Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | June 7, 2021, 5:48 p.m. | June 7, 2021, 6:04 p.m. |
-
-
-
-
cmd.exe /c del "C:\Users\test22\AppData\Local\Temp\loader1.exe"
2092
-
-
-
IP Address | Status | Action |
---|---|---|
13.59.53.244 | Active | Moloch |
156.238.87.233 | Active | Moloch |
164.124.101.2 | Active | Moloch |
184.168.131.241 | Active | Moloch |
198.54.117.212 | Active | Moloch |
198.54.117.216 | Active | Moloch |
213.189.196.123 | Active | Moloch |
34.102.136.180 | Active | Moloch |
34.80.190.141 | Active | Moloch |
50.87.146.99 | Active | Moloch |
62.171.185.90 | Active | Moloch |
87.236.16.18 | Active | Moloch |
Suricata Alerts
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.accelerator.sydney/bp3i/?aly=5pzeLuL3qyMdskDBx9eOPWveezrEwfwg/RcpCnMq22iE3aWrSKVhMe7FGWAUc7no09HPCT8S&Qzr=L6h0-t409Z0T | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.motivactivewear.com/bp3i/?aly=zzYPr0OCNAmsWBGG6HNOV25V/HRJbXLG3dsQYpoWqUnjOdCdFgLO0pBdP9GuYgb2I6ZBWy1X&Qzr=L6h0-t409Z0T | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.mutanterestaurante.com/bp3i/?aly=E7M2l69EyzvhFvWLOXHGh6mx//FtP199Dhi65SsF5ast/kZirdIyqjMG5gfZUQ9nw2mvCBz5&Qzr=L6h0-t409Z0T | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.vitali-tea.online/bp3i/?aly=JjYTrkfG77F8bUXkU6JoVgxF8TEXmubcrTtV4gqmnXtNkOLaqYf90HU35bx2Au0Vfe6i64Uc&Qzr=L6h0-t409Z0T | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.harchain.com/bp3i/?aly=kxk0NbaHO4yIkj1wfo8io1FtN07ZZqi5OjBsK/wODYnSlOXK6b3QjT8lScoOBuxZVKRNIX71&Qzr=L6h0-t409Z0T | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.canyoufindme.info/bp3i/?aly=e2VJG+Lcx7VSbdL14USV1xN8uNXyZXDRnrSwfEhZz66rekGJ4QZce75cN095gYEegJMFoXe1&Qzr=L6h0-t409Z0T | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.8ballsportsbook.com/bp3i/?aly=gjFnan4TrQKOg8ZjrlmR1QzcuvPcCC3H+6BcJPnwL0iBWFeal2Pt92AvNwoqJbCv415raDkr&Qzr=L6h0-t409Z0T | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.oceancollaborative.com/bp3i/?aly=+tA82degRgcQ4mmnQvXabF4qHjy6FJLdLGPOjGCu1vH9ecmhDfriaGule7Kf6ooavhCfc5XG&Qzr=L6h0-t409Z0T | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.mikefling.com/bp3i/?aly=f27qp7/R6CZrnMp6oNXdq9Y/KtHj1P3jBiclukrifcB8XGjpBfn1+hX4ohrLtpRG7MloXyWU&Qzr=L6h0-t409Z0T | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.xrglm.com/bp3i/?aly=xMDqH4a+vCHDCbuVO13XyDZVG6j1EFAtLRtYRpk6XGTZrxVbebO3K0k3rVQvQOaGm3M5SJ2K&Qzr=L6h0-t409Z0T | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.glavstore.com/bp3i/?aly=VbVpRlTVBrVMlxRx3rx4hyeBTnrnrkzttoX5qgHEHXM9HbDzwhueMyTNA/VppR571T5z6sbD&Qzr=L6h0-t409Z0T | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.oakandivywedding.com/bp3i/?aly=R6TUBIKrpE3/BLbDdKKJC0IQVvnsRE4fuaWXZMME6o5MuJnPfN7odmfSfLArY93nzsP/JzNO&Qzr=L6h0-t409Z0T |
request | POST http://www.accelerator.sydney/bp3i/ |
request | GET http://www.accelerator.sydney/bp3i/?aly=5pzeLuL3qyMdskDBx9eOPWveezrEwfwg/RcpCnMq22iE3aWrSKVhMe7FGWAUc7no09HPCT8S&Qzr=L6h0-t409Z0T |
request | POST http://www.motivactivewear.com/bp3i/ |
request | GET http://www.motivactivewear.com/bp3i/?aly=zzYPr0OCNAmsWBGG6HNOV25V/HRJbXLG3dsQYpoWqUnjOdCdFgLO0pBdP9GuYgb2I6ZBWy1X&Qzr=L6h0-t409Z0T |
request | POST http://www.mutanterestaurante.com/bp3i/ |
request | GET http://www.mutanterestaurante.com/bp3i/?aly=E7M2l69EyzvhFvWLOXHGh6mx//FtP199Dhi65SsF5ast/kZirdIyqjMG5gfZUQ9nw2mvCBz5&Qzr=L6h0-t409Z0T |
request | POST http://www.vitali-tea.online/bp3i/ |
request | GET http://www.vitali-tea.online/bp3i/?aly=JjYTrkfG77F8bUXkU6JoVgxF8TEXmubcrTtV4gqmnXtNkOLaqYf90HU35bx2Au0Vfe6i64Uc&Qzr=L6h0-t409Z0T |
request | POST http://www.harchain.com/bp3i/ |
