Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 25, 2021, 9:53 a.m.	June 25, 2021, 10:24 a.m.

Size	970.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3a8fb7a4ead36662756579b11cff690c`
SHA256	`327949e32715f2c07300961472e7fce99644812593ef78e21f63d395db769891`
CRC32	`1F434FC5`
ssdeep	`24576:XAHnh+eWsN3skA4RV1Hom2KXMmHaJCEBKe/JP5:Kh+ZkldoPK8YaJrn`
Yara	PE_Header_Zero - PE File Signature CryptGenKey_Zero - CryptGenKey Zero OS_Processor_Check_Zero - OS Processor Check Device_Check_Zero - Device Check Zero IsPE32 - (no description) FindFirstVolume_Zero - FindFirstVolume Zero Process_Snapshot_Kill_Zero - Process Kill Zero

betonsuccess.exe "C:\Users\test22\AppData\Local\Temp\betonsuccess.exe"
8072

Name	Response	Post-Analysis Lookup
www.google-analytics.com	CNAME www-google-analytics.l.google.com A 142.250.204.110	216.58.197.238
www.googletagmanager.com	CNAME www-googletagmanager.l.google.com A 142.250.207.72	172.217.175.8
ui.clevernt.com	A 148.69.64.109	148.69.64.109
clevernt.com	A 104.26.11.117 A 104.26.10.117 A 172.67.72.95	172.67.72.95
bots.betbotapi.ru	A 172.67.199.79 A 104.21.21.150	172.67.199.79
userapi.com	A 87.240.129.187 A 87.240.190.64	87.240.129.187
z.cdn.ftd.agency	CNAME zz.cdn.ftd.agency A 178.162.205.12	178.162.205.12
www.google.com	A 142.250.207.68	172.217.26.4
www.betonsuccess.ru	A 172.67.160.27 A 104.21.14.175	104.21.14.175
cdn.ftd.agency	A 178.162.205.12	178.162.205.12
sender.clevernt.com	A 148.69.64.76	148.69.64.76
counter.yadro.ru	A 88.212.201.210 A 88.212.201.204 A 88.212.201.198 A 88.212.201.216	88.212.201.204
www.gstatic.com	A 172.217.31.227	172.217.31.131
bet-hub.com	A 172.67.70.14 A 104.26.15.59 A 104.26.14.59	104.26.15.59
vk.com	A 93.186.225.208 A 87.240.139.194 A 87.240.190.72 A 87.240.190.67 A 87.240.137.158 A 87.240.190.78	87.240.190.78

