Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Aug. 2, 2021, 9:09 a.m. | Aug. 2, 2021, 9:16 a.m. |
-
z.exe "C:\Users\test22\AppData\Local\Temp\z.exe"
732
Name | Response | Post-Analysis Lookup |
---|---|---|
f0566304.xsph.ru | 141.8.192.151 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49199 -> 141.8.192.151:80 | 2032531 | ET HUNTING Observed POST to xsph .ru Domain | Potentially Bad Traffic |
TCP 192.168.56.101:49199 -> 141.8.192.151:80 | 2027108 | ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2 | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox |
suspicious_features | POST method with no referer header | suspicious_request | POST http://f0566304.xsph.ru/collect.php |
request | POST http://f0566304.xsph.ru/collect.php |
request | POST http://f0566304.xsph.ru/collect.php |
domain | f0566304.xsph.ru | description | Russian Federation domain TLD |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox |
host | 58.218.215.138 |
file | C:\wallet.dat |
file | C:\Users\test22\AppData\Roaming\Electrum\wallets |
file | C:\Users\All Users\AppData\Roaming\FileZilla\sitemanager.xml |
file | C:\Users\Default User\AppData\Roaming\FileZilla\recentservers.xml |
file | C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml |
file | C:\Users\Default\AppData\Roaming\FileZilla\recentservers.xml |
file | C:\Users\Public\AppData\Roaming\FileZilla\sitemanager.xml |
file | C:\Users\Public\AppData\Roaming\FileZilla\recentservers.xml |
file | C:\Users\Default User\AppData\Roaming\FileZilla\sitemanager.xml |
file | C:\Users\test22\AppData\Roaming\FileZilla\sitemanager.xml |
file | C:\Users\Default\AppData\Roaming\FileZilla\sitemanager.xml |
file | C:\Users\All Users\AppData\Roaming\FileZilla\recentservers.xml |
file | C:\Users\All Users\AppData\Roaming\.purple\accounts.xml |
file | C:\Users\Default User\AppData\Roaming\.purple\accounts.xml |
file | C:\Users\test22\AppData\Roaming\.purple\accounts.xml |
file | C:\Users\Default\AppData\Roaming\.purple\accounts.xml |
file | C:\Users\Public\AppData\Roaming\.purple\accounts.xml |
Elastic | malicious (high confidence) |
DrWeb | Trojan.PWS.Steam.18689 |
MicroWorld-eScan | Gen:Variant.Stealer.7 |
FireEye | Generic.mg.fd047a74224274e2 |
McAfee | GenericRXMZ-DZ!FD047A742242 |
Zillya | Trojan.Bobik.Win32.2070 |
K7AntiVirus | Spyware ( 005687121 ) |
K7GW | Spyware ( 005687121 ) |
Cybereason | malicious.422427 |
Arcabit | Trojan.Stealer.7 |
BitDefenderTheta | Gen:NN.ZexaF.34050.QqY@aW0S6vo |
Cyren | W32/Trojan2.QDAM |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win32/Spy.Agent.PYU |
APEX | Malicious |
ClamAV | Win.Malware.Zusy-9812688-0 |
Kaspersky | HEUR:Trojan-Spy.Win32.Bobik.gen |
BitDefender | Gen:Variant.Stealer.7 |
NANO-Antivirus | Trojan.Win32.Bobik.innsnn |
Avast | Win32:PWSX-gen [Trj] |
Rising | Trojan.Kryptik!1.D134 (CLASSIC) |
Ad-Aware | Gen:Variant.Stealer.7 |
Sophos | ML/PE-A |
VIPRE | Trojan.Win32.Generic!BT |
TrendMicro | TrojanSpy.Win32.PANDASTEALER.SM |
McAfee-GW-Edition | GenericRXMZ-DZ!FD047A742242 |
Emsisoft | Trojan-Spy.Agent (A) |
SentinelOne | Static AI - Suspicious PE |
Jiangmin | TrojanSpy.Bobik.mi |
Avira | HEUR/AGEN.1141176 |
MAX | malware (ai score=80) |
Antiy-AVL | Trojan/Generic.ASMalwS.31084E0 |
Gridinsoft | Spy.Win32.Keylogger.oa!s1 |
Microsoft | Trojan:Win32/StellarStealer.SBR!MSR |
GData | Win32.Trojan.PSE.3YNIAA |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Trojan/Win32.RL_Stealer.R355109 |
VBA32 | TrojanSpy.Bobik |
ALYac | Gen:Variant.Stealer.7 |
TACHYON | Trojan-PWS/W32.PandaStealer.698280 |
Malwarebytes | Generic.Trojan.Dropper.DDS |
TrendMicro-HouseCall | TrojanSpy.Win32.PANDASTEALER.SM |
Tencent | Malware.Win32.Gencirc.10ce2a40 |
Yandex | TrojanSpy.Agent!tUE6mpSx5ko |
Ikarus | Trojan-Spy.Racoon |
Fortinet | W32/GenKryptik.EZNX!tr |
AVG | Win32:PWSX-gen [Trj] |
Panda | Trj/GdSda.A |