Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | May 12, 2021, 9:34 a.m. | May 12, 2021, 9:39 a.m. |
-
-
sethc.exe C:\Windows\system32\sethc.exe
2264
-
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | _RDATA |
section | {u'size_of_data': u'0x0004bc00', u'virtual_address': u'0x00021000', u'entropy': 7.993204949075783, u'name': u'.data', u'virtual_size': u'0x0004d03c'} | entropy | 7.99320494908 | description | A section with a high entropy has been found | |||||||||
entropy | 0.692571428571 | description | Overall entropy of this PE file is high |
description | Communications over HTTP | rule | Network_HTTP | ||||||
description | Escalate priviledges | rule | Escalate_priviledges | ||||||
description | Run a KeyLogger | rule | KeyLogger | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | Match Windows Http API call | rule | Str_Win32_Http_API | ||||||
description | Match Windows Inet API call | rule | Str_Win32_Internet_API | ||||||
description | Take ScreenShot | rule | ScreenShot | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep |
buffer | Buffer with sha1: a2780185317f5fe1d52106288a4b2ebe6e767b9b |
host | 185.212.47.147 |
dead_host | 185.212.47.147:559 |
FireEye | Generic.mg.01fbd69aa44b75f2 |
CAT-QuickHeal | Trojan.Cobalt |
McAfee | RDN/Generic BackDoor |
Cylance | Unsafe |
VIPRE | Trojan.Win32.Generic!BT |
K7AntiVirus | Riskware ( 0040eff71 ) |
Alibaba | Trojan:Win32/Cobalt.836ab162 |
K7GW | Riskware ( 0040eff71 ) |
Cybereason | malicious.aa44b7 |
Cyren | W64/Trojan.LQEW-2166 |
Symantec | Trojan.Gen.2 |
ESET-NOD32 | a variant of Generik.GPUEYBA |
APEX | Malicious |
Avast | Win64:Malware-gen |
Cynet | Malicious (score: 100) |
Kaspersky | Trojan.Win32.Cobalt.ctm |
BitDefender | Gen:Variant.Razy.723768 |
NANO-Antivirus | Trojan.Win64.Cobalt.iugrnq |
Paloalto | generic.ml |
ViRobot | Trojan.Win32.S.Agent.449024.EG |
MicroWorld-eScan | Gen:Variant.Razy.723768 |
Rising | Backdoor.CobaltStrike!8.11F7B (C64:YzY0Ot1miiwpnqQ9) |
Ad-Aware | Gen:Variant.Razy.723768 |
Emsisoft | Gen:Variant.Razy.723768 (B) |
Comodo | Malware@#3fcl3pg6s8cgg |
DrWeb | Trojan.DownLoader38.12615 |
Zillya | Tool.CobaltStrike.Win64.866 |
TrendMicro | TROJ_GEN.R002C0DCU21 |
McAfee-GW-Edition | BehavesLike.Win64.Generic.gc |
Sophos | Mal/Generic-S |
Ikarus | Trojan.SuspectCRC |
Jiangmin | Trojan.Cobalt.jy |
Avira | TR/AD.CobaltStrike.jrruf |
Antiy-AVL | Trojan/Generic.ASMalwS.3225A92 |
Gridinsoft | Trojan.Win64.Downloader.sa |
Microsoft | Backdoor:Win64/CobaltStrike.P!dha |
AegisLab | Trojan.Win32.Razy.4!c |
GData | Gen:Variant.Razy.723768 |
AhnLab-V3 | Backdoor/Win.CobaltStrike.C4402147 |
ALYac | Gen:Variant.Razy.723768 |
MAX | malware (ai score=80) |
Malwarebytes | Malware.AI.1144585200 |
TrendMicro-HouseCall | TROJ_GEN.R002C0DCU21 |
Yandex | Trojan.Cobalt!LCi3TYmEVxI |
Fortinet | W32/PossibleThreat |
AVG | Win64:Malware-gen |
Panda | Trj/CI.A |
CrowdStrike | win/malicious_confidence_80% (W) |