IP Address	Status	Action
104.21.14.175	Active	Moloch
104.26.15.59	Active	Moloch
142.250.204.110	Active	Moloch
142.250.207.68	Active	Moloch
142.250.207.72	Active	Moloch
148.69.64.109	Active	Moloch
148.69.64.76	Active	Moloch
164.124.101.2	Active	Moloch
172.217.25.14	Active	Moloch
172.217.31.227	Active	Moloch
172.67.199.79	Active	Moloch
172.67.72.95	Active	Moloch
178.162.205.12	Active	Moloch
87.240.137.158	Active	Moloch
87.240.190.64	Active	Moloch
88.212.201.210	Active	Moloch
34.104.35.123	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49807 -> 104.21.14.175:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49818 -> 142.250.207.72:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49806 -> 104.21.14.175:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49816 -> 104.26.15.59:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49809 -> 104.26.15.59:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49810 -> 104.26.15.59:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49820 -> 142.250.204.110:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49821 -> 142.250.204.110:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49823 -> 104.26.15.59:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49835 -> 178.162.205.12:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49839 -> 88.212.201.210:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49826 -> 104.26.15.59:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49825 -> 104.26.15.59:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49841 -> 178.162.205.12:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49817 -> 104.26.15.59:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49842 -> 178.162.205.12:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49833 -> 87.240.137.158:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49824 -> 104.26.15.59:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49831 -> 87.240.190.64:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49856 -> 104.26.15.59:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49832 -> 87.240.137.158:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49830 -> 87.240.190.64:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49838 -> 88.212.201.210:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49837 -> 172.67.72.95:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49836 -> 172.67.72.95:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49843 -> 148.69.64.109:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49846 -> 148.69.64.76:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49857 -> 104.26.15.59:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49865 -> 104.26.15.59:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49849 -> 104.26.15.59:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49834 -> 178.162.205.12:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49861 -> 142.250.207.68:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49868 -> 172.67.199.79:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49844 -> 148.69.64.109:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49847 -> 148.69.64.76:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49858 -> 104.26.15.59:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49867 -> 172.67.199.79:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49864 -> 172.217.31.227:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49859 -> 104.26.15.59:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49862 -> 142.250.207.68:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49863 -> 172.217.31.227:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.102:49807 104.21.14.175:443	C=US, O=Let's Encrypt, CN=R3	CN=*.betonsuccess.ru	8b:f7:c2:68:37:c9:d2:55:35:d5:d5:7e:84:a9:03:23:12:7a:14:a8
TLSv1 192.168.56.102:49818 142.250.207.72:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com	3e:c5:60:da:a2:6f:05:1c:1a:3c:61:53:37:6a:4f:45:0a:a3:66:90
TLSv1 192.168.56.102:49806 104.21.14.175:443	C=US, O=Let's Encrypt, CN=R3	CN=*.betonsuccess.ru	8b:f7:c2:68:37:c9:d2:55:35:d5:d5:7e:84:a9:03:23:12:7a:14:a8
TLSv1 192.168.56.102:49809 104.26.15.59:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	9f:01:f5:e8:4c:41:48:3a:a1:db:a6:11:2b:f8:1b:a7:e9:9b:77:39
TLSv1 192.168.56.102:49816 104.26.15.59:443	None	None	None
TLSv1 192.168.56.102:49810 104.26.15.59:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	9f:01:f5:e8:4c:41:48:3a:a1:db:a6:11:2b:f8:1b:a7:e9:9b:77:39
TLSv1 192.168.56.102:49820 142.250.204.110:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com	8c:21:3b:9f:81:b4:07:bc:79:a1:c7:16:1b:d2:08:8d:53:9e:2c:04
