Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | April 12, 2021, 10:42 a.m. | April 12, 2021, 10:58 a.m. |
-
tai1.exe "C:\Users\test22\AppData\Local\Temp\tai1.exe"
232
Name | Response | Post-Analysis Lookup |
---|---|---|
prtboss.com | 111.90.156.90 |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox |
suspicious_features | POST method with no referer header | suspicious_request | POST http://prtboss.com/collect.php |
request | POST http://prtboss.com/collect.php |
request | POST http://prtboss.com/collect.php |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox |
host | 172.217.25.14 |
file | C:\wallet.dat |
file | C:\Users\test22\AppData\Roaming\Electrum\wallets |
file | C:\Users\Default\AppData\Roaming\FileZilla\sitemanager.xml |
file | C:\Users\Default User\AppData\Roaming\FileZilla\recentservers.xml |
file | C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml |
file | C:\Users\Default\AppData\Roaming\FileZilla\recentservers.xml |
file | C:\Users\Public\AppData\Roaming\FileZilla\sitemanager.xml |
file | C:\Users\Public\AppData\Roaming\FileZilla\recentservers.xml |
file | C:\Users\Default User\AppData\Roaming\FileZilla\sitemanager.xml |
file | C:\Users\test22\AppData\Roaming\FileZilla\sitemanager.xml |
file | C:\Users\All Users\AppData\Roaming\FileZilla\sitemanager.xml |
file | C:\Users\All Users\AppData\Roaming\FileZilla\recentservers.xml |
file | C:\Users\All Users\AppData\Roaming\.purple\accounts.xml |
file | C:\Users\Default User\AppData\Roaming\.purple\accounts.xml |
file | C:\Users\test22\AppData\Roaming\.purple\accounts.xml |
file | C:\Users\Default\AppData\Roaming\.purple\accounts.xml |
file | C:\Users\Public\AppData\Roaming\.purple\accounts.xml |
Elastic | malicious (high confidence) |
DrWeb | Trojan.PWS.Steam.18689 |
MicroWorld-eScan | Gen:Variant.Stealer.7 |
FireEye | Generic.mg.83a82cacf8a42eb8 |
Qihoo-360 | Win32/TrojanSpy.Bobik.HgIASScA |
ALYac | Gen:Variant.Stealer.7 |
Cylance | Unsafe |
VIPRE | Trojan.Win32.Generic!BT |
K7AntiVirus | Spyware ( 005687121 ) |
Alibaba | TrojanSpy:Win32/StellarStealer.d5e1f082 |
K7GW | Spyware ( 005687121 ) |
Cybereason | malicious.cf8a42 |
BitDefenderTheta | Gen:NN.ZexaF.34670.QqY@aW0S6vo |
Cyren | W32/Trojan2.QDAM |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win32/Spy.Agent.PYU |
APEX | Malicious |
Avast | Win32:PWSX-gen [Trj] |
ClamAV | Win.Malware.Zusy-9812688-0 |
Kaspersky | HEUR:Trojan-Spy.Win32.Bobik.gen |
BitDefender | Gen:Variant.Stealer.7 |
NANO-Antivirus | Trojan.Win32.Bobik.innsnn |
Paloalto | generic.ml |
AegisLab | Trojan.Win32.Bobik.l!c |
Tencent | Malware.Win32.Gencirc.10ce2a40 |
Ad-Aware | Gen:Variant.Stealer.7 |
Emsisoft | Trojan-Spy.Agent (A) |
Zillya | Trojan.Bobik.Win32.2070 |
McAfee-GW-Edition | GenericRXMZ-DZ!83A82CACF8A4 |
Sophos | ML/PE-A |
Ikarus | Trojan-Spy.Agent |
Jiangmin | TrojanSpy.Bobik.mi |
Avira | HEUR/AGEN.1141176 |
MAX | malware (ai score=89) |
Microsoft | Trojan:Win32/StellarStealer.SBR!MSR |
Gridinsoft | Spy.Win32.Keylogger.oa!s1 |
Arcabit | Trojan.Stealer.7 |
GData | Win32.Trojan.PSE.3YNIAA |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Trojan/Win32.RL_Stealer.R355109 |
McAfee | GenericRXMZ-DZ!83A82CACF8A4 |
VBA32 | TrojanSpy.Bobik |
Malwarebytes | Generic.Trojan.Dropper.DDS |
TrendMicro-HouseCall | TROJ_GEN.R002C0DDA21 |
Rising | Spyware.Agent!8.C6 (C64:YzY0OtP2hpfCUG2A) |
Fortinet | W32/GenKryptik.EZNX!tr |
AVG | Win32:PWSX-gen [Trj] |
Panda | Trj/GdSda.A |
CrowdStrike | win/malicious_confidence_70% (W) |