Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | May 24, 2021, 6:08 p.m. | May 24, 2021, 6:21 p.m. |
-
bin---0.exe "C:\Users\test22\AppData\Local\Temp\bin---0.exe"
2648
IP Address | Status | Action |
---|---|---|
104.21.15.16 | Active | Moloch |
142.111.47.2 | Active | Moloch |
163.44.239.73 | Active | Moloch |
164.124.101.2 | Active | Moloch |
185.111.89.170 | Active | Moloch |
185.224.137.223 | Active | Moloch |
192.0.78.24 | Active | Moloch |
198.54.126.105 | Active | Moloch |
209.99.40.222 | Active | Moloch |
23.227.38.74 | Active | Moloch |
34.102.136.180 | Active | Moloch |
Suricata Alerts
Suricata TLS
No Suricata TLS
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.untylservice.com/p2io/?8pz8KT3x=L8zxg9SOaofWzoyPv00N4yNSfvs8vmV6MzKbpPLG03vcM8SdHJJ++2zBKn8m8TZ8Pf8jLpz7&CR=CFQH8Xe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.alfenas.info/p2io/?8pz8KT3x=qSqSgno9cBloRqN5VLtR5zfvl4qKeuO7jrdOV5f2r4ZX0X85kelskx3YtL4YRmLXGzhxb6Nv&CR=CFQH8Xe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.liminaltechnology.com/p2io/?8pz8KT3x=PfX6gvL1n2k6iJTsm2w17tv0qq3FBu3hWsZA38xYtqeUN4691F0nKiAgOKyjpkHMBi57ZW6+&CR=CFQH8Xe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.vectoroutlines.com/p2io/?8pz8KT3x=RfOK6jKjejKyxd8Ge5LTyAppaXreGCTFIzs53vHZyU46XfbA28pKG3jMmZvEd1BBCDsLyI+Y&CR=CFQH8Xe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.micheldrake.com/p2io/?8pz8KT3x=d2NgnqRQHDqC8zfUpSeXKrGILlrAeXd0mpzt/HUKTHCMsqjNpHqiPqxZu8ECgv8Wi9ydyjUw&CR=CFQH8Xe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.yunlimall.com/p2io/?8pz8KT3x=FG8u3oFYMEksByvCNClu9ACxgqrSnZ6gPOMyaYsdv+YEYVVrg2Qkx51ZmTmiwfcSVwhsWZbW&CR=CFQH8Xe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.myfavbutik.com/p2io/?8pz8KT3x=dKp6rERBK113SD0GvHZ5ksFEU2G9ncFkpMVxqDe1xbP28bbT8N8SqFHc7ZWN2qvn1fWpyoOF&CR=CFQH8Xe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.essentiallyourscandles.com/p2io/?8pz8KT3x=tOwaJov3Qh/So8Abi3+vLu8KpTdHs2Vuljr6rtQHuYg94Ec45hj5yXZ1J0+xHcOVWF/IMli4&CR=CFQH8Xe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.adultpeace.com/p2io/?8pz8KT3x=4oufm6g7w9cVhgu+mDBWoA8I6Q2bNaX51teMhl/6i5f1woTl8Y4Ohfe29cQ9y7IaJQfIj0iK&CR=CFQH8Xe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.leonardocarrillo.com/p2io/?8pz8KT3x=Z8FkwwkotLBkQtrDqM/eMJCTIQtJD+6S4GTF4HzAZ8KQRsKSHf3+L+a292aesc2eaUyoVCup&CR=CFQH8Xe |
request | POST http://www.untylservice.com/p2io/ |
request | GET http://www.untylservice.com/p2io/?8pz8KT3x=L8zxg9SOaofWzoyPv00N4yNSfvs8vmV6MzKbpPLG03vcM8SdHJJ++2zBKn8m8TZ8Pf8jLpz7&CR=CFQH8Xe |
request | POST http://www.alfenas.info/p2io/ |
request | GET http://www.alfenas.info/p2io/?8pz8KT3x=qSqSgno9cBloRqN5VLtR5zfvl4qKeuO7jrdOV5f2r4ZX0X85kelskx3YtL4YRmLXGzhxb6Nv&CR=CFQH8Xe |
request | POST http://www.liminaltechnology.com/p2io/ |
request | GET http://www.liminaltechnology.com/p2io/?8pz8KT3x=PfX6gvL1n2k6iJTsm2w17tv0qq3FBu3hWsZA38xYtqeUN4691F0nKiAgOKyjpkHMBi57ZW6+&CR=CFQH8Xe |
request | POST http://www.vectoroutlines.com/p2io/ |
request | GET http://www.vectoroutlines.com/p2io/?8pz8KT3x=RfOK6jKjejKyxd8Ge5LTyAppaXreGCTFIzs53vHZyU46XfbA28pKG3jMmZvEd1BBCDsLyI+Y&CR=CFQH8Xe |
request | POST http://www.micheldrake.com/p2io/ |
request | GET http://www.micheldrake.com/p2io/?8pz8KT3x=d2NgnqRQHDqC8zfUpSeXKrGILlrAeXd0mpzt/HUKTHCMsqjNpHqiPqxZu8ECgv8Wi9ydyjUw&CR=CFQH8Xe |
request | POST http://www.yunlimall.com/p2io/ |
