Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2024-09-02 11:17	random.exe 82f430cb027d4089280c1a2a42335131 Stealc Amadey Lumma RedLine stealer Gen1 Emotet Generic Malware Admin Tool (Sysinternals etc ...) UPX Malicious Library Antivirus Malicious Packer .NET framework(MSIL) ScreenShot PWS AntiDebug Ant Browser Info Stealer Malware download Amadey FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces AppData folder suspicious TLD sandbox evasion VMware anti-virtualization IP Check installed browsers check Kelihos Stealc CryptBot Stealer Windows Browser Email ComputerName DNS Cryptographic key Software crashed plugin	32 Keyword trend analysis Info http://ddl.safone.dev/3850492/seidr_build.exe?hash=AgADjB http://185.215.113.17/f1ddeb6592c03206/freebl3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/freebl3.dll http://fivexv5vs.top/v1/upload.php http://185.215.113.17/f1ddeb6592c03206/msvcp140.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/msvcp140.dll http://185.215.113.16/inc/crypteda.exe - rule_id: 41506 http://185.215.113.16/Jo89Ku7d/index.php - rule_id: 41502 http://185.215.113.17/f1ddeb6592c03206/vcruntime140.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/vcruntime140.dll http://ddl.safone.dev/3846244/1.exe?hash=AgADek http://185.215.113.16/inc/Amadeus.exe http://185.215.113.19/ProlongedPortable.dll http://ddl.safone.dev/3823166/crypted.exe?hash=AgADZl http://185.215.113.26/Nework.exe http://ddl.safone.dev/3846638/GetSys.exe?hash=AgADAh http://185.215.113.17/f1ddeb6592c03206/sqlite3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/sqlite3.dll http://sevxv17pt.top/v1/upload.php - rule_id: 42432 http://ddl.safone.dev/3846636/Set-up.exe?hash=AgADDB http://185.215.113.17/ - rule_id: 275 http://x1.i.lencr.org/ http://stagingbyvdveen.com/get/setup2.exe - rule_id: 42015 http://185.215.113.17/f1ddeb6592c03206/mozglue.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/mozglue.dll http://185.215.113.17/f1ddeb6592c03206/softokn3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/softokn3.dll http://185.215.113.17/f1ddeb6592c03206/nss3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/nss3.dll http://185.215.113.17/2fb6c2cc8dce150a.php - rule_id: 42279 http://ddl.safone.dev/3840509/build.exe?hash=AgADNB http://185.215.113.26/Dem7kTu/index.php - rule_id: 42445	19 Info stagingbyvdveen.com(147.45.60.44) - malware fivexv5vs.top(195.133.48.136) sevxv17pt.top(195.133.13.230) - mailcious ipinfo.io(34.117.59.81) x1.i.lencr.org(23.52.33.11) ddl.safone.dev(63.32.161.232) - malware 154.216.17.170 - malware 23.207.177.83 185.215.113.16 - mailcious 185.215.113.17 - malware 185.215.113.19 - malware 147.45.60.44 - malware 95.216.143.20 52.212.52.84 - malware 185.215.113.26 - mailcious 195.133.48.136 95.179.250.45 34.117.59.81 195.133.13.230 - mailcious	28 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Executable Download from dotted-quad Host ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Packed Executable Download ET MALWARE Possible Kelihos.F EXE Download Common Structure ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 ET INFO HTTP Request to a .top domain ET DNS Query to a .top domain - Likely Hostile ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY External IP Lookup SSL Cert Observed (ipinfo .io)	14 Info http://185.215.113.17/ http://185.215.113.17/ http://185.215.113.16/inc/crypteda.exe http://185.215.113.16/Jo89Ku7d/index.php http://185.215.113.17/ http://185.215.113.17/ http://sevxv17pt.top/v1/upload.php http://185.215.113.17/ http://stagingbyvdveen.com/get/setup2.exe http://185.215.113.17/ http://185.215.113.17/ http://185.215.113.17/ http://185.215.113.17/2fb6c2cc8dce150a.php http://185.215.113.26/Dem7kTu/index.php	27.2	M	43	ZeroCERT

First
1
Last
Total : 1cnts