TLSv1 192.168.56.102:49821 142.250.204.110:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com	8c:21:3b:9f:81:b4:07:bc:79:a1:c7:16:1b:d2:08:8d:53:9e:2c:04
TLSv1 192.168.56.102:49823 104.26.15.59:443	None	None	None
TLSv1 192.168.56.102:49839 88.212.201.210:443	C=US, O=Let's Encrypt, CN=R3	CN=counter.yadro.ru	af:a7:5d:a6:35:50:6e:32:32:03:f9:f0:ba:08:10:0f:5a:f4:52:3b
TLSv1 192.168.56.102:49826 104.26.15.59:443	None	None	None
TLSv1 192.168.56.102:49825 104.26.15.59:443	None	None	None
TLSv1 192.168.56.102:49835 178.162.205.12:443	C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2	OU=Domain Control Validated, CN=*.cdn.ftd.agency	cd:0b:7c:87:8f:48:60:cb:79:23:85:9f:04:31:51:4d:a7:f7:54:a6
TLSv1 192.168.56.102:49817 104.26.15.59:443	None	None	None
TLSv1 192.168.56.102:49833 87.240.137.158:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint-Petersburg, L=Saint-Petersburg, O=V Kontakte LLC, CN=*.vk.com	aa:4d:46:f6:df:7d:61:5f:d3:6f:7a:52:8e:8c:16:27:d5:aa:41:21
TLSv1 192.168.56.102:49824 104.26.15.59:443	None	None	None
TLSv1 192.168.56.102:49842 178.162.205.12:443	C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2	OU=Domain Control Validated, CN=*.cdn.ftd.agency	cd:0b:7c:87:8f:48:60:cb:79:23:85:9f:04:31:51:4d:a7:f7:54:a6
TLSv1 192.168.56.102:49831 87.240.190.64:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint-Petersburg, L=Saint-Petersburg, O=V Kontakte LLC, CN=*.vk-cdn.net	e0:31:6d:83:46:0e:09:b8:26:e7:c6:0c:21:1c:4a:78:58:44:9d:b3
TLSv1 192.168.56.102:49832 87.240.137.158:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint-Petersburg, L=Saint-Petersburg, O=V Kontakte LLC, CN=*.vk.com	aa:4d:46:f6:df:7d:61:5f:d3:6f:7a:52:8e:8c:16:27:d5:aa:41:21
TLSv1 192.168.56.102:49830 87.240.190.64:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint-Petersburg, L=Saint-Petersburg, O=V Kontakte LLC, CN=*.vk-cdn.net	e0:31:6d:83:46:0e:09:b8:26:e7:c6:0c:21:1c:4a:78:58:44:9d:b3
TLSv1 192.168.56.102:49837 172.67.72.95:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	80:4d:07:4d:0f:6b:0f:35:af:81:2f:c4:dd:5f:a5:f3:4c:9f:af:40
TLSv1 192.168.56.102:49838 88.212.201.210:443	C=US, O=Let's Encrypt, CN=R3	CN=counter.yadro.ru	af:a7:5d:a6:35:50:6e:32:32:03:f9:f0:ba:08:10:0f:5a:f4:52:3b
TLSv1 192.168.56.102:49836 172.67.72.95:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	80:4d:07:4d:0f:6b:0f:35:af:81:2f:c4:dd:5f:a5:f3:4c:9f:af:40
TLSv1 192.168.56.102:49843 148.69.64.109:443	C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA	CN=*.clevernt.com	fb:2f:09:47:7f:28:61:b4:8f:0f:4d:8a:b7:c2:43:f8:0d:ae:f0:fc
TLSv1 192.168.56.102:49857 104.26.15.59:443	None	None	None
TLSv1 192.168.56.102:49849 104.26.15.59:443	None	None	None
TLSv1 192.168.56.102:49865 104.26.15.59:443	None	None	None
TLSv1 192.168.56.102:49834 178.162.205.12:443	C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2	OU=Domain Control Validated, CN=*.cdn.ftd.agency	cd:0b:7c:87:8f:48:60:cb:79:23:85:9f:04:31:51:4d:a7:f7:54:a6
TLSv1 192.168.56.102:49861 142.250.207.68:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com	d4:3b:b8:90:56:26:cd:29:ac:0e:65:5d:33:a4:94:d2:7b:cc:57:bb
TLSv1 192.168.56.102:49868 172.67.199.79:443	C=US, O=Let's Encrypt, CN=R3	CN=*.betbotapi.ru	6e:34:f5:3a:e8:76:65:45:21:21:3f:bd:73:8b:c6:07:84:49:31:d8
TLSv1 192.168.56.102:49844 148.69.64.109:443	C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA	CN=*.clevernt.com	fb:2f:09:47:7f:28:61:b4:8f:0f:4d:8a:b7:c2:43:f8:0d:ae:f0:fc
TLSv1 192.168.56.102:49847 148.69.64.76:443	C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA	CN=*.clevernt.com	fb:2f:09:47:7f:28:61:b4:8f:0f:4d:8a:b7:c2:43:f8:0d:ae:f0:fc
TLSv1 192.168.56.102:49858 104.26.15.59:443	None	None	None
TLSv1 192.168.56.102:49841 178.162.205.12:443	C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2	OU=Domain Control Validated, CN=*.cdn.ftd.agency	cd:0b:7c:87:8f:48:60:cb:79:23:85:9f:04:31:51:4d:a7:f7:54:a6
TLSv1 192.168.56.102:49867 172.67.199.79:443	C=US, O=Let's Encrypt, CN=R3	CN=*.betbotapi.ru	6e:34:f5:3a:e8:76:65:45:21:21:3f:bd:73:8b:c6:07:84:49:31:d8
TLSv1 192.168.56.102:49864 172.217.31.227:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.gstatic.com	03:b6:7e:a2:fe:f4:cd:71:f5:70:a2:5c:f9:5c:9b:65:cc:f6:df:d4
TLSv1 192.168.56.102:49856 104.26.15.59:443	None	None	None
TLSv1 192.168.56.102:49859 104.26.15.59:443	None	None	None
TLSv1 192.168.56.102:49862 142.250.207.68:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com	d4:3b:b8:90:56:26:cd:29:ac:0e:65:5d:33:a4:94:d2:7b:cc:57:bb
TLSv1 192.168.56.102:49863 172.217.31.227:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.gstatic.com	03:b6:7e:a2:fe:f4:cd:71:f5:70:a2:5c:f9:5c:9b:65:cc:f6:df:d4

