Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | June 15, 2021, 1:03 p.m. | June 15, 2021, 1:05 p.m. |
-
-
loader1.exe "C:\Users\test22\AppData\Local\Temp\loader1.exe"
1772
-
IP Address | Status | Action |
---|---|---|
103.224.182.242 | Active | Moloch |
155.133.138.10 | Active | Moloch |
164.124.101.2 | Active | Moloch |
184.168.131.241 | Active | Moloch |
185.224.138.83 | Active | Moloch |
198.54.117.212 | Active | Moloch |
203.245.44.109 | Active | Moloch |
217.70.184.50 | Active | Moloch |
34.102.136.180 | Active | Moloch |
45.79.19.196 | Active | Moloch |
52.147.15.202 | Active | Moloch |
66.235.200.29 | Active | Moloch |
67.199.248.13 | Active | Moloch |
75.2.73.220 | Active | Moloch |
Suricata Alerts
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.xn--2o2b1z87x8sb.com/bp3i/?hL3=w0/TDHIc1+HezrcFGU9wSyY7ZohJU/wG9FEU96VZi51pjs1Dms3z4YPKKIrAiX80z3Y2jYtY&opg=3foxnfH0Q0S0kj | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.bancambios.network/bp3i/?hL3=So2Tvg858PudF6S1Cru7EIQwZdKNOPQNXuZSsJd01w7rfiOz13eukPZjJ6Gsx5OGTBQdT6aj&opg=3foxnfH0Q0S0kj | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.sportsiri.com/bp3i/?hL3=aSvVGLLpXGw3OAXV2aZVnJ1iJf4AHcjemKA4E5Yqpc3oSPveS9L08/xGI3+5sNlqw1RF4nLk&opg=3foxnfH0Q0S0kj | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.spinecompanion.com/bp3i/?hL3=UA97/2DLXKvRnJU1h5VkqIpiqoWZJQJaus3zswYLrPQqMJGDrodJLS3TF80ieNuahAh9dksl&opg=3foxnfH0Q0S0kj | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.5australiacl.com/bp3i/?hL3=hlnmpWaLZzqLg9zidSvt+F/U/z6DLEVPJskb4RYsomUGO653irWJR3qFMH9TKGvgkpiCGqB2&opg=3foxnfH0Q0S0kj | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.doodstore.net/bp3i/?hL3=/O9fLU9dXI4Cg+gPjcQBjfSEDJBN8B2QQZuj7hhytBKbSIIxNnTjzVeygiwHPQAKsYvifEbO&opg=3foxnfH0Q0S0kj | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.amazingfinds4u.com/bp3i/?hL3=bHJAk3e2glQskLGcTBS4vnjCgYmn0W+yUItAHYRq6yKEhUAjOaA0BT1d8jwk1zuBKu571AZE&opg=3foxnfH0Q0S0kj | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.underce.com/bp3i/?hL3=80R/aSnSgbRYdyr7r61KDuAjYp2ZOr6pxPEzYeucJoCeLW8wo5sSyEnb1mJuzTy6cctVr7FI&opg=3foxnfH0Q0S0kj | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.woodlandsceinics.com/bp3i/?hL3=Dvte5eMh4FNlY5y4dnXfAFPL/8NXIF8YbtIAyCtpXIsx8mzur4SWz4GVMQCeSs9HFgJ9jJbz&opg=3foxnfH0Q0S0kj | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.accelerator.sydney/bp3i/?hL3=5pzeLuL3qyMdskDBx9eOPWveezrEwfwg/RcpCnMq22iE3aWrSKVhMe7FGWAUc7no09HPCT8S&opg=3foxnfH0Q0S0kj | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.oceancollaborative.com/bp3i/?hL3=+tA82degRgcQ4mmnQvXabF4qHjy6FJLdLGPOjGCu1vH9ecmhDfriaGule7Kf6ooavhCfc5XG&opg=3foxnfH0Q0S0kj | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.ilium-partners.com/bp3i/?hL3=bo80QDzEQyeGlZ8OUNyFMOAGqFcw71Q6/aO3zFCRtVVR0Kvd9F7XtEJsT/rJgDgTWE10iob7&opg=3foxnfH0Q0S0kj | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.jimmymasks.com/bp3i/?hL3=vg5JU+BuXPY7P8htzulhoqwJTr5Zsvmf06SFUFvrLdUMeNvvl7hYXpnUg5SknS6N/5SQFa8e&opg=3foxnfH0Q0S0kj |
request | POST http://www.xn--2o2b1z87x8sb.com/bp3i/ |
request | GET http://www.xn--2o2b1z87x8sb.com/bp3i/?hL3=w0/TDHIc1+HezrcFGU9wSyY7ZohJU/wG9FEU96VZi51pjs1Dms3z4YPKKIrAiX80z3Y2jYtY&opg=3foxnfH0Q0S0kj |
request | POST http://www.bancambios.network/bp3i/ |
request | GET http://www.bancambios.network/bp3i/?hL3=So2Tvg858PudF6S1Cru7EIQwZdKNOPQNXuZSsJd01w7rfiOz13eukPZjJ6Gsx5OGTBQdT6aj&opg=3foxnfH0Q0S0kj |
request | POST http://www.sportsiri.com/bp3i/ |
request | GET http://www.sportsiri.com/bp3i/?hL3=aSvVGLLpXGw3OAXV2aZVnJ1iJf4AHcjemKA4E5Yqpc3oSPveS9L08/xGI3+5sNlqw1RF4nLk&opg=3foxnfH0Q0S0kj |
request | POST http://www.spinecompanion.com/bp3i/ |
request | GET http://www.spinecompanion.com/bp3i/?hL3=UA97/2DLXKvRnJU1h5VkqIpiqoWZJQJaus3zswYLrPQqMJGDrodJLS3TF80ieNuahAh9dksl&opg=3foxnfH0Q0S0kj |
request | POST http://www.5australiacl.com/bp3i/ |
request | GET http://www.5australiacl.com/bp3i/?hL3=hlnmpWaLZzqLg9zidSvt+F/U/z6DLEVPJskb4RYsomUGO653irWJR3qFMH9TKGvgkpiCGqB2&opg=3foxnfH0Q0S0kj |
request | POST http://www.doodstore.net/bp3i/ |
request | GET http://www.doodstore.net/bp3i/?hL3=/O9fLU9dXI4Cg+gPjcQBjfSEDJBN8B2QQZuj7hhytBKbSIIxNnTjzVeygiwHPQAKsYvifEbO&opg=3foxnfH0Q0S0kj |
request | POST http://www.amazingfinds4u.com/bp3i/ |
request | GET http://www.amazingfinds4u.com/bp3i/?hL3=bHJAk3e2glQskLGcTBS4vnjCgYmn0W+yUItAHYRq6yKEhUAjOaA0BT1d8jwk1zuBKu571AZE&opg=3foxnfH0Q0S0kj |
request | POST http://www.underce.com/bp3i/ |
request | GET http://www.underce.com/bp3i/?hL3=80R/aSnSgbRYdyr7r61KDuAjYp2ZOr6pxPEzYeucJoCeLW8wo5sSyEnb1mJuzTy6cctVr7FI&opg=3foxnfH0Q0S0kj |
request | POST http://www.woodlandsceinics.com/bp3i/ |
request | GET http://www.woodlandsceinics.com/bp3i/?hL3=Dvte5eMh4FNlY5y4dnXfAFPL/8NXIF8YbtIAyCtpXIsx8mzur4SWz4GVMQCeSs9HFgJ9jJbz&opg=3foxnfH0Q0S0kj |
request | POST http://www.accelerator.sydney/bp3i/ |
request | GET http://www.accelerator.sydney/bp3i/?hL3=5pzeLuL3qyMdskDBx9eOPWveezrEwfwg/RcpCnMq22iE3aWrSKVhMe7FGWAUc7no09HPCT8S&opg=3foxnfH0Q0S0kj |
request | POST http://www.oceancollaborative.com/bp3i/ |
