Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2025-04-15 09:45	loader.hta 3d38ab222579d17632acd5d383490a05 Check memory RWX flags setting unpack itself Tofsee DNS		3	2		1.6			ZeroCERT

2	2025-04-15 09:43	pixel.exe 52749d5846a4f486c6268f892cf30088 task schedule PWS Code injection AntiDebug AntiVM PE File .NET EXE PE32 DLL .NET DLL Malware download VirusTotal Malware Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces AppData folder Windows DNS Cryptographic key Downloader	1 Keyword trend analysis	1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 13 ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	1	10.8	M	28	ZeroCERT

3	2025-04-10 11:02	UULYORIK.msi c0e3a376141ba1ff83fbaa9096665c10 CAB MSOffice File Malware download NetWireRC VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check SectopRAT Backdoor ComputerName DNS	1 Keyword trend analysis	11	3		4.4	M	14	ZeroCERT

4	2025-04-04 10:03	qx.exe 6af85522bfd942c0413bb09977eb2941 Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself DNS		1			3.0	M	52	ZeroCERT

5	2025-04-04 09:59	j.exe 492bde0d908c7d54d74dc50f94f9a406 Code injection AntiDebug AntiVM PE File .NET EXE PE32 DLL .NET DLL Malware download VirusTotal Malware Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Check virtual network interfaces AppData folder IP Check Windows ComputerName DNS Cryptographic key Downloader	2 Keyword trend analysis	3	7 Info ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY External IP Lookup ip-api.com ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		13.2	M	40	ZeroCERT

6	2021-12-23 11:22	9243_1640029839_4912.exe 996ca4837c2c19519dab6d107f2e9f72 RedLine stealer[m] Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1			11.8	M	36	ZeroCERT

First
1
Last
Total : 6cnts