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent June 25, 2021, 9:52 a.m.			0	0

Performs some HTTP requests (50 out of 82 events)

request	GET https://www.betonsuccess.ru/user/picks_active/
request	GET https://bet-hub.com/user/picks_active/
request	GET https://bet-hub.com/_style/general.css?28
request	GET https://bet-hub.com/_style/branding.css?28
request	GET https://www.googletagmanager.com/gtag/js?id=UA-38993877-1
request	GET https://bet-hub.com/javascript/jquery-1.11.2.min.js
request	GET https://www.google-analytics.com/analytics.js
request	GET https://bet-hub.com/javascript/jquery.tooltip.js
request	GET https://bet-hub.com/javascript/menu_slide.js
request	GET https://bet-hub.com/javascript/common.js
request	GET https://bet-hub.com/javascript/JsHttpRequest.js
request	GET https://bet-hub.com/javascript/onload_admin.js
request	GET https://bet-hub.com/javascript/jquery.mousewheel-3.0.6.pack.js
request	GET https://bet-hub.com/javascript/jquery.fancybox.pack.js
request	GET https://bet-hub.com/_style/jquery.fancybox.css
request	GET https://bet-hub.com/javascript/jquery.tinyscrollbar.min.js
request	GET https://bet-hub.com/i/logo/bethub-logo-short-with-lines.svg
request	GET https://bet-hub.com/cache/user_beton_banners/banner_645403163087.gif
request	GET https://bet-hub.com/javascript/login.js
request	GET https://bet-hub.com/i/social/gp.png
request	GET https://bet-hub.com/i/social/vk.png
request	GET https://bet-hub.com/i/social/fb.png
request	GET https://bet-hub.com/i/top_banner_bg_blue2.gif
request	GET https://bet-hub.com/i/branding/pin4_250x500_dark.png
request	GET https://bet-hub.com/i/menu_home.gif
request	GET https://bet-hub.com/javascript/footer_script.js
request	GET https://bet-hub.com/i/hor_divider_right_aaa.gif
request	GET https://bet-hub.com/i/button_gradient_01-flip.gif
request	GET https://bet-hub.com/i/hor_divider_left_aaa.gif
request	GET https://bet-hub.com/i/icons/ico_sport_11x11_football.png
request	GET https://bet-hub.com/i/icons/ico_sport_11x11_tennis.png
request	GET https://bet-hub.com/i/icons/ico_sport_11x11_hockey.png
request	GET https://bet-hub.com/i/icons/ico_sport_11x11_basketball.png
request	GET https://bet-hub.com/i/icons/ico_sport_11x11_baseball.png
request	GET https://bet-hub.com/images/rss_tick.gif
request	GET https://bet-hub.com/i/icons/ico_sport_11x11_volleyball.png
request	GET https://userapi.com/js/api/openapi.js?13
request	GET https://vk.com/js/api/openapi.js?13
request	GET https://bet-hub.com/images/ads/forex-banner-n2.png
request	GET https://bet-hub.com/i/banners_pm/150x250.jpg
request	GET https://clevernt.com/scripts/e978269141146d854f86ce41829beaed.min.js?20200116=1624582362093
request	GET https://cdn.ftd.agency/libs/e.js
request	GET https://counter.yadro.ru/hit?t52.6;r;s1365102424;uhttps%3A//bet-hub.com/user/picks_active/;h%u0417%u0430%u043A%u0440%u044B%u0442%u044B%u0439%20%u0440%u0430%u0437%u0434%u0435%u043B;0.8326328425422362
request	GET https://counter.yadro.ru/hit?q;t52.6;r;s1365102424;uhttps%3A//bet-hub.com/user/picks_active/;h%u0417%u0430%u043A%u0440%u044B%u0442%u044B%u0439%20%u0440%u0430%u0437%u0434%u0435%u043B;0.8326328425422362
request	GET https://bet-hub.com/favicon.ico
request	GET https://z.cdn.ftd.agency/load?z=1343811858&div=flaj34ikb34&cw=1211&ch=841&sr=1365x1024&df=1&tz=540&n=1624582363162&url=bet-hub.com%2Fuser%2Fpicks_active%2F&vc=0&ti=%D0%97%D0%B0%D0%BA%D1%80%D1%8B%D1%82%D1%8B%D0%B9%20%D1%80%D0%B0%D0%B7%D0%B4%D0%B5%D0%BB&zyx=581752051
request	GET https://bet-hub.com/i/menu/registration.gif
request	GET https://bet-hub.com/i/menu/chart.png
request	GET https://bet-hub.com/i/menu/star_gold.png
request	GET https://bet-hub.com/i/menu/star_blue.png

