographic key Software crashed CoinMiner		3	6 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		15.8		46	ZeroCERT

2	2025-04-21 10:10	download.php 7fabf8c4efb42fd2239eadae059e533e RedLine stealer Gen1 Emotet XMRig Miner RedlineStealer Generic Malware Themida Downloader Malicious Library UPX Antivirus Admin Tool (Sysinternals etc ...) Malicious Packer .NET framework(MSIL) Create Service Socket DGA Http API ScreenShot Escalate privil Browser Info Stealer RedLine Malware download Amadey VirusTotal Malware powershell Microsoft AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Checks Bios Detects VMWare suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization VM Disk Size Check installed browsers check Stealer Windows Browser ComputerName RCE DNS Cryptographic key crashed	5 Keyword trend analysis	3	12 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 32 ET MALWARE Amadey CnC Response ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		19.4	M	42	ZeroCERT

First
1
Last
Total : 2cnts