request | GET http://www.harchain.com/bp3i/?aly=kxk0NbaHO4yIkj1wfo8io1FtN07ZZqi5OjBsK/wODYnSlOXK6b3QjT8lScoOBuxZVKRNIX71&Qzr=L6h0-t409Z0T |
request | POST http://www.canyoufindme.info/bp3i/ |
request | GET http://www.canyoufindme.info/bp3i/?aly=e2VJG+Lcx7VSbdL14USV1xN8uNXyZXDRnrSwfEhZz66rekGJ4QZce75cN095gYEegJMFoXe1&Qzr=L6h0-t409Z0T |
request | POST http://www.8ballsportsbook.com/bp3i/ |
request | GET http://www.8ballsportsbook.com/bp3i/?aly=gjFnan4TrQKOg8ZjrlmR1QzcuvPcCC3H+6BcJPnwL0iBWFeal2Pt92AvNwoqJbCv415raDkr&Qzr=L6h0-t409Z0T |
request | POST http://www.oceancollaborative.com/bp3i/ |
request | GET http://www.oceancollaborative.com/bp3i/?aly=+tA82degRgcQ4mmnQvXabF4qHjy6FJLdLGPOjGCu1vH9ecmhDfriaGule7Kf6ooavhCfc5XG&Qzr=L6h0-t409Z0T |
request | POST http://www.mikefling.com/bp3i/ |
request | GET http://www.mikefling.com/bp3i/?aly=f27qp7/R6CZrnMp6oNXdq9Y/KtHj1P3jBiclukrifcB8XGjpBfn1+hX4ohrLtpRG7MloXyWU&Qzr=L6h0-t409Z0T |
request | POST http://www.xrglm.com/bp3i/ |
request | GET http://www.xrglm.com/bp3i/?aly=xMDqH4a+vCHDCbuVO13XyDZVG6j1EFAtLRtYRpk6XGTZrxVbebO3K0k3rVQvQOaGm3M5SJ2K&Qzr=L6h0-t409Z0T |
request | POST http://www.glavstore.com/bp3i/ |
request | GET http://www.glavstore.com/bp3i/?aly=VbVpRlTVBrVMlxRx3rx4hyeBTnrnrkzttoX5qgHEHXM9HbDzwhueMyTNA/VppR571T5z6sbD&Qzr=L6h0-t409Z0T |
request | POST http://www.oakandivywedding.com/bp3i/ |
request | GET http://www.oakandivywedding.com/bp3i/?aly=R6TUBIKrpE3/BLbDdKKJC0IQVvnsRE4fuaWXZMME6o5MuJnPfN7odmfSfLArY93nzsP/JzNO&Qzr=L6h0-t409Z0T |
request | POST http://www.accelerator.sydney/bp3i/ |
request | POST http://www.motivactivewear.com/bp3i/ |
request | POST http://www.mutanterestaurante.com/bp3i/ |
request | POST http://www.vitali-tea.online/bp3i/ |
request | POST http://www.harchain.com/bp3i/ |
request | POST http://www.canyoufindme.info/bp3i/ |
request | POST http://www.8ballsportsbook.com/bp3i/ |
request | POST http://www.oceancollaborative.com/bp3i/ |
request | POST http://www.mikefling.com/bp3i/ |
request | POST http://www.xrglm.com/bp3i/ |
request | POST http://www.glavstore.com/bp3i/ |
request | POST http://www.oakandivywedding.com/bp3i/ |
file | C:\Users\test22\AppData\Local\Temp\nsl652C.tmp\System.dll |
file | C:\Users\test22\AppData\Local\Temp\loader1.exe |
file | C:\Users\test22\AppData\Local\Temp\loader1.exe |
file | C:\Users\test22\AppData\Local\Temp\nsl652C.tmp\System.dll |
cmdline | /c del "C:\Users\test22\AppData\Local\Temp\loader1.exe" |
file | C:\Users\test22\AppData\Local\Temp\loader1.exe |
Bkav | W32.AIDetect.malware2 |
DrWeb | Trojan.Loader.834 |
MicroWorld-eScan | Gen:Variant.Nemesis.1525 |
McAfee | Artemis!F20A27B803BF |
Alibaba | TrojanSpy:Win32/Injector.4ce4889e |
Arcabit | Trojan.Nemesis.D5F5 |
Cyren | W32/Ninjector.J.gen!Camelot |
Symantec | Trojan.Gen.2 |
ESET-NOD32 | NSIS/Injector.ALN |
APEX | Malicious |
Avast | FileRepMalware |
Kaspersky | HEUR:Trojan-Spy.Win32.Noon.gen |
BitDefender | Gen:Variant.Nemesis.1525 |
Paloalto | generic.ml |
AegisLab | Trojan.Win32.Noon.l!c |
Tencent | Win32.Trojan-spy.Noon.Dyzi |
Sophos | Generic ML PUA (PUA) |
McAfee-GW-Edition | BehavesLike.Win32.Dropper.dc |
FireEye | Gen:Variant.Nemesis.1525 |
Emsisoft | Gen:Variant.Nemesis.1525 (B) |
Kingsoft | Win32.Troj.Undef.(kcloud) |
Microsoft | Trojan:Win32/Hynamer.C!ml |
ZoneAlarm | HEUR:Trojan-Spy.Win32.Noon.gen |
GData | Gen:Variant.Nemesis.1525 |
Cynet | Malicious (score: 100) |
ALYac | Gen:Variant.Nemesis.1525 |
MAX | malware (ai score=81) |
Rising | Trojan.Injector/NSIS!1.D6F5 (CLASSIC) |
SentinelOne | Static AI - Suspicious PE |
Fortinet | NSIS/Ninjector.J!tr |
AVG | FileRepMalware |