Sends data using the HTTP POST Method (2 events)

request	POST https://bet-hub.com/login726.php
request	POST https://bots.betbotapi.ru/notification-api/socket.io/?EIO=3&transport=polling&j=0&t=Nf0fy7z&b64=1&sid=HmY4Rw_lTuXPDeaB_FmM

Resolves a suspicious Top Level Domain (TLD) (3 events)

domain	bots.betbotapi.ru	description	Russian Federation domain TLD
domain	counter.yadro.ru	description	Russian Federation domain TLD
domain	www.betonsuccess.ru	description	Russian Federation domain TLD

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 25, 2021, 9:52 a.m.	process_identifier: 8072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73772000 process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x00028400', u'virtual_address': u'0x000c8000', u'entropy': 7.6487568478003585, u'name': u'.rsrc', u'virtual_size': u'0x000282a4'}

entropy

7.6487568478

description

A section with a high entropy has been found

Communicates with host for which no DNS query was performed (2 events)

host	172.217.25.14
host	34.104.35.123

File has been identified by 25 AntiVirus engines on VirusTotal as malicious (25 events)

Bkav	W32.AIDetect.malware1
MicroWorld-eScan	Trojan.GenericKD.37139845
FireEye	Generic.mg.3a8fb7a4ead36662
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Riskware ( 0040eff71 )
K7GW	Riskware ( 0040eff71 )
APEX	Malicious
Avast	FileRepMetagen [Malware]
ClamAV	Win.Trojan.Generic-7191247-1
BitDefender	Trojan.GenericKD.37139845
Paloalto	generic.ml
Ad-Aware	Trojan.GenericKD.37139845
Sophos	ML/PE-A
McAfee-GW-Edition	BehavesLike.Win32.TrojanAitInject.dh
Emsisoft	Trojan.GenericKD.37139845 (B)
eGambit	Unsafe.AI_Score_95%
Avira	HEUR/AGEN.1100203
MAX	malware (ai score=85)
Microsoft	Program:Win32/Wacapew.C!ml
AegisLab	Hacktool.Win32.Gamehack.3!e
GData	Trojan.GenericKD.37139845
Cynet	Malicious (score: 99)
McAfee	Artemis!3A8FB7A4EAD3
Malwarebytes	MachineLearning/Anomalous.95%
AVG	FileRepMetagen [Malware]

betonsuccess.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All