Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | June 18, 2021, 5:34 p.m. | June 18, 2021, 5:38 p.m. |
-
hut.exe "C:\Users\test22\AppData\Local\Temp\hut.exe"
1016
Name | Response | Post-Analysis Lookup |
---|---|---|
cdn.discordapp.com | 162.159.130.233 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49201 -> 162.159.129.233:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.101:49202 -> 162.159.129.233:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49201 162.159.129.233:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | a6:26:df:21:b9:4f:a7:fb:ae:8d:87:ce:fb:7d:2b:c6:50:8b:ff:da |
TLSv1 192.168.56.101:49202 162.159.129.233:443 |
None | None | None |
section | CODE |
section | DATA |
section | BSS |
packer | BobSoft Mini Delphi -> BoB / BobSoft |
request | GET https://cdn.discordapp.com/attachments/854342102649143318/855081140620754964/Vhzygcahiwjrehzrrlqrpmzvootolhb |
process | hut.exe | useragent | zipo | ||||||
process | hut.exe | useragent | daso |
Elastic | malicious (high confidence) |
McAfee | Fareit-FZO!4CCBE3A8FA85 |
K7AntiVirus | Riskware ( 0040eff71 ) |
BitDefender | Gen:Variant.Jacard.224738 |
K7GW | Riskware ( 0040eff71 ) |
CrowdStrike | win/malicious_confidence_60% (W) |
Cyren | W32/Delf_Troj.AW.gen!Eldorado |
ESET-NOD32 | a variant of Win32/Injector.EPOA |
APEX | Malicious |
Cynet | Malicious (score: 100) |
Kaspersky | HEUR:Trojan-Spy.Win32.Noon.gen |
MicroWorld-eScan | Gen:Variant.Jacard.224738 |
Ad-Aware | Gen:Variant.Jacard.224738 |
DrWeb | Trojan.DownLoader39.48961 |
McAfee-GW-Edition | Fareit-FZO!4CCBE3A8FA85 |
MaxSecure | Trojan.Malware.300983.susgen |
FireEye | Gen:Variant.Jacard.224738 |
GData | Gen:Variant.Jacard.224738 |
MAX | malware (ai score=85) |
Microsoft | Trojan:Win32/Wacatac.B!ml |
AhnLab-V3 | Trojan/Win.FZO.C4529181 |
Malwarebytes | Malware.AI.3200637016 |
Rising | Trojan.Kryptik!1.D2D5 (CLASSIC) |
SentinelOne | Static AI - Suspicious PE |
Fortinet | W32/GenKryptik.FFLW!tr |
BitDefenderTheta | Gen:NN.ZelphiF.34744.bHW@auy5EDci |
Panda | Trj/GdSda.A |