request | GET http://www.yunlimall.com/p2io/?8pz8KT3x=FG8u3oFYMEksByvCNClu9ACxgqrSnZ6gPOMyaYsdv+YEYVVrg2Qkx51ZmTmiwfcSVwhsWZbW&CR=CFQH8Xe |
request | POST http://www.myfavbutik.com/p2io/ |
request | GET http://www.myfavbutik.com/p2io/?8pz8KT3x=dKp6rERBK113SD0GvHZ5ksFEU2G9ncFkpMVxqDe1xbP28bbT8N8SqFHc7ZWN2qvn1fWpyoOF&CR=CFQH8Xe |
request | POST http://www.essentiallyourscandles.com/p2io/ |
request | GET http://www.essentiallyourscandles.com/p2io/?8pz8KT3x=tOwaJov3Qh/So8Abi3+vLu8KpTdHs2Vuljr6rtQHuYg94Ec45hj5yXZ1J0+xHcOVWF/IMli4&CR=CFQH8Xe |
request | POST http://www.adultpeace.com/p2io/ |
request | GET http://www.adultpeace.com/p2io/?8pz8KT3x=4oufm6g7w9cVhgu+mDBWoA8I6Q2bNaX51teMhl/6i5f1woTl8Y4Ohfe29cQ9y7IaJQfIj0iK&CR=CFQH8Xe |
request | POST http://www.leonardocarrillo.com/p2io/ |
request | GET http://www.leonardocarrillo.com/p2io/?8pz8KT3x=Z8FkwwkotLBkQtrDqM/eMJCTIQtJD+6S4GTF4HzAZ8KQRsKSHf3+L+a292aesc2eaUyoVCup&CR=CFQH8Xe |
request | POST http://www.untylservice.com/p2io/ |
request | POST http://www.alfenas.info/p2io/ |
request | POST http://www.liminaltechnology.com/p2io/ |
request | POST http://www.vectoroutlines.com/p2io/ |
request | POST http://www.micheldrake.com/p2io/ |
request | POST http://www.yunlimall.com/p2io/ |
request | POST http://www.myfavbutik.com/p2io/ |
request | POST http://www.essentiallyourscandles.com/p2io/ |
request | POST http://www.adultpeace.com/p2io/ |
request | POST http://www.leonardocarrillo.com/p2io/ |
section | {u'size_of_data': u'0x00027000', u'virtual_address': u'0x00001000', u'entropy': 7.318477367615169, u'name': u'.text', u'virtual_size': u'0x00026fa0'} | entropy | 7.31847736762 | description | A section with a high entropy has been found | |||||||||
entropy | 1.0 | description | Overall entropy of this PE file is high |
Bkav | W32.AIDetect.malware2 |
Elastic | malicious (high confidence) |
ClamAV | Win.Malware.Formbook-9802749-0 |
FireEye | Generic.mg.9191f2c11d448ac2 |
McAfee | GenericRXLS-VV!9191F2C11D44 |
Cylance | Unsafe |
Sangfor | Trojan.Win32.Save.a |
K7AntiVirus | Trojan ( 00536d121 ) |
K7GW | Trojan ( 00536d121 ) |
Cybereason | malicious.11d448 |
Cyren | W32/Formbook.A.gen!Eldorado |
Symantec | Trojan.Formbook |
ESET-NOD32 | a variant of Win32/Formbook.AA |
APEX | Malicious |
Avast | Win32:Formbook-B [Trj] |
Cynet | Malicious (score: 100) |
Kaspersky | UDS:DangerousObject.Multi.Generic |
BitDefender | Gen:Variant.Razy.679962 |
NANO-Antivirus | Virus.Win32.Gen.ccmw |
Paloalto | generic.ml |
MicroWorld-eScan | Gen:Variant.Razy.679962 |
Ad-Aware | Gen:Variant.Razy.679962 |
Emsisoft | Trojan.Formbook (A) |
DrWeb | Trojan.Siggen9.48175 |
McAfee-GW-Edition | BehavesLike.Win32.Generic.cc |
Sophos | ML/PE-A + Troj/Formbook-A |
Ikarus | Trojan-Spy.FormBook |
Avira | TR/Crypt.ZPACK.Gen |
Microsoft | Trojan:Win32/Formbook!MTB |
ZoneAlarm | HEUR:Trojan.Win32.Generic |
GData | Gen:Variant.Razy.679962 |
AhnLab-V3 | Malware/Win32.Generic.R369478 |
Acronis | suspicious |
BitDefenderTheta | AI:Packer.5A66CC2C1E |
ALYac | Gen:Variant.Razy.679962 |
MAX | malware (ai score=80) |
VBA32 | BScope.TrojanPSW.Banker |
Malwarebytes | Spyware.FormBook |
Rising | Stealer.Fareit!8.170 (TFE:dGZlOgKB3kMUFgoSCw) |
SentinelOne | Static AI - Malicious PE |
MaxSecure | Trojan.Malware.300983.susgen |
Fortinet | W32/GenKryptik.AYEB!tr |
AVG | Win32:Formbook-B [Trj] |
CrowdStrike | win/malicious_confidence_100% (W) |