request | GET http://www.oceancollaborative.com/bp3i/?hL3=+tA82degRgcQ4mmnQvXabF4qHjy6FJLdLGPOjGCu1vH9ecmhDfriaGule7Kf6ooavhCfc5XG&opg=3foxnfH0Q0S0kj |
request | POST http://www.ilium-partners.com/bp3i/ |
request | GET http://www.ilium-partners.com/bp3i/?hL3=bo80QDzEQyeGlZ8OUNyFMOAGqFcw71Q6/aO3zFCRtVVR0Kvd9F7XtEJsT/rJgDgTWE10iob7&opg=3foxnfH0Q0S0kj |
request | POST http://www.jimmymasks.com/bp3i/ |
request | GET http://www.jimmymasks.com/bp3i/?hL3=vg5JU+BuXPY7P8htzulhoqwJTr5Zsvmf06SFUFvrLdUMeNvvl7hYXpnUg5SknS6N/5SQFa8e&opg=3foxnfH0Q0S0kj |
request | POST http://www.xn--2o2b1z87x8sb.com/bp3i/ |
request | POST http://www.bancambios.network/bp3i/ |
request | POST http://www.sportsiri.com/bp3i/ |
request | POST http://www.spinecompanion.com/bp3i/ |
request | POST http://www.5australiacl.com/bp3i/ |
request | POST http://www.doodstore.net/bp3i/ |
request | POST http://www.amazingfinds4u.com/bp3i/ |
request | POST http://www.underce.com/bp3i/ |
request | POST http://www.woodlandsceinics.com/bp3i/ |
request | POST http://www.accelerator.sydney/bp3i/ |
request | POST http://www.oceancollaborative.com/bp3i/ |
request | POST http://www.ilium-partners.com/bp3i/ |
request | POST http://www.jimmymasks.com/bp3i/ |
file | C:\Users\test22\AppData\Local\Temp\nsu6378.tmp\System.dll |
file | C:\Users\test22\AppData\Local\Temp\nsu6378.tmp\System.dll |
MicroWorld-eScan | Gen:Variant.Nemesis.1556 |
FireEye | Generic.mg.ca473ade92ba6526 |
McAfee | Artemis!CA473ADE92BA |
Cylance | Unsafe |
K7AntiVirus | Trojan ( 0057de9f1 ) |
Alibaba | TrojanPSW:Win32/Injector.e0a81307 |
K7GW | Trojan ( 0057de9f1 ) |
Cybereason | malicious.a4966d |
Cyren | W32/Agent.CXX.gen!Eldorado |
Symantec | Trojan.Gen.2 |
ESET-NOD32 | NSIS/Injector.AMA |
APEX | Malicious |
Avast | FileRepMalware |
Cynet | Malicious (score: 100) |
Kaspersky | HEUR:Trojan-PSW.Win32.Stelega.gen |
BitDefender | Gen:Variant.Nemesis.1556 |
Paloalto | generic.ml |
Sophos | Mal/Generic-S + Troj/Formbok-NC |
DrWeb | Trojan.Loader.844 |
McAfee-GW-Edition | BehavesLike.Win32.Dropper.dc |
Emsisoft | Gen:Variant.Nemesis.1556 (B) |
SentinelOne | Static AI - Malicious PE |
Avira | TR/Injector.wdpuw |
MAX | malware (ai score=86) |
Gridinsoft | Trojan.Win32.Downloader.oa |
Microsoft | Trojan:Win32/Tnega.KF!MTB |
AegisLab | Trojan.Win32.Stelega.i!c |
GData | Gen:Variant.Nemesis.1556 |
ALYac | Gen:Variant.Nemesis.1556 |
VBA32 | Trojan.Wacatac |
TrendMicro-HouseCall | TROJ_GEN.R002H0DFD21 |
Fortinet | W32/Kryptik.J!tr |
Webroot | W32.Malware.Gen |
AVG | FileRepMalware |
Panda | Trj/CI.A |