Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | June 29, 2021, 5:59 p.m. | June 29, 2021, 6:02 p.m. |
-
RepIB.exe "C:\Users\test22\AppData\Local\Temp\RepIB.exe"
5032
Name | Response | Post-Analysis Lookup |
---|---|---|
app.ibantrocas.com | 80.78.22.159 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.102:49807 -> 80.78.22.159:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.102:49806 -> 80.78.22.159:80 | 2008350 | ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile | Potential Corporate Privacy Violation |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49807 80.78.22.159:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=app.ibantrocas.com | 8c:6a:2a:5d:ae:a8:ec:6f:98:da:02:8b:b2:74:b7:cd:8d:65:68:28 |
request | GET http://app.ibantrocas.com/counter/ |
request | GET https://app.ibantrocas.com/counter/ |
host | 172.217.25.14 |
Bkav | W32.AIDetect.malware2 |
McAfee | Artemis!37DDAA9DF30F |
Cylance | Unsafe |
Sangfor | Trojan.Win32.Save.a |
ESET-NOD32 | a variant of Win32/ClipBanker.NL |
APEX | Malicious |
Avast | Win32:Trojan-gen |
Kaspersky | Trojan-Notifier.Win32.AutoIt.a |
Paloalto | generic.ml |
VIPRE | Trojan.Win32.Generic!BT |
McAfee-GW-Edition | BehavesLike.Win32.TrojanAitInject.th |
Microsoft | Trojan:Win32/Wacatac.B!ml |
AegisLab | Hacktool.Win32.Gamehack.3!e |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Trojan/Win.Generic.C4535597 |
eGambit | Unsafe.AI_Score_90% |
MaxSecure | Trojan.Malware.300983.susgen |
AVG | Win32:Trojan-gen |
CrowdStrike | win/malicious_confidence_60% (W) |